[Spice-devel] [PATCH] spec: call semanage in posttrans not in post
Uri Lublin
uril at redhat.com
Tue Jan 29 16:40:32 UTC 2019
It can happen that selinux-policy (targeted) is installed only after
spice-streaming-agent (upon system installation). In that case
running semanage in post scriptlet will fail.
In posttrans all packages are already installed, so it should be
safe to call semanage at that point.
rhbz#1647789
Signed-off-by: Uri Lublin <uril at redhat.com>
---
In a first patch I wrote I also added a condition that
checks if selinuxenabled. If people feel it's better
I'll send a V2 with it.
---
spice-streaming-agent.spec.in | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/spice-streaming-agent.spec.in b/spice-streaming-agent.spec.in
index 5a06e89..6b5ac22 100644
--- a/spice-streaming-agent.spec.in
+++ b/spice-streaming-agent.spec.in
@@ -13,7 +13,7 @@ BuildRequires: catch-devel
BuildRequires: pkgconfig(udev)
# we need /usr/sbin/semanage program which is available on different
# packages depending on distribution
-Requires(post): /usr/sbin/semanage
+Requires(posttrans): /usr/sbin/semanage
Requires(postun): /usr/sbin/semanage
%description
@@ -45,7 +45,9 @@ if test -d "%{buildroot}/%{_libdir}/%{name}/plugins"; then
find %{buildroot}/%{_libdir}/%{name}/plugins -name '*.la' -delete
fi
-%post
+# See rhbz#1647789 - call semanage in posttrans, not in post
+# and https://fedoraproject.org/wiki/Packaging:Scriptlets
+%posttrans
semanage fcontext -a -t xserver_exec_t %{_bindir}/spice-streaming-agent 2>/dev/null || :
restorecon %{_bindir}/spice-streaming-agent || :
--
2.20.1
More information about the Spice-devel
mailing list