From 37cf7d764b974a19455ad3898e366d690310036c Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Jul 11 2017 15:56:49 +0000 Subject: Backport new selinux-policy rpm macros from github repo: https://github.com/fedora-selinux/selinux-policy-macros.git Main point of this change is to allow set SELinux Module priority in selinux_modules_(u)install() macros. --- diff --git a/rpm.macros b/rpm.macros index dbc6d0f..654e71d 100644 --- a/rpm.macros +++ b/rpm.macros @@ -1,4 +1,7 @@ -# Copyright (C) 2016 Petr Lautrbach +# Copyright (C) 2017 Red Hat, Inc. All rights reserved. +# +# Author: Petr Lautrbach +# Author: Lukáš Vrabec # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -23,28 +26,28 @@ %_file_custom_defined_booleans %{_sharedstatedir}/selinux/${_policytype}/rpmbooleans.custom %_file_custom_defined_booleans_tmp %{_sharedstatedir}/selinux/${_policytype}/rpmbooleans.custom.tmp -# %selinux_modules_install [-s ] module [module]... -%selinux_modules_install("s:") \ +# %selinux_modules_install [-s ] [-p ] module [module]... +%selinux_modules_install("s:p:") \ . /etc/selinux/config \ _policytype=%{-s*} \ if [ -z "${_policytype}" ]; then \ _policytype="targeted" \ fi \ -%{_sbindir}/semodule -n -s ${_policytype} -X 200 -i %* \ +%{_sbindir}/semodule -n -s ${_policytype} -X %{!-p:200}%{-p*} -i %* \ if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ %{_sbindir}/load_policy \ fi \ %{nil} -# %selinux_modules_uninstall [-s ] module [module]... -%selinux_modules_uninstall("s:") \ +# %selinux_modules_uninstall [-s ] [-p ] module [module]... +%selinux_modules_uninstall("s:p:") \ . /etc/selinux/config \ _policytype=%{-s*} \ if [ -z "${_policytype}" ]; then \ _policytype="targeted" \ fi \ if [ $1 -eq 0 ]; then \ - %{_sbindir}/semodule -n -X 200 -r %* &> /dev/null || : \ + %{_sbindir}/semodule -n -X %{!-p:200}%{-p*} -r %* &> /dev/null || : \ if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ %{_sbindir}/load_policy \ fi \