diff --git a/macros.selinux-policy b/macros.selinux-policy index 8ece4d8..e73caf9 100644 --- a/macros.selinux-policy +++ b/macros.selinux-policy @@ -117,9 +117,13 @@ if [ -z "${_policytype}" ]; then \ _policytype="targeted" \ fi \ if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ - if [ -f %{_file_context_file_pre} ] && [ -z "${TRANSACTIONAL_UPDATE}" ]; then \ - %{_sbindir}/fixfiles -C %{_file_context_file_pre} restore &> /dev/null \ - rm -f %{_file_context_file_pre} \ + if [ -f %{_file_context_file_pre} ]; then \ + if [ -z "${TRANSACTIONAL_UPDATE}" ]; then \ + %{_sbindir}/fixfiles -C %{_file_context_file_pre} restore &> /dev/null \ + rm -f %{_file_context_file_pre} \ + else \ + touch /etc/selinux/.autorelabel \ + fi \ fi \ fi \ %{nil} diff --git a/selinux-policy.changes b/selinux-policy.changes index b2e7e05..a3d0207 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Nov 29 10:18:47 UTC 2024 - Johannes Segitz + +- Update macros.selinux-policy to trigger a full relabel on transactional + systems upon module installation. This is rather expensive and will + hopefully be replaced by a more fine grained solution later on (bsc#1232753) + ------------------------------------------------------------------- Tue Nov 05 16:21:25 UTC 2024 - cathy.hu@suse.com