Skip to content

Commit 0b25a4a

Browse files
rhatdanrhatdan
authored
Merge pull request #85 from zpytela/fb-spec-macros
Use priority 200 for uninstalling the module BZ(1777740)
2 parents 661a904 + 6ee4ce3 commit 0b25a4a

File tree

1 file changed

+8
-16
lines changed

1 file changed

+8
-16
lines changed

contrib/container-selinux.spec

Lines changed: 8 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,6 @@
2424
# Format must contain '$x' somewhere to do anything useful
2525
%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
2626

27-
# Relabel files
28-
%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/docker %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker &> /dev/null || :
29-
3027
# Version of SELinux we were using
3128
%if 0%{?fedora} >= 22
3229
%global selinux_policyver 3.13.1-220
@@ -87,6 +84,9 @@ rm -rf container-selinux.spec
8784

8885
%check
8986

87+
%pre
88+
%selinux_relabel_pre -s %{selinuxtype}
89+
9090
%post
9191
# Install all modules in a single transaction
9292
if [ $1 -eq 1 ]; then
@@ -96,24 +96,16 @@ fi
9696
%{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
9797
%{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null
9898
%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
99-
%{_sbindir}/semodule -n -X 200 -s %{selinuxtype} -i $MODULES > /dev/null
100-
if %{_sbindir}/selinuxenabled ; then
101-
%{_sbindir}/load_policy
102-
%relabel_files
103-
if [ $1 -eq 1 ]; then
104-
restorecon -R %{_sharedstatedir}/docker &> /dev/null || :
105-
fi
106-
fi
99+
%selinux_modules_install -s %{selinuxtype} $MODULES
107100

108101
%postun
109102
if [ $1 -eq 0 ]; then
110-
%{_sbindir}/semodule -n -r %{modulenames} docker &> /dev/null || :
111-
if %{_sbindir}/selinuxenabled ; then
112-
%{_sbindir}/load_policy
113-
%relabel_files
114-
fi
103+
%selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
115104
fi
116105

106+
%posttrans
107+
%selinux_relabel_post -s %{selinuxtype}
108+
117109
#define license tag if not already defined
118110
%{!?_licensedir:%global license %doc}
119111

0 commit comments

Comments
 (0)