postinst is in selinux-policy-default 2:2.20140421-9.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 | #!/bin/bash
set -e
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <postinst> `abort-remove'
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
# Will be replaced by the binary package flavour in debian/rules
flavour="default"
moduledir="/etc/selinux/${flavour}/modules/active/modules"
# modules which are not enabled by default, because they are usually
# not needed on a debian system
notdefault="abrt certwatch clockspeed clogd cmirrord cobbler consoletype cyphesis dnssectrigger firewallgui firstboot howl imaze jockey keyboardd ksmtuned ktalk likewise livecd nessus numad oav oddjob podsleuth resmgr rhsmcertd ricci rpm sambagui soundserver updfstab usernetctl"
. /etc/selinux/config
case "$1" in
configure)
# record which non-default modules do not yet exist for disabling them later
# for idempotency we need to store this in a file
if [ ! -f "/etc/selinux/${flavour}/modules_to_disable" ]; then
for module in ${notdefault}; do
if [ ! -e "${moduledir}/${module}.pp" ]; then
echo "${module}"
fi
done > "/etc/selinux/${flavour}/modules_to_disable.new"
mv "/etc/selinux/${flavour}/modules_to_disable"{.new,}
fi
echo -n "Updating selinux ${flavour} policy..."
mkdir -p "${moduledir}/"
# first copy the modules to the proper location in /etc
# note that they stay compressed, but without the compression suffix
cd "/usr/share/selinux/${flavour}/"
for module in $(ls *.pp.bz2 | grep -v '^base\.pp\.bz2$' | sed s'#\.pp\.bz2$##'); do
cp "${module}.pp.bz2" "${moduledir}/${module}.pp"
done
cp base.pp.bz2 "/etc/selinux/${flavour}/modules/active/base.pp"
# disable newly added non-default modules
while read module; do
touch "${moduledir}/${module}.pp.disabled"
done < "/etc/selinux/${flavour}/modules_to_disable"
rm "/etc/selinux/${flavour}/modules_to_disable"
# remove superseded modules not available anymore
if dpkg --compare-versions "$2" le-nl "2:2.20131214-1~"; then
rm -f "${moduledir}/"{epmd,lda,pythonsupport}.pp
fi
if dpkg --compare-versions "$2" le-nl "2:2.20140421-2~"; then
rm -f "${moduledir}/"{init,logging,authlogin,application,userdomain,systemd,dmesg,dpkg,usermanage,libraries,fstools,miscfiles,mount,selinuxutil,storage,sysnetwork,anaconda,authbind,kudzu,portage,rhgb,speedtouch}.pp{,.disabled}
fi
# Build policy but do not load it into the kernel yet
semodule -s "${flavour}" -BN
echo " done."
# Now load policy into the kernel if it is the configured policy
# and we are running selinux
if [ "${SELINUXTYPE}" == "${flavour}" ] && selinuxenabled; then
echo -n "Loading selinux ${flavour} policy..."
semodule -s "${flavour}" -R
echo " done."
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
exit 0
|