It can happen that selinux-policy (targeted) is installed only after
spice-streaming-agent (upon system installation). In that case
running semanage in post scriptlet will fail.
In posttrans all packages are already installed, so it should be
safe to call semanage at that point.
rhbz#1647789
Signed-off-by: Uri Lublin <uril@xxxxxxxxxx>
---
In a first patch I wrote I also added a condition that
checks if selinuxenabled. If people feel it's better
I'll send a V2 with it.
---
spice-streaming-agent.spec.in | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/spice-streaming-agent.spec.in b/spice-streaming-agent.spec.in
index 5a06e89..6b5ac22 100644
--- a/spice-streaming-agent.spec.in
+++ b/spice-streaming-agent.spec.in
@@ -13,7 +13,7 @@ BuildRequires: catch-devel
BuildRequires: pkgconfig(udev)
# we need /usr/sbin/semanage program which is available on different
# packages depending on distribution
-Requires(post): /usr/sbin/semanage
+Requires(posttrans): /usr/sbin/semanage
Requires(postun): /usr/sbin/semanage
%description
@@ -45,7 +45,9 @@ if test -d "%{buildroot}/%{_libdir}/%{name}/plugins"; then
find %{buildroot}/%{_libdir}/%{name}/plugins -name '*.la' -delete
fi
-%post
+# See rhbz#1647789 - call semanage in posttrans, not in post
+# and https://fedoraproject.org/wiki/Packaging:Scriptlets
+%posttrans
semanage fcontext -a -t xserver_exec_t %{_bindir}/spice-streaming-agent 2>/dev/null || :
restorecon %{_bindir}/spice-streaming-agent || :
--
2.20.1
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel