Accepting request 1058004 from home:jsegitz:branches:security:SELinux

- Rename spc_timedated.patch to spc.patch
- Update spc.patch to allow privileged containers to use
  localectl (bsc#1207077)

OBS-URL: https://build.opensuse.org/request/show/1058004
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/container-selinux?expand=0&rev=25

container-selinux.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jan 12 13:02:32 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Rename spc_timedated.patch to spc.patch
+- Update spc.patch to allow privileged containers to use
+  localectl (bsc#1207077)
+
 -------------------------------------------------------------------
 Wed Jan 11 14:15:06 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
 

container-selinux.spec

@@ -33,7 +33,7 @@ License:        GPL-2.0-only
 URL:            https://github.com/containers/container-selinux
 Source0:        https://github.com/containers/container-selinux/archive/refs/tags/v%{version}.tar.gz
 # https://github.com/containers/container-selinux/pull/199, can be dropped after this is included
-Patch0:         spc_timedated.patch
+Patch0:         spc.patch
 BuildRequires:  selinux-policy
 BuildRequires:  selinux-policy-devel
 Requires:       selinux-policy >= %(rpm -q selinux-policy --qf '%%{version}-%%{release}')

spc.patch

@@ -2,11 +2,12 @@ Index: container-selinux-2.188.0/container.te
 ===================================================================
 --- container-selinux-2.188.0.orig/container.te
 +++ container-selinux-2.188.0/container.te
-@@ -675,6 +675,7 @@ init_dbus_chat(spc_t)
+@@ -675,6 +675,8 @@ init_dbus_chat(spc_t)
  optional_policy(`
  	systemd_dbus_chat_machined(spc_t)
  	systemd_dbus_chat_logind(spc_t)
 +	systemd_dbus_chat_timedated(spc_t)
++	systemd_dbus_chat_localed(spc_t)
  ')
  
  optional_policy(`