From 8beb2b3f3b984b4818eb4704b6e7c8e651f100bd7631c9b49784327a86613d0f Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 12 Jan 2023 07:15:59 +0000 Subject: [PATCH] Accepting request 1057912 from home:jsegitz:branches:security:SELinux - Add fix_container.patch to allow privileged containers to use timedatectl (bsc#1207054) OBS-URL: https://build.opensuse.org/request/show/1057912 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=168 --- fix_container.patch | 12 ++++++++++++ selinux-policy.changes | 6 ++++++ selinux-policy.spec | 4 +++- 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 fix_container.patch diff --git a/fix_container.patch b/fix_container.patch new file mode 100644 index 0000000..d216c2b --- /dev/null +++ b/fix_container.patch @@ -0,0 +1,12 @@ +Index: fedora-policy-20221019/policy/modules/services/container.te +=================================================================== +--- fedora-policy-20221019.orig/policy/modules/services/container.te ++++ fedora-policy-20221019/policy/modules/services/container.te +@@ -681,6 +681,7 @@ init_dbus_chat(spc_t) + optional_policy(` + systemd_dbus_chat_machined(spc_t) + systemd_dbus_chat_logind(spc_t) ++ systemd_dbus_chat_timedated(spc_t) + ') + + optional_policy(` diff --git a/selinux-policy.changes b/selinux-policy.changes index 3ab948c..1eef46d 100644 --- a/selinux-policy.changes +++ b/selinux-policy.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jan 11 14:17:02 UTC 2023 - Johannes Segitz + +- Add fix_container.patch to allow privileged containers to use + timedatectl (bsc#1207054) + ------------------------------------------------------------------- Thu Dec 15 16:11:15 UTC 2022 - Hu diff --git a/selinux-policy.spec b/selinux-policy.spec index 89d670b..6d85ed7 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,7 +1,7 @@ # # spec file for package selinux-policy # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -148,6 +148,8 @@ Patch063: fix_alsa.patch Patch064: dontaudit_interface_kmod_tmpfs.patch Patch065: fix_sendmail.patch Patch066: fix_ipsec.patch +# https://github.com/containers/container-selinux/pull/199, can be dropped once this is included +Patch067: fix_container.patch Patch100: sedoctool.patch