rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update rpm configuration for the /var/run equivalency change 

Various updating and installing scenarios are now supported:
- using rpm triggers for other packages in selinux-policy
- inside the selinux_modules_install and selinux_modules_uninstall
  rpm macros when selinux subpackages are being built
This commit is contained in:
Zdenek Pytela 2024-05-17 22:09:34 +02:00 committed by zpytela
parent f05cd533e6
commit befd3d6c81
2 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rpm.macros
View File

@ -55,8 +55,10 @@ if [ -z "${_policytype}" ]; then \
_policytype="targeted" \
fi \
if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
%{_sbindir}/rm -rf %{_sharedstatedir}/selinux/${_policytype}/active/modules/400/extra_varrun \
%{_sbindir}/semodule -n -s ${_policytype} -X %{!-p:200}%{-p*} -i %* || : \
%{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \
%{_libexecdir}/selinux/varrun-convert.sh ${_policytype} \
fi \
%{nil}
@ -71,8 +73,10 @@ if [ -z "${_policytype}" ]; then \
fi \
if [ $1 -eq 0 ]; then \
if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
%{_sbindir}/rm -rf %{_sharedstatedir}/selinux/${_policytype}/active/modules/400/extra_varrun \
%{_sbindir}/semodule -n -X %{!-p:200}%{-p*} -s ${_policytype} -r %* &> /dev/null || : \
%{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \
%{_libexecdir}/selinux/varrun-convert.sh ${_policytype} \
fi \
fi \
%{nil}

36
selinux-policy.spec
View File

@ -407,6 +407,17 @@ if posix.stat(config_file) then \
bf:close() \
end
# Remove the local_varrun SELinux module
%define removeVarrunModule() \
if [ -r "%{_sharedstatedir}/selinux/%1/active/modules/400/extra_varrun/cil" ]; then \
%{_bindir}/rm -rf %{_sharedstatedir}/selinux/%1/active/modules/400/extra_varrun \
fi;
%define removeVarrunModuleLua() \
if posix.access ("%{_sharedstatedir}/selinux/%1/active/modules/400/extra_varrun/cil", "r") then \
os.execute ("%{_bindir}/rm -rf %{_sharedstatedir}/selinux/%1/active/modules/400/extra_varrun") \
end
%build
%prep
@ -580,6 +591,7 @@ SELinux targeted policy package.
%pretrans targeted -p <lua>
%backupConfigLua
%removeVarrunModuleLua targeted
%pre targeted
%preInstall targeted
@ -615,10 +627,34 @@ exit 0
%{_sbindir}/selinuxenabled && %{_sbindir}/semodule -nB
exit 0
%triggerprein -- container-selinux
%removeVarrunModule targeted
exit 0
%triggerprein -- pcp-selinux
%removeVarrunModule targeted
exit 0
%triggerpostin -- container-selinux
%{_libexecdir}/selinux/varrun-convert.sh targeted
exit 0
%triggerpostin -- pcp-selinux
%{_libexecdir}/selinux/varrun-convert.sh targeted
exit 0
%triggerpostun -- selinux-policy-targeted < 3.12.1-74
rm -f %{_sysconfdir}/selinux/*/modules/active/modules/sandbox.pp.disabled 2>/dev/null
exit 0
%triggerpostun -- pcp-selinux
%{_libexecdir}/selinux/varrun-convert.sh targeted
exit 0
%triggerpostun -- container-selinux
%{_libexecdir}/selinux/varrun-convert.sh targeted
exit 0
%triggerpostun targeted -- selinux-policy-targeted < 3.13.1-138
CR=$'\n'
INPUT=""