From 16ad84b47fac0e325073e1b08e99a364c7850699 Mon Sep 17 00:00:00 2001
From: Douglas Schilling Landgraf <dougsland@redhat.com>
Date: Fri, 6 Jul 2012 09:40:17 -0400
Subject: [PATCH 28/40] BZ#832199: move selinux from init to spec

To reduce the time during the init, transferring all the selinux
set to spec instead use it during the vdsm init.

Change-Id: Id515ddb96cbfb4f3a936336b3f7e261658df662a
Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
Reviewed-on: http://gerrit.ovirt.org/5614
Reviewed-by: Dan Kenigsberg <danken@redhat.com>
---
 vdsm.spec.in       |   22 +++++++++++++++++++++-
 vdsm/vdsmd.init.in |    8 --------
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/vdsm.spec.in b/vdsm.spec.in
index 88fe373..6be7da4 100644
--- a/vdsm.spec.in
+++ b/vdsm.spec.in
@@ -78,6 +78,7 @@ Requires: sos
 Requires: tree
 Requires: dosfstools
 Requires: policycoreutils-python
+Requires(pre,preun): policycoreutils-python
 Requires: libselinux-python
 Requires: kernel >= 2.6.32-198
 Requires: %{name}-python = %{version}-%{release}
@@ -375,6 +376,23 @@ rm -rf %{buildroot}
 /usr/sbin/usermod -a -G %{qemu_group},%{snlk_group} %{vdsm_user}
 /usr/sbin/usermod -a -G %{qemu_group},%{vdsm_group} %{snlk_user}
 
+# vdsm makes extensive use of nfs-exported images
+# The next lines will collect the default selinux behaviour for the booleans
+virtNFS=$(/usr/sbin/semanage boolean -l | /bin/grep virt_use_nfs | cut -d ',' -f 2)
+virtSANLOCK=$(/usr/sbin/semanage boolean -l | /bin/grep virt_use_sanlock | cut -d ',' -f 2)
+
+if [[ "${virtNFS}" == *off* || "${virtSANLOCK}" == *off* ]]; then
+    /usr/sbin/semanage boolean -m -S targeted -F /dev/stdin  << _EOF
+virt_use_nfs=1
+virt_use_sanlock=1
+_EOF
+fi
+
+if /usr/sbin/selinuxenabled; then
+    /usr/sbin/setsebool virt_use_nfs on
+    /usr/sbin/setsebool virt_use_sanlock on
+fi
+
 %post
 # update the vdsm "secret" password for libvirt
 if [ -f /etc/pki/vdsm/keys/libvirt_password ]; then
@@ -415,10 +433,12 @@ then
 
     /usr/sbin/semanage boolean -m -S targeted -F /dev/stdin  << _EOF
 virt_use_nfs=0
+virt_use_sanlock=0
 _EOF
 
-    if selinuxenabled; then
+    if /usr/sbin/selinuxenabled; then
         /usr/sbin/setsebool virt_use_nfs off
+        /usr/sbin/setsebool virt_use_sanlock off
     fi
 
     /usr/sbin/saslpasswd2 -p -a libvirt -d vdsm@rhevh
diff --git a/vdsm/vdsmd.init.in b/vdsm/vdsmd.init.in
index ac3bd08..dd6f3c6 100755
--- a/vdsm/vdsmd.init.in
+++ b/vdsm/vdsmd.init.in
@@ -410,14 +410,6 @@ EOF
 
     ovirt_store_config "$lconf" "$qconf" "$ldconf" "$llogr"
 
-    # vdsm makes extensive use of nfs-exported images
-    /usr/sbin/semanage  boolean -m -S targeted -F /dev/stdin  << _EOF
-virt_use_nfs=1
-virt_use_sanlock=1
-_EOF
-    /usr/sbin/setsebool virt_use_nfs on
-    /usr/sbin/setsebool virt_use_sanlock on
-
     /sbin/initctl restart libvirtd 2>/dev/null || :
 }
 
-- 
1.7.7.6