From 7634983755466cc6ac5023dceb5353a9441f393e Mon Sep 17 00:00:00 2001
From: Ryan Cook <rcook@redhat.com>
Date: Mon, 7 Feb 2022 11:21:52 -0500
Subject: [PATCH 1/2] fix of selinux directories

Signed-off-by: Ryan Cook <rcook@redhat.com>
---
 packaging/rpm/microshift.spec | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec
index 0adfb7bf0a..549198cbd0 100644
--- a/packaging/rpm/microshift.spec
+++ b/packaging/rpm/microshift.spec
@@ -17,6 +17,17 @@
 %define selinux_policyver 3.14.3-67
 %define container_policyver 2.167.0-1
 %define container_policy_epoch 2
+%define microshift_relabel_files() \
+   mkdir -p /var/hpvolumes; \
+   mkdir -p /var/run/flannel; \
+   mkdir -p /var/run/kubelet; \
+   mkdir -p /var/lib/kubelet/pods; \
+   mkdir -p /var/run/secrets/kubernetes.io/serviceaccount; \
+   restorecon -R /var/hpvolumes; \
+   restorecon -R /var/run/kubelet; \
+   restorecon -R /var/run/flannel; \
+   restorecon -R /var/lib/kubelet/pods; \
+   restorecon -R /var/run/secrets/kubernetes.io/serviceaccount
 
 
 # Git related details
@@ -157,7 +168,6 @@ mkdir -p -m755 %{buildroot}/var/run/flannel
 mkdir -p -m755 %{buildroot}/var/run/kubelet
 mkdir -p -m755 %{buildroot}/var/lib/kubelet/pods
 mkdir -p -m755 %{buildroot}/var/run/secrets/kubernetes.io/serviceaccount
-mkdir -p -m755 %{buildroot}/var/hpvolumes
 
 install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
 install -m644 packaging/selinux/microshift.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
@@ -175,9 +185,7 @@ fi
 %post selinux
 
 %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/microshift.pp.bz2
-if /usr/sbin/selinuxenabled ; then
-    %microshift_relabel_files
-fi;
+%microshift_relabel_files
 
 %postun selinux
 
@@ -208,11 +216,13 @@ fi
 /var/run/kubelet
 /var/lib/kubelet/pods
 /var/run/secrets/kubernetes.io/serviceaccount
-/var/hpvolumes
 %{_datadir}/selinux/packages/%{selinuxtype}/microshift.pp.bz2
 %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/microshift
 
 %changelog
+* Mon Feb 7 2022 Ryan Cook <rcook@redhat.com> . 4.8.0-0.microshiftr-2022_02_02_194009_3
+- Selinux directory creation and labeling
+
 * Wed Feb 2 2022 Ryan Cook <rcook@redhat.com> . 4.8.0-0.microshift-2022_01_04_175420_25
 - Define specific selinux policy version to help manage selinux package
 

From e286ca3c5d16afa3a8bdc7544dee8338a409ba2d Mon Sep 17 00:00:00 2001
From: Ryan Cook <rcook@redhat.com>
Date: Mon, 7 Feb 2022 12:05:57 -0500
Subject: [PATCH 2/2] include selinux labeling only if enabled

Signed-off-by: Ryan Cook <rcook@redhat.com>
---
 packaging/rpm/microshift.spec | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec
index 549198cbd0..e44640cef0 100644
--- a/packaging/rpm/microshift.spec
+++ b/packaging/rpm/microshift.spec
@@ -185,7 +185,9 @@ fi
 %post selinux
 
 %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/microshift.pp.bz2
-%microshift_relabel_files
+if /usr/sbin/selinuxenabled ; then
+    %microshift_relabel_files
+fi
 
 %postun selinux