From: Boris Ranto <branto@redhat.com>
Date: Tue, 11 Aug 2015 07:13:01 +0000 (+0200)
Subject: selinux: Relabel files if and only if the policy version changed
X-Git-Tag: v9.1.0~353^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=9038488bc26665193143bc8d35f9890d1ba07a3b;p=ceph.git

selinux: Relabel files if and only if the policy version changed

Currently, the ceph files are being relabelled every time the package is
rebuilt. Fix this by checking the policy versions and relabel the files
only if the policy actually changed (different policy version was
detected).

Signed-off-by: Boris Ranto <branto@redhat.com>
---

diff --git a/ceph.spec.in b/ceph.spec.in
index 0c7eded0da795..06e4bc243aba9 100644
--- a/ceph.spec.in
+++ b/ceph.spec.in
@@ -1143,10 +1143,14 @@ ln -sf %{_libdir}/librbd.so.1 /usr/lib64/qemu/librbd.so.1
     /sbin/service ceph stop >/dev/null 2>&1 || :
 %endif
 
+OLD_POLVER=$(%{_sbindir}/semodule -l | grep -P '^ceph[\t ]' | awk '{print $2}')
 %{_sbindir}/semodule -n -i %{_datadir}/selinux/packages/ceph.pp
-if %{_sbindir}/selinuxenabled ; then
+NEW_POLVER=$(%{_sbindir}/semodule -l | grep -P '^ceph[\t ]' | awk '{print $2}')
+if %{_sbindir}/selinuxenabled; then
     %{_sbindir}/load_policy
-    %relabel_files
+    if test "$OLD_POLVER" != "$NEW_POLVER"; then
+        %relabel_files
+   fi
 fi
 
 %if 0%{?_with_systemd}