diff --git a/container-selinux.changes b/container-selinux.changes index ef4c88c..befc034 100644 --- a/container-selinux.changes +++ b/container-selinux.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Thu Jan 12 13:02:32 UTC 2023 - Johannes Segitz + +- Rename spc_timedated.patch to spc.patch +- Update spc.patch to allow privileged containers to use + localectl (bsc#1207077) + +------------------------------------------------------------------- +Wed Jan 11 14:15:06 UTC 2023 - Johannes Segitz + +- Add spc_timedated.patch to allow privileged containers to use + timedatectl (bsc#1207054) + ------------------------------------------------------------------- Thu Jul 14 08:37:48 UTC 2022 - Johannes Segitz diff --git a/container-selinux.spec b/container-selinux.spec index d059ef9..348a656 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -32,6 +32,8 @@ Summary: SELinux policies for container runtimes License: GPL-2.0-only URL: https://github.com/containers/container-selinux Source0: https://github.com/containers/container-selinux/archive/refs/tags/v%{version}.tar.gz +# https://github.com/containers/container-selinux/pull/199, can be dropped after this is included +Patch0: spc.patch BuildRequires: selinux-policy BuildRequires: selinux-policy-devel Requires: selinux-policy >= %(rpm -q selinux-policy --qf '%%{version}-%%{release}') @@ -47,6 +49,7 @@ SELinux policy modules for use with container runtimes. %prep %setup -q +%patch0 -p1 %build %make_build diff --git a/spc.patch b/spc.patch new file mode 100644 index 0000000..6f3d665 --- /dev/null +++ b/spc.patch @@ -0,0 +1,13 @@ +Index: container-selinux-2.188.0/container.te +=================================================================== +--- container-selinux-2.188.0.orig/container.te ++++ container-selinux-2.188.0/container.te +@@ -675,6 +675,8 @@ init_dbus_chat(spc_t) + optional_policy(` + systemd_dbus_chat_machined(spc_t) + systemd_dbus_chat_logind(spc_t) ++ systemd_dbus_chat_timedated(spc_t) ++ systemd_dbus_chat_localed(spc_t) + ') + + optional_policy(`