When an existing package was upgraded in JBoss Enterprise Web Server, the postinstall script for tomcat6 and tomcat7 were not run. As a result, selinux policies were not updated after the upgrade.
A fix is included in JBoss Enterprise Web Server 2.0.1 to address this problem. As a result, the postinstall script is run after an upgrade as expected and selinux policies update.
Description of problem:
The postinstall scriptlet of tomcat6 and tomcat7 is not executed when upgrading an already existed package. This results in the selinux policies not being updated.
Cause of the problem:
if [ $1 -eq 1 ] ... then
...
/usr/sbin/semodule -i /etc/tomcat6/selinux/packages/tomcat6/tomcat6.pp 2>/dev/null ||:
fi
The usage of [ $1 -eq 1 ] prevents the underlying code to be executed after upgrade of package. (see http://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Syntax)
Also, calling semodule in the scriptlet was previously broken (see bz#969002), so the policy was not installed at all. So upgrading tomcat would still not install the policy.
Version-Release number of selected component (if applicable):
tomcat6-6.0.37-3_patch_01.ep6.el6
tomcat6-6.0.37-3_patch_01.ep6.el5
tomcat7-7.0.40-1_patch_01.ep6.el6
tomcat7-7.0.40-2_patch_01.ep6.el5
A problem is still present in postinstall scriptlet of tomcat7-7.0.40-8_patch_01.ep6.el5
/usr/sbin/semodule -i /etc/tomcat7/selinux/packages/tomcat7/tomcat7.pp %2>/dev/null ||:
There is syntactic error at the redirection which causes semodule to fail.