Add selinux policy to allow cvmfs reading fuse fs

It fixes: cvmfs/collectd-cvmfs#5

python-collectd_cvmfs.spec

@@ -14,18 +14,31 @@ BuildArch:      noarch
 BuildRequires:  python2-devel
 BuildRequires:  python-setuptools
 
+BuildRequires:  selinux-policy-devel
+
 %description
 Collectd module for CvmFS clients
 
 %package -n     python2-%{pypi_name}
 Summary:        %{summary}
- 
+
 Requires:       python-psutil
 Requires:       pyxattr
 Requires:       collectd
+
+Requires:       %{name}-selinux = %{version}-%{release}
+
 %description -n python2-%{pypi_name}
 Collectd module for CvmFS clients
 
+%package selinux
+Summary:        selinux policy for collectd cvmfs plugin
+Requires:       selinux-policy
+Requires:       policycoreutils
+
+%description selinux
+This package contains selinux rules to allow the collectd
+cvmfs plugin to read fuse file systems.
 
 %prep
 %autosetup -n collectd-cvmfs-%{version}
@@ -38,12 +51,27 @@ rm -rf %{pypi_name}.egg-info
 %install
 %{__python} setup.py install -O1 --skip-build --root %{buildroot}
 
+mkdir -p %{buildroot}%{_datadir}/selinux/packages/%{name}
+install -m 644 -p collectd_cvmfs.pp \
+    %{buildroot}%{_datadir}/selinux/packages/%{name}/collectd_cvmfs.pp
+
+%post selinux
+/usr/sbin/semodule -i %{_datadir}/selinux/packages/%{name}/collectd_cvmfs.pp >/dev/null 2>&1 || :
+
+%postun selinux
+if [ $1 -eq 0 ] ; then
+    /usr/sbin/semodule -r collectd_cvmfs >/dev/null 2>&1 || :
+fi
+
 %files -n python2-%{pypi_name}
 %doc README.rst NEWS.txt LICENSE
 %{python2_sitelib}/%{pypi_name}
 %{python2_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
 %{_prefix}/share/collectd/%{pypi_name}.db
 
+%files selinux
+%{_datadir}/selinux/packages/%{name}/collectd_cvmfs.pp
+
 %changelog
 * Wed May 30 2018 Steve Traylen <[email protected]> - 1.0.1-1 1
 - Backport to el6