%{_mandir}/man8/ceph_selinux.8.*
%post selinux
+# Install the policy
+OLD_POLVER=$(%{_sbindir}/semodule -l | grep -P '^ceph[\t ]' | awk '{print $2}')
+%{_sbindir}/semodule -n -i %{_datadir}/selinux/packages/ceph.pp
+NEW_POLVER=$(%{_sbindir}/semodule -l | grep -P '^ceph[\t ]' | awk '{print $2}')
+
+# Load the policy if SELinux is enabled
+if %{_sbindir}/selinuxenabled; then
+ %{_sbindir}/load_policy
+else
+ # Do not relabel if selinux is not enabled
+ exit 0
+fi
+
+if test "$OLD_POLVER" == "$NEW_POLVER"; then
+ # Do not relabel if policy version did not change
+ exit 0
+fi
+
+# Check whether the daemons are running
%if 0%{?_with_systemd}
/usr/bin/systemctl status ceph.target > /dev/null 2>&1
%else
%endif
STATUS=$?
+# Stop the daemons if they were running
if test $STATUS -eq 0; then
%if 0%{?_with_systemd}
/usr/bin/systemctl stop ceph.target > /dev/null 2>&1
%endif
fi
-OLD_POLVER=$(%{_sbindir}/semodule -l | grep -P '^ceph[\t ]' | awk '{print $2}')
-%{_sbindir}/semodule -n -i %{_datadir}/selinux/packages/ceph.pp
-NEW_POLVER=$(%{_sbindir}/semodule -l | grep -P '^ceph[\t ]' | awk '{print $2}')
-if %{_sbindir}/selinuxenabled; then
- %{_sbindir}/load_policy
- if test "$OLD_POLVER" != "$NEW_POLVER"; then
- %relabel_files
- fi
-fi
+# Now, relabel the files
+%relabel_files
-# Start iff it was started before
+# Start the daemons iff they were running before
if test $STATUS -eq 0; then
%if 0%{?_with_systemd}
/usr/bin/systemctl start ceph.target > /dev/null 2>&1 || :
projects / ceph.git / commitdiff