[node-patches] Change in ovirt-node[master]: Fix selinux policy version discovery (rhbz#1005864)

fabiand at fedoraproject.org fabiand at fedoraproject.org
Wed Feb 26 18:42:31 UTC 2014 

Fabian Deutsch has uploaded a new change for review.

Change subject: Fix selinux policy version discovery (rhbz#1005864)
......................................................................

Fix selinux policy version discovery (rhbz#1005864)

Change-Id: I694335d9916f8d7a6fdcf3281d156c0faa767d65
Signed-off-by: Fabian Deutsch <fabiand at redhat.com>
---
M ovirt-node.spec.in
M recipe/node-creator
2 files changed, 16 insertions(+), 11 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/09/25109/1

diff --git a/ovirt-node.spec.in b/ovirt-node.spec.in
index 58fbc45..7629b81 100644
--- a/ovirt-node.spec.in
+++ b/ovirt-node.spec.in
@@ -242,22 +242,27 @@
 #
 # SELinux subpackage
 #
+%global selinux_modulename ovirt
 %global selinux_variants targeted
+%if %{is_el6}
 %global selinux_policyver %(%{__sed} -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp || echo 0.0.0)
-%global modulename ovirt
+%else
+%global selinux_policyver %_selinux_policy_version
+%endif
 
 %package selinux
 Summary:          SELinux policy module supporting %{product_family}
 Group:            System Environment/Base
-BuildRequires:    policycoreutils, checkpolicy, selinux-policy-devel
+BuildRequires:    policycoreutils, checkpolicy
+BuildRequires:    selinux-policy-devel >= %{selinux_policyver}
 BuildRequires:    /usr/share/selinux/devel/policyhelp, hardlink
 %if "%{selinux_policyver}" != ""
 Requires:         selinux-policy >= %{selinux_policyver}
 %endif
 Requires:         %{name} = %{version}-%{release}
 Requires:         selinux-policy-base
-Requires(post):   /usr/sbin/semodule, /sbin/restorecon
-Requires(postun): /usr/sbin/semodule, /sbin/restorecon
+Requires(post):   /usr/sbin/semodule, /usr/sbin/restorecon
+Requires(postun): /usr/sbin/semodule, /usr/sbin/restorecon
 
 %description selinux
 SELinux policy module supporting %{product_family}
@@ -266,7 +271,7 @@
 for selinuxvariant in %{selinux_variants}
 do
   /usr/sbin/semodule -s ${selinuxvariant} -i \
-    %{_datadir}/selinux/${selinuxvariant}/%{modulename}.pp &> /dev/null || :
+    %{_datadir}/selinux/${selinuxvariant}/%{selinux_modulename}.pp &> /dev/null || :
 done
 # Is this to greedy?
 /sbin/restorecon -R / || :
@@ -286,7 +291,7 @@
 if [ $1 -eq 0 ] ; then
   for selinuxvariant in %{selinux_variants}
   do
-     /usr/sbin/semodule -s ${selinuxvariant} -r %{modulename} &> /dev/null || :
+     /usr/sbin/semodule -s ${selinuxvariant} -r %{selinux_modulename} &> /dev/null || :
   done
   # Is this to greedy?
   /sbin/restorecon -R / &> /dev/null || :
@@ -349,7 +354,7 @@
 do
     %{__make} NAME=${selinuxvariant} \
         -f %{?policy_devel_root}%{_datadir}/selinux/devel/Makefile
-    mv -v %{modulename}.pp %{modulename}.pp.${selinuxvariant}
+    mv -v %{selinux_modulename}.pp %{selinux_modulename}.pp.${selinuxvariant}
 done
 cd -
 
@@ -388,8 +393,8 @@
 for selinuxvariant in %{selinux_variants}
 do
     %{__install} -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
-    %{__install} -p -m 644 %{modulename}.pp.${selinuxvariant} \
-               %{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{modulename}.pp
+    %{__install} -p -m 644 %{selinux_modulename}.pp.${selinuxvariant} \
+               %{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{selinux_modulename}.pp
 done
 cd -
 
@@ -576,7 +581,7 @@
 %files selinux
 %defattr(-,root,root,0755)
 %doc semodule/*.fc semodule/*.te
-%{_datadir}/selinux/*/%{modulename}.pp
+%{_datadir}/selinux/*/%{selinux_modulename}.pp
 
 
 %files
diff --git a/recipe/node-creator b/recipe/node-creator
index 4e78480..03fda44 100755
--- a/recipe/node-creator
+++ b/recipe/node-creator
@@ -83,7 +83,7 @@
                but disabled on the build machine"
        fi ;;
 esac
-sudo livecd-creator -c "$NODE_KS" -f "$LABEL" \
+livecd-creator -c "$NODE_KS" -f "$LABEL" \
     --tmpdir="$NODE_TMP" \
     --cache="$OVIRT_CACHE_DIR/yum-$ARCH"
 if [ "$SELINUX_ENFORCING" = Enforcing ]; then


-- 
To view, visit http://gerrit.ovirt.org/25109
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I694335d9916f8d7a6fdcf3281d156c0faa767d65
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at fedoraproject.org>

More information about the node-patches mailing list