Commit Graph

16 Commits

Author SHA1 Message Date
Zdenek Pytela
fd660a4dde Correct some errors in the RPM macro changes from -2
The commands should always end || : , because by policy we should
ensure RPM scriptlets always exit 0:
https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
Also, rm is in _bindir, not _sbindir.

This seems to have caused a failed test for an nbdkit update:
https://openqa.fedoraproject.org/tests/2628713#
the live image build failed because of a scriptlet error that
seems to be caused by this:

INFO:anaconda.modules.payloads.payload.dnf.transaction_progress:Configuring (running scriptlet for): nbdkit-selinux-1.39.6-1.fc41.noarch 1715870254 02561380439e4e22473970fa46db331b277dc254650fdcb96130a056cadaf02f
INFO:dnf.rpm:/var/tmp/rpm-tmp.ycmrWv: line 10: /usr/sbin/rm: No such file or directory
warning: %post(nbdkit-selinux-1.39.6-1.fc41.noarch) scriptlet failed, exit status 1
ERROR:dnf.rpm:Error in POSTIN scriptlet in rpm package nbdkit-selinux

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2024-05-18 22:13:10 +00:00
Zdenek Pytela
befd3d6c81 Update rpm configuration for the /var/run equivalency change
Various updating and installing scenarios are now supported:
- using rpm triggers for other packages in selinux-policy
- inside the selinux_modules_install and selinux_modules_uninstall
  rpm macros when selinux subpackages are being built
2024-05-18 22:13:10 +00:00
Lukas Vrabec
72c4289c25
Update rpm.macros file fomr the upstream repo
Remove git from BuildRequires in %selinux_requires
In %selinux_requires macro, as part of BuildRequires is also git
package. It looks like some leftover and this commit removes it.

Upstream repo: https://github.com/fedora-selinux/selinux-policy-macros
2019-11-05 17:50:20 +01:00
Lukas Vrabec
5e3b0e1f2a
Update selinux-policy macros from upstream repo
Upstream repo: https://github.com/fedora-selinux/selinux-policy-macros

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1723940
2019-11-03 15:00:33 +01:00
Lukas Vrabec
0c284fe6fc
Update the macros based on changes from upstream repo
Ref: b2f1034f76

Resolves: #16
2019-11-01 17:25:21 +01:00
Lukas Vrabec
6e1369286b
* Wed Aug 07 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.4-29
- Allow dlm_controld_t domain setgid capability
- Fix SELinux modules not installing in chroots.
Resolves: rhbz#1665643
2019-08-07 17:38:17 +02:00
Lukas Vrabec
1d650f7cbb
* Tue Jan 15 2019 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-18
- Allow plymouthd_t search efivarfs directory BZ(1664143)
- Allow arpwatch send e-mail notifications BZ(1657327)
- Allow tangd_t domain to bind on tcp ports labeled as tangd_port_t
- Allow gssd_t domain to read/write kernel keyrings of every domain.
- Allow systemd_timedated_t domain nnp_transition BZ(1666222)
- Add the fs_search_efivarfs_dir interface
- Create tangd_port_t with default label tcp/7406
- Add interface domain_rw_all_domains_keyrings()
- Some of the selinux-policy macros doesn't work in chroots/initial installs. BZ(1665643)
2019-01-15 18:29:10 +01:00
Lukas Vrabec
146094f7a3
* Sat Oct 13 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.3-7
- Update rpm macros for selinux policy from sources repository: https://github.com/fedora-selinux/selinux-policy-macros
2018-10-13 00:13:10 +02:00
Lukas Vrabec
5c972253e7
Update selinux policy macros to reflect the latest changes in
selinux-policy-macros repo
2018-04-25 21:48:43 +02:00
Lukas Vrabec
4caea74068 Updated rpm.macros 2018-02-05 17:01:34 +01:00
Lukas Vrabec
723bc03d9a Add new rpm macro %{selinux_requires} 2017-11-23 15:48:40 +01:00
Lukas Vrabec
21c53d34a6 Use %{_sbindir} macro instead of full path 2017-09-14 09:02:59 +02:00
Lukas Vrabec
37cf7d764b Backport new selinux-policy rpm macros from github repo:
https://github.com/fedora-selinux/selinux-policy-macros.git

Main point of this change is to allow set SELinux Module priority in
selinux_modules_(u)install() macros.
2017-07-11 17:56:49 +02:00
Lukas Vrabec
29c9d82cda Update rpm macros 2017-03-14 10:48:34 +01:00
Lukas Vrabec
6fa7bc6ada Add handling booleans via selinux-policy macros in custom policy spec files. 2017-03-13 16:27:05 +01:00
Petr Lautrbach
c49229e77f Provide rpm macros for packages installing SELinux modules
There's no unified practice how to install SELinux modules from packages
and how to relabel a filesystem after the change. This update provides
several new macros which should help maintainers with the process.

%selinux_relabel_pre [-s <policytype>]
- backups the current file_contexts for later use with fixfiles

%selinux_relabel_post [-s <policytype>]
- relabels a filesystem based on changes in file_contexts using fixfiles

%selinux_modules_install [-s <policytype>] module [module]...
%selinux_modules_uninstall [-s <policytype>] module [module]...
- install and uninstall modules to the priority 200
2016-09-20 09:40:52 +02:00