Accepting request 1058006 from security:SELinux

OBS-URL: https://build.opensuse.org/request/show/1058006
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/selinux-policy?expand=0&rev=42

fix_container.patch

@@ -0,0 +1,13 @@
+Index: fedora-policy-20221019/policy/modules/services/container.te
+===================================================================
+--- fedora-policy-20221019.orig/policy/modules/services/container.te
++++ fedora-policy-20221019/policy/modules/services/container.te
+@@ -681,6 +681,8 @@ init_dbus_chat(spc_t)
+ optional_policy(`
+ 	systemd_dbus_chat_machined(spc_t)
+ 	systemd_dbus_chat_logind(spc_t)
++	systemd_dbus_chat_timedated(spc_t)
++	systemd_dbus_chat_localed(spc_t)
+ ')
+ 
+ optional_policy(`

selinux-policy.changes

@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Thu Jan 12 13:01:47 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Update fix_container.patch to allow privileged containers to use
+  localectl (bsc#1207077)
+
+-------------------------------------------------------------------
+Wed Jan 11 14:17:02 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Add fix_container.patch to allow privileged containers to use
+  timedatectl (bsc#1207054)
+
 -------------------------------------------------------------------
 Thu Dec 15 16:11:15 UTC 2022 - Hu <cathy.hu@suse.com>
 

selinux-policy.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package selinux-policy
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -148,6 +148,8 @@ Patch063:       fix_alsa.patch
 Patch064:       dontaudit_interface_kmod_tmpfs.patch
 Patch065:       fix_sendmail.patch
 Patch066:       fix_ipsec.patch
+# https://github.com/containers/container-selinux/pull/199, can be dropped once this is included
+Patch067:       fix_container.patch
 
 Patch100:       sedoctool.patch