diff --git a/docker.changes b/docker.changes index f6f28ee..c8dcb06 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Thu Sep 29 08:40:35 UTC 2022 - Aleksa Sarai + +- Add apparmor-parser as a Recommends to make sure that most users will end up + with it installed even if they are primarily running SELinux. + +------------------------------------------------------------------- +Thu Sep 29 07:27:03 UTC 2022 - Fabian Vogt + +- Fix syntax of boolean dependency + +------------------------------------------------------------------- +Thu Jul 28 07:42:33 UTC 2022 - Frederic Crozat + +- Allow to install container-selinux instead of apparmor-parser. + ------------------------------------------------------------------- Wed Jun 29 12:19:55 UTC 2022 - Aleksa Sarai diff --git a/docker.spec b/docker.spec index 3ad7fc1..4e3d1e9 100644 --- a/docker.spec +++ b/docker.spec @@ -117,7 +117,7 @@ BuildRequires: pkgconfig(libsystemd) # Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires # for 'golang(API) >= 1.17' here, so just require 1.17 exactly. bsc#1172608 BuildRequires: go1.17 -Requires: apparmor-parser +Requires: (apparmor-parser or container-selinux) Requires: ca-certificates-mozilla # The docker-proxy binary used to be in a separate package. We obsolete it, # since now docker-proxy is maintained as part of this package. @@ -140,6 +140,12 @@ Requires: xz >= 4.9 Requires(post): %fillup_prereq Requires(post): udev Requires(post): shadow +# This recommends is added to make sure that even if you have container-selinux +# installed you will still be prompted to install apparmor-parser which Docker +# requires to apply AppArmor profiles (for SELinux systems this doesn't matter +# but if you switch back to AppArmor on reboot this would result in insecure +# containers). +Recommends: apparmor-parser # Not necessary, but must be installed when the underlying system is # configured to use lvm and the user doesn't explicitly provide a # different storage-driver than devicemapper