- Fix macros.selinux-policy (bsc#1229132)

- %selinux_modules_install and %selinux_modules_uninstall will
    now only execute load_policy if $TRANSACTIONAL_UPDATE is not set
    (aka only if they are not in a transactional system)
  - $TRANSACTIONAL_UPDATE is set here:
    bd524d3ddf/lib/Transaction.cpp (L428)

OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=269

macros.selinux-policy

@@ -60,7 +60,11 @@ if [ -z "${_policytype}" ]; then \
 fi \
 if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
   %{_sbindir}/semodule -n -s ${_policytype} -X %{!-p:200}%{-p*} -i %* || : \
-  %{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \
+  if %{_sbindir}/selinuxenabled; then \
+    if [ -z "${TRANSACTIONAL_UPDATE}" ]; then \
+      %{_sbindir}/load_policy || : \
+    fi \
+  fi \
 fi \
 %{nil}
 
@@ -76,7 +80,11 @@ fi \
 if [ $1 -eq 0 ]; then \
   if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
     %{_sbindir}/semodule -n -X %{!-p:200}%{-p*} -s ${_policytype} -r %* &> /dev/null || : \
-    %{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \
+    if %{_sbindir}/selinuxenabled; then \
+      if [ -z "${TRANSACTIONAL_UPDATE}" ]; then \
+        %{_sbindir}/load_policy || : \
+      fi \
+    fi \
   fi \
 fi \
 %{nil}

selinux-policy.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Wed Sep  4 13:07:52 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
+
+- Fix macros.selinux-policy (bsc#1229132)
+  - %selinux_modules_install and %selinux_modules_uninstall will
+    now only execute load_policy if $TRANSACTIONAL_UPDATE is not set
+    (aka only if they are not in a transactional system)
+  - $TRANSACTIONAL_UPDATE is set here:
+    https://github.com/openSUSE/transactional-update/blob/bd524d3ddfcd9aeebb7b90d3e0e8eed09b796a86/lib/Transaction.cpp#L428
+
 -------------------------------------------------------------------
 Tue Sep  3 09:45:12 UTC 2024 - Johannes Segitz <jsegitz@suse.com>