Rudder

SELinux policy for technique editor is not present anymore after upgrade. It's because we reduced the number of packages and replaced ncf-api-virtualenv package (~ technique editor stuff) by rudder-webapp.

 rudder-webapp                                      x86_64                             1398866025:6.0.5.release-1.EL.7                              Rudder                              118 M
     replacing  ncf.noarch 1398866025:5.0.17.release-1.EL.7
     replacing  ncf-api-virtualenv.noarch 1398866025:5.0.17.release-1.EL.7
     replacing  rudder-inventory-endpoint.noarch 1398866025:5.0.17.release-1.EL.7
     replacing  rudder-inventory-ldap.x86_64 1398866025:5.0.17.release-1.EL.7
     replacing  rudder-jetty.noarch 1398866025:5.0.17.release-1.EL.7
     replacing  rudder-techniques.noarch 1398866025:5.0.17.release-1.EL.7

So rudder-webapp correctly setups the selinux policy,

  Installing : 1398866025:rudder-webapp-6.0.5.release-1.EL.7.x86_64                                                                                                                     21/42 
...
INFO: Applying selinux policy... Done

but ncf-api-virtualenv is removed at the end:

  Erasing    : 1398866025:ncf-api-virtualenv-5.0.17.release-1.EL.7.noarch                                                                                                               30/42 
INFO: Removing the ncf-api-venv user... Done
INFO: Removing ncf-api-virtualenv selinux policy...libsemanage.semanage_direct_remove_key: Removing last ncf-api-virtualenv module (no other ncf-api-virtualenv module exists at another priority).
 Done

Luckily, ncf-api-venv user is not removed, because apache is running, but i think we had some cases where it was removed.

We should include installation of selinux policy in posttrans of rudder-webapp too, or prevent ncf-api-virtualenv postun to run

i think we should include checks on ncf-api-venv user too