selinux-policy-default 2:2.20140421-9 / postinst

This file is indexed.

postinst is in selinux-policy-default 2:2.20140421-9.

This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/bash
set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package

# Will be replaced by the binary package flavour in debian/rules
flavour="default"
moduledir="/etc/selinux/${flavour}/modules/active/modules"

# modules which are not enabled by default, because they are usually
# not needed on a debian system
notdefault="abrt certwatch clockspeed clogd cmirrord cobbler consoletype cyphesis dnssectrigger firewallgui firstboot howl imaze jockey keyboardd ksmtuned ktalk likewise livecd nessus numad oav oddjob podsleuth resmgr rhsmcertd ricci rpm sambagui soundserver updfstab usernetctl"

. /etc/selinux/config

case "$1" in
    configure)
	# record which non-default modules do not yet exist for disabling them later
	# for idempotency we need to store this in a file
	if [ ! -f "/etc/selinux/${flavour}/modules_to_disable" ]; then
	    for module in ${notdefault}; do
		if [ ! -e "${moduledir}/${module}.pp" ]; then
		    echo "${module}"
		fi
	    done > "/etc/selinux/${flavour}/modules_to_disable.new"
	    mv "/etc/selinux/${flavour}/modules_to_disable"{.new,}
	fi

	echo -n "Updating selinux ${flavour} policy..."
	mkdir -p "${moduledir}/"
	
	# first copy the modules to the proper location in /etc
	# note that they stay compressed, but without the compression suffix
	cd "/usr/share/selinux/${flavour}/"
	for module in $(ls *.pp.bz2 | grep -v '^base\.pp\.bz2$' | sed s'#\.pp\.bz2$##'); do
	    cp "${module}.pp.bz2" "${moduledir}/${module}.pp"
	done
	cp base.pp.bz2 "/etc/selinux/${flavour}/modules/active/base.pp"

	# disable newly added non-default modules
	while read module; do
	    touch "${moduledir}/${module}.pp.disabled"
	done < "/etc/selinux/${flavour}/modules_to_disable"
	rm "/etc/selinux/${flavour}/modules_to_disable"

	# remove superseded modules not available anymore
	if dpkg --compare-versions "$2" le-nl "2:2.20131214-1~"; then
		rm -f "${moduledir}/"{epmd,lda,pythonsupport}.pp
	fi
	if dpkg --compare-versions "$2" le-nl "2:2.20140421-2~"; then
		rm -f "${moduledir}/"{init,logging,authlogin,application,userdomain,systemd,dmesg,dpkg,usermanage,libraries,fstools,miscfiles,mount,selinuxutil,storage,sysnetwork,anaconda,authbind,kudzu,portage,rhgb,speedtouch}.pp{,.disabled}
	fi
	
	# Build policy but do not load it into the kernel yet
	semodule -s "${flavour}" -BN

	echo " done."
	
	# Now load policy into the kernel if it is the configured policy
	# and we are running selinux
	if [ "${SELINUXTYPE}" == "${flavour}" ] && selinuxenabled; then
	    echo -n "Loading selinux ${flavour} policy..."
	    semodule -s "${flavour}" -R
	    echo " done."
	fi
	
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.



exit 0

APT Browse - Built by Thomas Orozco.