From 6ee4ce3cfc38b5b629faccfa558177c09c244844 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zdenek@pytela.net>
Date: Thu, 28 Nov 2019 12:19:44 +0100
Subject: [PATCH] Use priority 200 for uninstalling the container module
 BZ(1777740)

Change the uninstall command in the %postun section of the specfile
to use the %selinux_modules_uninstall macro which uses priority 200.
Change the install command in the %post section if the specfile
to use the %selinux_modules_install macro.
Replace relabel commands with using the %selinux_relabel_pre and
%selinux_relabel_post macros.
Change formatting so that the lines are vertically aligned
in the %postun section.
---
 contrib/container-selinux.spec | 24 ++++++++----------------
 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/contrib/container-selinux.spec b/contrib/container-selinux.spec
index d453948..4aacbd5 100644
--- a/contrib/container-selinux.spec
+++ b/contrib/container-selinux.spec
@@ -24,9 +24,6 @@
 # Format must contain '$x' somewhere to do anything useful
 %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
 
-# Relabel files
-%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/docker %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker &> /dev/null || :
-
 # Version of SELinux we were using
 %if 0%{?fedora} >= 22
 %global selinux_policyver 3.13.1-220
@@ -87,6 +84,9 @@ rm -rf container-selinux.spec
 
 %check
 
+%pre
+%selinux_relabel_pre -s %{selinuxtype}
+
 %post
 # Install all modules in a single transaction
 if [ $1 -eq 1 ]; then
@@ -96,24 +96,16 @@ fi
 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
 %{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null
 %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
-%{_sbindir}/semodule -n -X 200 -s %{selinuxtype} -i $MODULES > /dev/null
-if %{_sbindir}/selinuxenabled ; then
-    %{_sbindir}/load_policy
-    %relabel_files
-    if [ $1 -eq 1 ]; then
-	restorecon -R %{_sharedstatedir}/docker &> /dev/null || :
-    fi
-fi
+%selinux_modules_install -s %{selinuxtype} $MODULES
 
 %postun
 if [ $1 -eq 0 ]; then
-%{_sbindir}/semodule -n -r %{modulenames} docker &> /dev/null || :
-if %{_sbindir}/selinuxenabled ; then
-%{_sbindir}/load_policy
-%relabel_files
-fi
+   %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
 fi
 
+%posttrans
+%selinux_relabel_post -s %{selinuxtype}
+
 #define license tag if not already defined
 %{!?_licensedir:%global license %doc}