scriptlets: always existence-check /etc/selinux/config

This does not work as expected with `/bin/sh` if the file does not exist: . %{_sysconfdir}/selinux/config &> /dev/null || true; when run with `/bin/sh` (as opposed to `/bin/bash`) it exits 1 if the file does not exist. It exits 0 if the file exists but there is an error parsing it. When run with `/bin/bash` it exits 0 in both cases as expected, but RPM scriptlets are run with sh. To avoid this problem, we must always explicitly do an existence check on the file before attempting to source it. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2020-06-25 15:38:26 -07:00 · 2020-06-25 15:38:26 -07:00 · 69200e5a7d
parent 5cdd516855
commit 69200e5a7d
1 changed files with 15 additions and 5 deletions
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -268,7 +268,9 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \
 %nil

 %define relabel() \
-. %{_sysconfdir}/selinux/config &> /dev/null || true; \
+if [ -s %{_sysconfdir}/selinux/config ]; then \
+    . %{_sysconfdir}/selinux/config &> /dev/null || true; \
+fi; \
 FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
 if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.pre ]; then \
     %{_sbindir}/fixfiles -C ${FILE_CONTEXT}.pre restore &> /dev/null > /dev/null; \
@ -302,7 +304,9 @@ if [ $1 -ne 1 ] && [ -s %{_sysconfdir}/selinux/config ]; then \
 fi;

 %define postInstall() \
-. %{_sysconfdir}/selinux/config &> /dev/null || true; \
+if [ -s %{_sysconfdir}/selinux/config ]; then \
+    . %{_sysconfdir}/selinux/config &> /dev/null || true; \
+fi; \
 if [ -e %{_sysconfdir}/selinux/%2/.rebuild ]; then \
   rm %{_sysconfdir}/selinux/%2/.rebuild; \
   %{_sbindir}/semodule -B -n -s %2; \
@ -556,7 +560,9 @@ exit 0

 %postun targeted
 if [ $1 = 0 ]; then
-    source %{_sysconfdir}/selinux/config &> /dev/null || true
+    if [ -s %{_sysconfdir}/selinux/config ]; then
+        source %{_sysconfdir}/selinux/config &> /dev/null || true
+    fi
    if [ "$SELINUXTYPE" = "targeted" ]; then
        %{_sbindir}/setenforce 0 2> /dev/null
        if [ ! -s %{_sysconfdir}/selinux/config ]; then
@ -666,7 +672,9 @@ exit 0

 %postun minimum
 if [ $1 = 0 ]; then
-    source %{_sysconfdir}/selinux/config &> /dev/null || true
+    if [ -s %{_sysconfdir}/selinux/config ]; then
+        source %{_sysconfdir}/selinux/config &> /dev/null || true
+    fi
    if [ "$SELINUXTYPE" = "minimum" ]; then
        %{_sbindir}/setenforce 0 2> /dev/null
        if [ ! -s %{_sysconfdir}/selinux/config ]; then
@ -737,7 +745,9 @@ exit 0

 %postun mls
 if [ $1 = 0 ]; then
-    source %{_sysconfdir}/selinux/config &> /dev/null || true;
+    if [ -s %{_sysconfdir}/selinux/config ]; then
+        source %{_sysconfdir}/selinux/config &> /dev/null || true
+    fi
    if [ "$SELINUXTYPE" = "mls" ]; then
        %{_sbindir}/setenforce 0 2> /dev/null
        if [ ! -s %{_sysconfdir}/selinux/config ]; then