selinux: Relabel files if and only if the policy version changed

Currently, the ceph files are being relabelled every time the package is
rebuilt. Fix this by checking the policy versions and relabel the files
only if the policy actually changed (different policy version was
detected).

Signed-off-by: Boris Ranto <branto@redhat.com>

diff --git a/ceph.spec.in b/ceph.spec.in
index 0c7eded0da7958e548137e9a7cbedd6e95135da1..06e4bc243aba9bf48af089770838cedcd952ab99 100644 (file)
--- a/ceph.spec.in
+++ b/ceph.spec.in
@@ -1143,10 +1143,14 @@ ln -sf %{_libdir}/librbd.so.1 /usr/lib64/qemu/librbd.so.1
     /sbin/service ceph stop >/dev/null 2>&1 || :
 %endif
 
+OLD_POLVER=$(%{_sbindir}/semodule -l | grep -P '^ceph[\t ]' | awk '{print $2}')
 %{_sbindir}/semodule -n -i %{_datadir}/selinux/packages/ceph.pp
-if %{_sbindir}/selinuxenabled ; then
+NEW_POLVER=$(%{_sbindir}/semodule -l | grep -P '^ceph[\t ]' | awk '{print $2}')
+if %{_sbindir}/selinuxenabled; then
     %{_sbindir}/load_policy
-    %relabel_files
+    if test "$OLD_POLVER" != "$NEW_POLVER"; then
+        %relabel_files
+   fi
 fi
 
 %if 0%{?_with_systemd}