From 860c67d1e5e5de0cad69d567622e3d272b44e93918cd929a5e961b409b2c6c43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Wed, 4 Dec 2024 09:27:19 +0100 Subject: [PATCH] Sync from SUSE:SLFO:Main selinux-policy revision bb4f7fb6bc45c0b731185cf101ecb37e --- macros.selinux-policy | 10 +++++++--- selinux-policy.changes | 7 +++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/macros.selinux-policy b/macros.selinux-policy index 8ece4d8..e73caf9 100644 --- a/macros.selinux-policy +++ b/macros.selinux-policy @@ -117,9 +117,13 @@ if [ -z "${_policytype}" ]; then \ _policytype="targeted" \ fi \ if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ - if [ -f %{_file_context_file_pre} ] && [ -z "${TRANSACTIONAL_UPDATE}" ]; then \ - %{_sbindir}/fixfiles -C %{_file_context_file_pre} restore &> /dev/null \ - rm -f %{_file_context_file_pre} \ + if [ -f %{_file_context_file_pre} ]; then \ + if [ -z "${TRANSACTIONAL_UPDATE}" ]; then \ + %{_sbindir}/fixfiles -C %{_file_context_file_pre} restore &> /dev/null \ + rm -f %{_file_context_file_pre} \ + else \ + touch /etc/selinux/.autorelabel \ + fi \ fi \ fi \ %{nil} diff --git a/selinux-policy.changes b/selinux-policy.changes index b2e7e05..a3d0207 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Nov 29 10:18:47 UTC 2024 - Johannes Segitz + +- Update macros.selinux-policy to trigger a full relabel on transactional + systems upon module installation. This is rather expensive and will + hopefully be replaced by a more fine grained solution later on (bsc#1232753) + ------------------------------------------------------------------- Tue Nov 05 16:21:25 UTC 2024 - cathy.hu@suse.com