Use redis-ce.fc file to install selinux file contexts

Author: Peter-Sh

configs/redis-ce.fc

@@ -0,0 +1,2 @@
+/etc/redis/sentinel     -d      system_u:object_r:redis_conf_t:s0
+/etc/redis/sentinel.conf     --      system_u:object_r:redis_conf_t:s0

scripts/postinstall.sh

@@ -4,17 +4,15 @@
 if command -v checkmodule &> /dev/null && command -v semodule_package &> /dev/null; then
     # Compile policy module
     checkmodule -M -m /usr/share/selinux/packages/redis-ce.te -o /usr/share/selinux/packages/redis-ce.mod
-    semodule_package -m /usr/share/selinux/packages/redis-ce.mod -o /usr/share/selinux/packages/redis-ce.pp
+    semodule_package -m /usr/share/selinux/packages/redis-ce.mod -o /usr/share/selinux/packages/redis-ce.pp -f /usr/share/selinux/packages/redis-ce.fc
 
     # Install or update the policy module
     semodule -i /usr/share/selinux/packages/redis-ce.pp
 fi
 
 # Allow writing to /etc/redis/sentinel/ for redis-sentinel
-if command -v semanage &> /dev/null && command -v restorecon &> /dev/null; then
-    semanage fcontext -a -t redis_conf_t '/etc/redis/sentinel'
-    semanage fcontext -a -t redis_conf_t '/etc/redis/sentinel/sentinel.conf'
-    restorecon '/etc/redis/sentinel' '/etc/redis/sentinel/sentinel.conf'
+if command -v chcon &> /dev/null; then
+    chcon -t redis_conf_t '/etc/redis/sentinel' '/etc/redis/sentinel/sentinel.conf'
 fi
 
 #

templates/nfpm.yaml.tpl

@@ -114,6 +114,12 @@ contents:
       mode: 0644
       owner: root
       group: root
+  - src: ./configs/redis-ce.fc
+    dst: /usr/share/selinux/packages/redis-ce.fc
+    file_info:
+      mode: 0644
+      owner: root
+      group: root
 
   # Systemd service file for redis-server
   - src: ./configs/redis.service