#33 Fix %post script failures in selinux-policy-*
Merged a month ago by vmojzis. Opened 2 months ago by vmojzis.
rpms/ vmojzis/selinux-policy post  into  master

file modified
+33 -32

@@ -268,16 +268,15 @@ 

  %nil

  

  %define relabel() \

- . %{_sysconfdir}/selinux/config; \

+ . %{_sysconfdir}/selinux/config &> /dev/null || true; \

  FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \

- /usr/sbin/selinuxenabled; \

- if [ $? = 0  -a "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.pre ]; then \

+ if /usr/sbin/selinuxenabled && [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.pre ]; then \

       /sbin/fixfiles -C ${FILE_CONTEXT}.pre restore &> /dev/null > /dev/null; \

       rm -f ${FILE_CONTEXT}.pre; \

  fi; \

  if /sbin/restorecon -e /run/media -R /root /var/log /var/run /etc/passwd* /etc/group* /etc/*shadow* 2> /dev/null;then \

      continue; \

- fi; \

+ fi;

  

  %define preInstall() \

  if [ $1 -ne 1 ] && [ -s /etc/selinux/config ]; then \

@@ -301,7 +300,7 @@ 

  fi;

  

  %define postInstall() \

- . %{_sysconfdir}/selinux/config; \

+ . %{_sysconfdir}/selinux/config &> /dev/null || true; \

  if [ -e /etc/selinux/%2/.rebuild ]; then \

     rm /etc/selinux/%2/.rebuild; \

     /usr/sbin/semodule -B -n -s %2; \

@@ -342,24 +341,26 @@ 

  # * use "targeted" if it's being installed and BACKUP_SELINUXTYPE cannot be used

  # * check whether SELINUXTYPE in the config is usable and change it to newly installed policy if it isn't

  %define checkConfigConsistency() \

- . %{_sysconfdir}/selinux/config; \

  if [ -f %{_sysconfdir}/selinux/.config_backup ]; then \

-      . %{_sysconfdir}/selinux/.config_backup; \

+     . %{_sysconfdir}/selinux/.config_backup; \

  else \

-      BACKUP_SELINUXTYPE=targeted; \

+     BACKUP_SELINUXTYPE=targeted; \

  fi; \

- if ls %{_sysconfdir}/selinux/$BACKUP_SELINUXTYPE/policy/policy.* &>/dev/null; then \

-      if [ "$BACKUP_SELINUXTYPE" != "$SELINUXTYPE" ]; then \

-           sed -i 's/^SELINUXTYPE=.*/SELINUXTYPE='"$BACKUP_SELINUXTYPE"'/g' %{_sysconfdir}/selinux/config; \

-      fi; \

- elif [ "%1" = "targeted" ]; then \

-      if [ "%1" != "$SELINUXTYPE" ]; then \

-           sed -i 's/^SELINUXTYPE=.*/SELINUXTYPE=%1/g' %{_sysconfdir}/selinux/config; \

-      fi; \

- elif ! ls  %{_sysconfdir}/selinux/$SELINUXTYPE/policy/policy.* &>/dev/null; then \

-      if [ "%1" != "$SELINUXTYPE" ]; then \

-           sed -i 's/^SELINUXTYPE=.*/SELINUXTYPE=%1/g' %{_sysconfdir}/selinux/config; \

-      fi; \

+ if [ -s %{_sysconfdir}/selinux/config ]; then \

+     . %{_sysconfdir}/selinux/config; \

+     if ls %{_sysconfdir}/selinux/$BACKUP_SELINUXTYPE/policy/policy.* &>/dev/null; then \

+         if [ "$BACKUP_SELINUXTYPE" != "$SELINUXTYPE" ]; then \

+             sed -i 's/^SELINUXTYPE=.*/SELINUXTYPE='"$BACKUP_SELINUXTYPE"'/g' %{_sysconfdir}/selinux/config; \

+         fi; \

+     elif [ "%1" = "targeted" ]; then \

+         if [ "%1" != "$SELINUXTYPE" ]; then \

+             sed -i 's/^SELINUXTYPE=.*/SELINUXTYPE=%1/g' %{_sysconfdir}/selinux/config; \

+         fi; \

+     elif ! ls  %{_sysconfdir}/selinux/$SELINUXTYPE/policy/policy.* &>/dev/null; then \

+         if [ "%1" != "$SELINUXTYPE" ]; then \

+             sed -i 's/^SELINUXTYPE=.*/SELINUXTYPE=%1/g' %{_sysconfdir}/selinux/config; \

+         fi; \

+     fi; \

  fi;

  

  # Create hidden backup of /etc/selinux/config and prepend BACKUP_ to names

@@ -553,13 +554,13 @@ 

  

  %postun targeted

  if [ $1 = 0 ]; then

-     source /etc/selinux/config

+     source %{_sysconfdir}/selinux/config &> /dev/null || true

      if [ "$SELINUXTYPE" = "targeted" ]; then

          setenforce 0 2> /dev/null

-         if [ ! -s /etc/selinux/config ]; then

-             echo "SELINUX=disabled" > /etc/selinux/config

+         if [ ! -s %{_sysconfdir}/selinux/config ]; then

+             echo "SELINUX=disabled" > %{_sysconfdir}/selinux/config

          else

-             sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

+             sed -i 's/^SELINUX=.*/SELINUX=disabled/g' %{_sysconfdir}/selinux/config

          fi

      fi

  fi

@@ -663,13 +664,13 @@ 

  

  %postun minimum

  if [ $1 = 0 ]; then

-     source /etc/selinux/config

+     source %{_sysconfdir}/selinux/config &> /dev/null || true

      if [ "$SELINUXTYPE" = "minimum" ]; then

          setenforce 0 2> /dev/null

-         if [ ! -s /etc/selinux/config ]; then

-             echo "SELINUX=disabled" > /etc/selinux/config

+         if [ ! -s %{_sysconfdir}/selinux/config ]; then

+             echo "SELINUX=disabled" > %{_sysconfdir}/selinux/config

          else

-             sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

+             sed -i 's/^SELINUX=.*/SELINUX=disabled/g' %{_sysconfdir}/selinux/config

          fi

      fi

  fi

@@ -734,13 +735,13 @@ 

  

  %postun mls

  if [ $1 = 0 ]; then

-     source /etc/selinux/config

+     source %{_sysconfdir}/selinux/config &> /dev/null || true;

      if [ "$SELINUXTYPE" = "mls" ]; then

          setenforce 0 2> /dev/null

-         if [ ! -s /etc/selinux/config ]; then

-             echo "SELINUX=disabled" > /etc/selinux/config

+         if [ ! -s %{_sysconfdir}/selinux/config ]; then

+             echo "SELINUX=disabled" > %{_sysconfdir}/selinux/config

          else

-             sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

+             sed -i 's/^SELINUX=.*/SELINUX=disabled/g' %{_sysconfdir}/selinux/config

          fi

      fi

  fi

Since /etc/selinux/config is created in a %post script and execution
order of post scripts cannot be ensured in this case, all commands in
post have to be able to work without /etc/selinux/config.

Also standalone execution of selinuxenabled in relabel macro would cause
%post of all selinux-policy-* packages to fail in case selinux was
disabled.

Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=1723940

rebased onto ee6e28e

a month ago

Pull-Request has been merged by vmojzis

a month ago