From 579a5b4d7e0597b09250de15df31dc0b824fc9aa Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mon, 20 May 2024 15:57:23 +0200
Subject: [PATCH] Disable rpm verification for the extra_varrun module
 directory

The extra_varrun module is generated dynamically on packages updates,
based on the current state in the policy.

Related: RHEL-54303
---
 selinux-policy.spec | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/selinux-policy.spec b/selinux-policy.spec
index 7d1e5a80..94382d35 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -281,7 +281,9 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \
 %ghost %{_sharedstatedir}/selinux/%1/active/users_extra.linked \
 %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/file_contexts.homedirs \
 %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/modules_checksum \
-%ghost %{_sharedstatedir}/selinux/%1/active/modules/400/extra_varrun \
+%ghost %verify(not md5 size mtime) %%{_sharedstatedir}/selinux/%1/active/modules/400/extra_varrun \
+%ghost %verify(not md5 size mtime) %%{_sharedstatedir}/selinux/%1/active/modules/400/extra_varrun/cil \
+%ghost %verify(not md5 size mtime) %%{_sharedstatedir}/selinux/%1/active/modules/400/extra_varrun/lang_ext \
 %nil
 
 %define relabel() \