unload selinux module only if container-selinux is updated from a bre…

…aking version (#5157) Signed-off-by: galal-hussein <[email protected]>
rancher · Jan 3, 2024 · 0e3805a · 0e3805a
1 parent 28d3691
commit 0e3805a
Showing 1 changed file with 16 additions and 2 deletions.
diff --git a/install.sh b/install.sh
@@ -565,13 +565,13 @@ EOF
 
     if rpm -q --quiet rke2-selinux; then
             # remove rke2-selinux module in el9 before upgrade to allow container-selinux to upgrade safely
-            if check_available_upgrades container-selinux && check_available_upgrades rke2-selinux; then
+            if check_available_upgrades container-selinux && check_available_upgrades rke2-selinux && check_breaking_version container-selinux 2 189; then
                 MODULE_PRIORITY=$(semodule --list=full | grep rke2 | cut -f1 -d" ")
                 if [ -n "${MODULE_PRIORITY}" ]; then
                     semodule -X $MODULE_PRIORITY -r rke2 || true
                 fi
             fi
-        fi
+    fi
 
     if [ -z "${INSTALL_RKE2_VERSION}" ] && [ -z "${INSTALL_RKE2_COMMIT}" ]; then
         ${rpm_installer} install -y "rke2-${INSTALL_RKE2_TYPE}"
@@ -588,6 +588,20 @@ EOF
     fi
 }
 
+check_breaking_version() {
+  maj=$2
+  min=$3
+
+  current_maj=$(rpm -qi $1 | awk -F': ' '/Version/ {print $2}' | sed -E -e "s/^([0-9]+)\.([0-9]+).*/\1/")
+  current_min=$(rpm -qi $1 | awk -F': ' '/Version/ {print $2}' | sed -E -e "s/^([0-9]+)\.([0-9]+).*/\2/")
+
+  if [ "${current_maj}" == "${maj}" ] && [ $current_min -le $min ]; then
+    return 0
+  fi
+
+  return 1
+}
+
 check_available_upgrades() {
     . /etc/os-release
     set +e