Re: [PATCH] spec: call semanage in posttrans not in post

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Feb 05, 2019 at 09:30:39AM -0500, Frediano Ziglio wrote:
> > 
> > It can happen that selinux-policy (targeted) is installed only after
> > spice-streaming-agent (upon system installation). In that case
> > running semanage in post scriptlet will fail.
> > 
> > In posttrans all packages are already installed, so it should be
> > safe to call semanage at that point.
> > 
> > rhbz#1647789
> > 
> > Signed-off-by: Uri Lublin <uril@xxxxxxxxxx>
> > ---
> > 
> > In a first patch I wrote I also added a condition that
> > checks if selinuxenabled. If people feel it's better
> > I'll send a V2 with it.
> > 
> 
> I see no reason why adding to selinux-policy should be a stopover
> for this fix in the meanwhile.
> 
> Acked-by: Frediano Ziglio <fziglio@xxxxxxxxxx>

Ensuring that a bug is fixed in the right place, and explaining this in
the commit log should be a stopper though.

Christophe

> 
> Frediano
> 
> > ---
> >  spice-streaming-agent.spec.in | 6 ++++--
> >  1 file changed, 4 insertions(+), 2 deletions(-)
> > 
> > diff --git a/spice-streaming-agent.spec.in b/spice-streaming-agent.spec.in
> > index 5a06e89..6b5ac22 100644
> > --- a/spice-streaming-agent.spec.in
> > +++ b/spice-streaming-agent.spec.in
> > @@ -13,7 +13,7 @@ BuildRequires:  catch-devel
> >  BuildRequires:  pkgconfig(udev)
> >  # we need /usr/sbin/semanage program which is available on different
> >  # packages depending on distribution
> > -Requires(post): /usr/sbin/semanage
> > +Requires(posttrans): /usr/sbin/semanage
> >  Requires(postun): /usr/sbin/semanage
> >  
> >  %description
> > @@ -45,7 +45,9 @@ if test -d "%{buildroot}/%{_libdir}/%{name}/plugins"; then
> >      find %{buildroot}/%{_libdir}/%{name}/plugins -name '*.la' -delete
> >  fi
> >  
> > -%post
> > +# See rhbz#1647789 - call semanage in posttrans, not in post
> > +# and https://fedoraproject.org/wiki/Packaging:Scriptlets
> > +%posttrans
> >  semanage fcontext -a -t xserver_exec_t %{_bindir}/spice-streaming-agent
> >  2>/dev/null || :
> >  restorecon %{_bindir}/spice-streaming-agent || :
> >  
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.freedesktop.org/mailman/listinfo/spice-devel

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux Virtualization]     [Linux Virtualization]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]