scriptlets: always existence-check /etc/selinux/config

This does not work as expected with `/bin/sh` if the file does
not exist:

. %{_sysconfdir}/selinux/config &> /dev/null || true;

when run with `/bin/sh` (as opposed to `/bin/bash`) it exits 1
if the file does not exist. It exits 0 if the file exists but
there is an error parsing it. When run with `/bin/bash` it exits
0 in both cases as expected, but RPM scriptlets are run with sh.

To avoid this problem, we must always explicitly do an existence
check on the file before attempting to source it.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
Adam Williamson 2020-06-25 15:38:26 -07:00
parent 5cdd516855
commit 69200e5a7d

View File

@ -268,7 +268,9 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \
%nil
%define relabel() \
if [ -s %{_sysconfdir}/selinux/config ]; then \
. %{_sysconfdir}/selinux/config &> /dev/null || true; \
fi; \
FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.pre ]; then \
%{_sbindir}/fixfiles -C ${FILE_CONTEXT}.pre restore &> /dev/null > /dev/null; \
@ -302,7 +304,9 @@ if [ $1 -ne 1 ] && [ -s %{_sysconfdir}/selinux/config ]; then \
fi;
%define postInstall() \
if [ -s %{_sysconfdir}/selinux/config ]; then \
. %{_sysconfdir}/selinux/config &> /dev/null || true; \
fi; \
if [ -e %{_sysconfdir}/selinux/%2/.rebuild ]; then \
rm %{_sysconfdir}/selinux/%2/.rebuild; \
%{_sbindir}/semodule -B -n -s %2; \
@ -556,7 +560,9 @@ exit 0
%postun targeted
if [ $1 = 0 ]; then
if [ -s %{_sysconfdir}/selinux/config ]; then
source %{_sysconfdir}/selinux/config &> /dev/null || true
fi
if [ "$SELINUXTYPE" = "targeted" ]; then
%{_sbindir}/setenforce 0 2> /dev/null
if [ ! -s %{_sysconfdir}/selinux/config ]; then
@ -666,7 +672,9 @@ exit 0
%postun minimum
if [ $1 = 0 ]; then
if [ -s %{_sysconfdir}/selinux/config ]; then
source %{_sysconfdir}/selinux/config &> /dev/null || true
fi
if [ "$SELINUXTYPE" = "minimum" ]; then
%{_sbindir}/setenforce 0 2> /dev/null
if [ ! -s %{_sysconfdir}/selinux/config ]; then
@ -737,7 +745,9 @@ exit 0
%postun mls
if [ $1 = 0 ]; then
source %{_sysconfdir}/selinux/config &> /dev/null || true;
if [ -s %{_sysconfdir}/selinux/config ]; then
source %{_sysconfdir}/selinux/config &> /dev/null || true
fi
if [ "$SELINUXTYPE" = "mls" ]; then
%{_sbindir}/setenforce 0 2> /dev/null
if [ ! -s %{_sysconfdir}/selinux/config ]; then