File: //var/lib/dpkg/info/selinux-policy-default.postinst
#!/bin/sh
set -e
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <postinst> `abort-remove'
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
# Will be replaced by the binary package flavour in debian/rules
flavour="default"
priority=100
# modules which are not enabled by default, because they are usually
# not needed on a debian system
notdefault="amtu bugzilla cobbler condor cyphesis ksmtuned likewise livecd nessus numad oddjob openca soundserver updfstab usernetctl"
. /etc/selinux/config
case "$1" in
configure)
echo -n "Updating selinux ${flavour} policy (this step might take a moment)..."
# list all the modules that are already installed with our priority
already_installed=`semodule -s ${flavour} --list-modules=full | grep -e "^${priority} " | cut -d' ' -f2`
# record which non-default modules do not yet exist for disabling them later
to_disable=""
for module in ${notdefault}; do
installed=0
for inst_module in ${already_installed}; do
if [ $module = $inst_module ]; then
installed=1
break
fi
done
if [ $installed -ne 1 ]; then
to_disable="$to_disable -d${module}"
fi
done
# List all the modules that we are going to install
to_install=""
for module in `cat /usr/share/selinux/${flavour}/.modules`; do
to_install="$to_install -i/usr/share/selinux/${flavour}/${module}.pp.bz2"
done
# Now build a list of the modules that we were shipping before but that we are not
# anymore and that we need to remove
to_remove=""
for inst_module in $already_installed; do
remove_module=1
for pkg_module in `cat /usr/share/selinux/${flavour}/.modules`; do
if [ $inst_module = $pkg_module ]; then
remove_module=0
break
fi
done
if [ $remove_module -eq 1 ]; then
to_remove="$to_remove -r${inst_module}"
fi
done
# Now load policy into the kernel if it is the configured policy
# and we are running selinux
if [ "${SELINUXTYPE}" != "${flavour}" ] || ! selinuxenabled; then
noreload='-n'
fi
ret=0
semodule -X $priority $noreload -s $flavour $to_remove $to_install $to_disable || ret=$?
if [ $ret -eq 0 ]; then
echo " done."
else
echo " failed."
exit $ret
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
# Automatically added by dh_installdeb/13.5.2ubuntu1
dpkg-maintscript-helper rm_conffile /etc/selinux/default/users/local.users 2:2.20140421-10\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/selinux/default/users/system.users 2:2.20140421-10\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/selinux/default/modules/semanage.read.LOCK 2:2.20140421-10\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/selinux/default/modules/semanage.trans.LOCK 2:2.20140421-10\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/selinux/default/modules/active/file_contexts.local 2:2.20140421-10\~ -- "$@"
# End automatically added section
exit 0