pool/container-selinux
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1057911 from home:jsegitz:branches:security:SELinux

Browse Source 
- Add spc_timedated.patch to allow privileged containers to use
  timedatectl (bsc#1207054)

OBS-URL: https://build.opensuse.org/request/show/1057911
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/container-selinux?expand=0&rev=24
This commit is contained in:
Johannes Segitz 2023-01-12 07:15:56 +00:00 committed by Git OBS Bridge
parent 8736328861
commit 7b4d27d1e7
3 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
container-selinux.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Jan 11 14:15:06 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Add spc_timedated.patch to allow privileged containers to use
timedatectl (bsc#1207054)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jul 14 08:37:48 UTC 2022 - Johannes Segitz <jsegitz@suse.com> Thu Jul 14 08:37:48 UTC 2022 - Johannes Segitz <jsegitz@suse.com>

3
container-selinux.spec
View File

@ -32,6 +32,8 @@ Summary: SELinux policies for container runtimes
License: GPL-2.0-only License: GPL-2.0-only
URL: https://github.com/containers/container-selinux URL: https://github.com/containers/container-selinux
Source0: https://github.com/containers/container-selinux/archive/refs/tags/v%{version}.tar.gz Source0: https://github.com/containers/container-selinux/archive/refs/tags/v%{version}.tar.gz
# https://github.com/containers/container-selinux/pull/199, can be dropped after this is included
Patch0: spc_timedated.patch
BuildRequires: selinux-policy BuildRequires: selinux-policy
BuildRequires: selinux-policy-devel BuildRequires: selinux-policy-devel
Requires: selinux-policy >= %(rpm -q selinux-policy --qf '%%{version}-%%{release}') Requires: selinux-policy >= %(rpm -q selinux-policy --qf '%%{version}-%%{release}')
@ -47,6 +49,7 @@ SELinux policy modules for use with container runtimes.
%prep %prep
%setup -q %setup -q
%patch0 -p1
%build %build
%make_build %make_build

12
spc_timedated.patch Normal file
View File

@ -0,0 +1,12 @@
Index: container-selinux-2.188.0/container.te
===================================================================
--- container-selinux-2.188.0.orig/container.te
+++ container-selinux-2.188.0/container.te
@@ -675,6 +675,7 @@ init_dbus_chat(spc_t)
optional_policy(`
systemd_dbus_chat_machined(spc_t)
systemd_dbus_chat_logind(spc_t)
+ systemd_dbus_chat_timedated(spc_t)
')
optional_policy(`