Red Hat Bugzilla – Bug 971429
Postinstall scriptlet for tomcat6 and tomcat7 not executed in update
Last modified: 2015-11-01 19:18:24 EST
Description of problem:
The postinstall scriptlet of tomcat6 and tomcat7 is not executed when upgrading an already existed package. This results in the selinux policies not being updated.
Cause of the problem:
if [ $1 -eq 1 ] ... then
/usr/sbin/semodule -i /etc/tomcat6/selinux/packages/tomcat6/tomcat6.pp 2>/dev/null ||:
The usage of [ $1 -eq 1 ] prevents the underlying code to be executed after upgrade of package. (see http://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Syntax)
Also, calling semodule in the scriptlet was previously broken (see bz#969002), so the policy was not installed at all. So upgrading tomcat would still not install the policy.
Version-Release number of selected component (if applicable):
Are you sure this is a resolved issue, Libor? I can't spot any details about the fix so have created a fairly general release note entry.
It will be fixed in CR2.
Created attachment 762071 [details]
please review and comment.
A problem is still present in postinstall scriptlet of tomcat7-7.0.40-8_patch_01.ep6.el5
/usr/sbin/semodule -i /etc/tomcat7/selinux/packages/tomcat7/tomcat7.pp %2>/dev/null ||:
There is syntactic error at the redirection which causes semodule to fail.
it's fixed in git. affected only the ep-6-rhel-5 branch of tomcat7.
Something like can't update = yes it is a blocker.
Bug still present (policy not updated) = no it isn't a blocker.