From 53368f319b991e21dd6e055ee153049cecee1a1f Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Apr 27 2020 07:24:03 +0000 Subject: Disable ipa_custodia before policy update Ipa_custodia was merged into ipa policy module. To avoid conflicts the module needs to be disabled before policy update. Fixes: Running scriptlet: selinux-policy-targeted-3.14.5-35.fc32.noarch Re-declaration of type ipa_custodia_t Failed to create node Bad type declaration at /var/lib/selinux/targeted/tmp/modules/100/ipa_custodia/cil:1 /usr/sbin/semodule: Failed! --- diff --git a/selinux-policy.spec b/selinux-policy.spec index 64dddf9..657abd5 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -280,9 +280,11 @@ fi; %define preInstall() \ if [ $1 -ne 1 ] && [ -s %{_sysconfdir}/selinux/config ]; then \ - if [ -d %{_sharedstatedir}/selinux/%1/active/modules/100/ganesha ]; then \ - %{_sbindir}/semodule -n -d ganesha; \ - fi; \ + for MOD_NAME in ganesha ipa_custodia; do \ + if [ -d %{_sharedstatedir}/selinux/%1/active/modules/100/$MOD_NAME ]; then \ + %{_sbindir}/semodule -n -d $MOD_NAME; \ + fi; \ + done; \ . %{_sysconfdir}/selinux/config; \ FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ if [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT} ]; then \