From 9038488bc26665193143bc8d35f9890d1ba07a3b Mon Sep 17 00:00:00 2001
From: Boris Ranto <branto@redhat.com>
Date: Tue, 11 Aug 2015 09:13:01 +0200
Subject: [PATCH] selinux: Relabel files if and only if the policy version
 changed

Currently, the ceph files are being relabelled every time the package is
rebuilt. Fix this by checking the policy versions and relabel the files
only if the policy actually changed (different policy version was
detected).

Signed-off-by: Boris Ranto <branto@redhat.com>
---
 ceph.spec.in | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ceph.spec.in b/ceph.spec.in
index 0c7eded0da795..06e4bc243aba9 100644
--- a/ceph.spec.in
+++ b/ceph.spec.in
@@ -1143,10 +1143,14 @@ ln -sf %{_libdir}/librbd.so.1 /usr/lib64/qemu/librbd.so.1
     /sbin/service ceph stop >/dev/null 2>&1 || :
 %endif
 
+OLD_POLVER=$(%{_sbindir}/semodule -l | grep -P '^ceph[\t ]' | awk '{print $2}')
 %{_sbindir}/semodule -n -i %{_datadir}/selinux/packages/ceph.pp
-if %{_sbindir}/selinuxenabled ; then
+NEW_POLVER=$(%{_sbindir}/semodule -l | grep -P '^ceph[\t ]' | awk '{print $2}')
+if %{_sbindir}/selinuxenabled; then
     %{_sbindir}/load_policy
-    %relabel_files
+    if test "$OLD_POLVER" != "$NEW_POLVER"; then
+        %relabel_files
+   fi
 fi
 
 %if 0%{?_with_systemd}
-- 
2.39.5