From 0e3805ae39f08d68d5df567f76fb7517ddda1b57 Mon Sep 17 00:00:00 2001
From: Hussein Galal <galal-hussein@users.noreply.github.com>
Date: Wed, 3 Jan 2024 21:27:33 +0200
Subject: [PATCH] unload selinux module only if container-selinux is updated
 from a breaking version (#5157)

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---
 install.sh | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/install.sh b/install.sh
index abc26335c9..8e7958ba1a 100755
--- a/install.sh
+++ b/install.sh
@@ -565,13 +565,13 @@ EOF
 
     if rpm -q --quiet rke2-selinux; then
             # remove rke2-selinux module in el9 before upgrade to allow container-selinux to upgrade safely
-            if check_available_upgrades container-selinux && check_available_upgrades rke2-selinux; then
+            if check_available_upgrades container-selinux && check_available_upgrades rke2-selinux && check_breaking_version container-selinux 2 189; then
                 MODULE_PRIORITY=$(semodule --list=full | grep rke2 | cut -f1 -d" ")
                 if [ -n "${MODULE_PRIORITY}" ]; then
                     semodule -X $MODULE_PRIORITY -r rke2 || true
                 fi
             fi
-        fi
+    fi
 
     if [ -z "${INSTALL_RKE2_VERSION}" ] && [ -z "${INSTALL_RKE2_COMMIT}" ]; then
         ${rpm_installer} install -y "rke2-${INSTALL_RKE2_TYPE}"
@@ -588,6 +588,20 @@ EOF
     fi
 }
 
+check_breaking_version() {
+  maj=$2
+  min=$3
+
+  current_maj=$(rpm -qi $1 | awk -F': ' '/Version/ {print $2}' | sed -E -e "s/^([0-9]+)\.([0-9]+).*/\1/")
+  current_min=$(rpm -qi $1 | awk -F': ' '/Version/ {print $2}' | sed -E -e "s/^([0-9]+)\.([0-9]+).*/\2/")
+
+  if [ "${current_maj}" == "${maj}" ] && [ $current_min -le $min ]; then
+    return 0
+  fi
+
+  return 1
+}
+
 check_available_upgrades() {
     . /etc/os-release
     set +e