[libvirt PATCH 08/13] rpm: rename selinux variables to improve clarity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This new name of the option makes it clear that the conditional only
affects policy installation, not building of selinux support more
generally.

The prefix on the module name avoids risk of clashing with other
variables.

Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
 libvirt.spec.in | 47 ++++++++++++++++++++++++-----------------------
 1 file changed, 24 insertions(+), 23 deletions(-)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 37f8a218e6..bb693b58bf 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -187,9 +187,10 @@
     %define with_modular_daemons 1
 %endif
 
+%define with_selinux_policy 0
+%global selinux_modulename virt
 %if 0%{?fedora} > 34 || 0%{?rhel} > 8
-    %global with_selinux 1
-    %global modulename virt
+    %global with_selinux_policy 1
 %endif
 
 # Force QEMU to run as non-root
@@ -433,7 +434,7 @@ Requires(pre): shadow-utils
 # Needed by /usr/libexec/libvirt-guests.sh script.
 Requires: gettext
 
-%if 0%{?with_selinux}
+%if 0%{?with_selinux_policy}
 # This ensures that the *-selinux package and all it’s dependencies are not pulled
 # into containers and other systems that do not use SELinux
 Requires: (%{name}-daemon-selinux if selinux-policy-base)
@@ -942,7 +943,7 @@ Requires: libvirt-daemon-driver-network = %{version}-%{release}
 %description nss
 Libvirt plugin for NSS for translating domain names into IP addresses.
 
-%if 0%{?with_selinux}
+%if 0%{?with_selinux_policy}
 # SELinux subpackage
 %package daemon-selinux
 Summary: Libvirt daemon SELinux policy
@@ -1628,7 +1629,7 @@ getent group virtlogin >/dev/null || groupadd -r virtlogin
 exit 0
 %endif
 
-%if 0%{?with_selinux}
+%if 0%{?with_selinux_policy}
 # SELinux contexts are saved so that only affected files can be
 # relabeled after the policy module installation
 %pre daemon-selinux
@@ -1655,33 +1656,33 @@ fi
 # install the policy module to corresponding policy store if
 # selinux-policy-{targeted|mls|minimum} package is installed on the system
 %triggerin -n %{name}-daemon-selinux -- selinux-policy-targeted
-/usr/sbin/semodule -n -s targeted -X 200 -i %{_datadir}/selinux/packages/%{modulename}.pp.bz2 || :
+/usr/sbin/semodule -n -s targeted -X 200 -i %{_datadir}/selinux/packages/%{selinux_modulename}.pp.bz2 || :
 
 %triggerin -n %{name}-daemon-selinux -- selinux-policy-minimum
-/usr/sbin/semodule -n -s minimum -X 200 -i %{_datadir}/selinux/packages/%{modulename}.pp.bz2 || :
+/usr/sbin/semodule -n -s minimum -X 200 -i %{_datadir}/selinux/packages/%{selinux_modulename}.pp.bz2 || :
 # libvirt module is installed by default, but disabled -- enable it
-/usr/sbin/semodule -n -s minimum -e %{modulename} || :
+/usr/sbin/semodule -n -s minimum -e %{selinux_modulename} || :
 
 %triggerin -n %{name}-daemon-selinux -- selinux-policy-mls
-/usr/sbin/semodule -n -s mls -X 200 -i %{_datadir}/selinux/packages/mls/%{modulename}.pp.bz2 || :
+/usr/sbin/semodule -n -s mls -X 200 -i %{_datadir}/selinux/packages/mls/%{selinux_modulename}.pp.bz2 || :
 
 # remove the policy module from corresponding module store if
 # libvirt-selinux or selinux-policy-* was removed from the system,
 # but not when either package gets updated
 %triggerun -n %{name}-daemon-selinux -- selinux-policy-targeted
-if ([ $1 -eq 0 ] || [ $2 -eq 0 ]) && [ -e %{_sharedstatedir}/selinux/targeted/active/modules/200/%{modulename} ]; then
-    /usr/sbin/semodule -n -s targeted -X 200 -r %{modulename} || :
+if ([ $1 -eq 0 ] || [ $2 -eq 0 ]) && [ -e %{_sharedstatedir}/selinux/targeted/active/modules/200/%{selinux_modulename} ]; then
+    /usr/sbin/semodule -n -s targeted -X 200 -r %{selinux_modulename} || :
 fi
 
 %triggerun -n %{name}-daemon-selinux -- selinux-policy-minimum
-if ([ $1 -eq 0 ] || [ $2 -eq 0 ]) && [ -e %{_sharedstatedir}/selinux/minimum/active/modules/200/%{modulename} ]; then
-    /usr/sbin/semodule -n -s minimum -X 200 -r %{modulename} || :
-    /usr/sbin/semodule -n -d %{modulename} || :
+if ([ $1 -eq 0 ] || [ $2 -eq 0 ]) && [ -e %{_sharedstatedir}/selinux/minimum/active/modules/200/%{selinux_modulename} ]; then
+    /usr/sbin/semodule -n -s minimum -X 200 -r %{selinux_modulename} || :
+    /usr/sbin/semodule -n -d %{selinux_modulename} || :
 fi
 
 %triggerun -n %{name}-daemon-selinux -- selinux-policy-mls
-if ([ $1 -eq 0 ] || [ $2 -eq 0 ]) && [ -e %{_sharedstatedir}/selinux/mls/active/modules/200/%{modulename} ]; then
-    /usr/sbin/semodule -n -s mls -X 200 -r %{modulename} || :
+if ([ $1 -eq 0 ] || [ $2 -eq 0 ]) && [ -e %{_sharedstatedir}/selinux/mls/active/modules/200/%{selinux_modulename} ]; then
+    /usr/sbin/semodule -n -s mls -X 200 -r %{selinux_modulename} || :
 fi
 %endif
 
@@ -2145,14 +2146,14 @@ fi
 %{_datadir}/libvirt/api/libvirt-qemu-api.xml
 %{_datadir}/libvirt/api/libvirt-lxc-api.xml
 
-%if 0%{?with_selinux}
+%if 0%{?with_selinux_policy}
 %files daemon-selinux
-%{_datadir}/selinux/packages/%{modulename}.pp.*
-%{_datadir}/selinux/packages/mls/%{modulename}.pp.*
-%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/targeted/active/modules/200/%{modulename}
-%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/minimum/active/modules/200/%{modulename}
-%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/mls/active/modules/200/%{modulename}
-%{_datadir}/selinux/devel/include/distributed/%{modulename}.if
+%{_datadir}/selinux/packages/%{selinux_modulename}.pp.*
+%{_datadir}/selinux/packages/mls/%{selinux_modulename}.pp.*
+%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/targeted/active/modules/200/%{selinux_modulename}
+%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/minimum/active/modules/200/%{selinux_modulename}
+%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/mls/active/modules/200/%{selinux_modulename}
+%{_datadir}/selinux/devel/include/distributed/%{selinux_modulename}.if
 %endif
 
 
-- 
2.31.1




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux