# XXX bug in 'semodule'mkdir-p/etc/selinux/alt/contexts/files
touch/etc/selinux/alt/contexts/files/file_contexts.local
# XXX# Check SeLinux mode and status# Possible cases:# 1. SeLinux is enabled, Enforcing is On, current policy is active# 2. SeLinux is enabled, Enforcing if Off, current policy is active# 3. SeLinux is enabled, Enforcing is On, another policy is active# 4. SeLinux is enabled, Enforcing is Off, another policy is active# 5. SeLinux is disabledenforce_mode="$(getenforce)"echo-e"\tCurrent SeLinux enforce mode is: $enforce_mode"if!selinuxenabled;then
echo-e"\tSeLinux is disabled."fi
# Cleanup previous modules. Existing modules may be a problem to install base policy.modules="$(semodule -l -s alt | sed -n -e '/[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+/ s/[[:space:]].*$//p' | tr '\n' ' ' )"if[-n"${modules// /}"];then
echo-e"\tRemove all current (even 3rd party) modules for 'alt' policy:"fi
foriin$modules;do
echo-e"\t\t* Remove previous module '$i'"semodule-n-salt-r$i
done
# Always install new policysemodule-n-salt-b/usr/share/selinux/alt/base.pp
# Always install all modulesecho-e"\tActivate modules for 'alt' policy:"foriin/usr/share/selinux/alt/modules/*.pp;do
echo-e"\t\t* Install module '$(basename "$i")'"semodule-n-salt-i"$i"done
policy_name_active="$(sestatus | sed -n -e '/policy name/ s/^.\+[[:space:]]//p')"# Upgradeif[$1-eq2];then
if["$policy_name_active"="alt"];then
echo-e"\tSeLinux policy has been updated. Please do a reboot."fi
fi
# XXX: suppose there are no other working policy.# Installif[$1-eq1];then
echo"Warning:"echo-e"\tSeLinux config '/etc/selinux/config' is updated with 'SELINUX=permissive'"(.shell-config;shell_config_set"/etc/selinux/config""SELINUX""permissive")
(.shell-config;shell_config_set"/etc/selinux/config""SELINUXTYPE""alt")
# Relabel all FileSystemecho-e"\tMake sure to:"echo-e"\t\t * Enable SeLinux in kernel."echo-e"\t\t * Configure PAM for SeLinux."echo-e"\tIt is necessary to relabel FS. Please do a reboot."echo-e"\tFor more information visit: http://www.altlinux.org/sl"touch/.autorelabel
fi
exit0# End of %post section## %preun#
policy_name_active="$(sestatus | sed -n -e '/policy name/ s/^.\+[[:space:]]//p')"# The last version of a package is erasedif[$1=0];then
# Cleanup installed modulesmodules="$(semodule -l -s alt | sed -n -e '/[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+/ s/[[:space:]].*$//p' | tr '\n' ' ' )"if[-n"${modules// /}"];then
echo-e"\tCleanup all installed (even 3rd party) modules for 'alt' policy:"fi
foriin$modules;do
echo-e"\t\t* Cleanup module '$i'"semodule-n-salt-r$i
done
if["$policy_name_active"="alt"];then
echo"Warning:"echo-e"\tSeLinux is disabled in config: /etc/selinux/config"(.shell-config;shell_config_set"/etc/selinux/config""SELINUX""disabled")
echo-e"\tSeLinux policy package '$policy_name_active' is uninstalled completely."echo-e"\tPlease reboot computer as soon as possible."fi
fi
exit0# End of %preun section