Accepting request 1057911 from home:jsegitz:branches:security:SELinux

- Add spc_timedated.patch to allow privileged containers to use timedatectl (bsc#1207054) OBS-URL: https://build.opensuse.org/request/show/1057911 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/container-selinux?expand=0&rev=24
2023-01-12 07:15:56 +00:00 · 2023-01-12 07:15:56 +00:00 · 7b4d27d1e7
commit 7b4d27d1e7
parent 8736328861
3 changed files with 21 additions and 0 deletions
--- a/container-selinux.changes
+++ b/container-selinux.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Jan 11 14:15:06 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Add spc_timedated.patch to allow privileged containers to use
+  timedatectl (bsc#1207054)
+
 -------------------------------------------------------------------
 Thu Jul 14 08:37:48 UTC 2022 - Johannes Segitz <jsegitz@suse.com>

--- a/container-selinux.spec
+++ b/container-selinux.spec
@ -32,6 +32,8 @@ Summary:        SELinux policies for container runtimes
 License:        GPL-2.0-only
 URL:            https://github.com/containers/container-selinux
 Source0:        https://github.com/containers/container-selinux/archive/refs/tags/v%{version}.tar.gz
+# https://github.com/containers/container-selinux/pull/199, can be dropped after this is included
+Patch0:         spc_timedated.patch
 BuildRequires:  selinux-policy
 BuildRequires:  selinux-policy-devel
 Requires:       selinux-policy >= %(rpm -q selinux-policy --qf '%%{version}-%%{release}')
@ -47,6 +49,7 @@ SELinux policy modules for use with container runtimes.

 %prep
 %setup -q
+%patch0 -p1

 %build
 %make_build
--- a/spc_timedated.patch
+++ b/spc_timedated.patch
@ -0,0 +1,12 @@
+Index: container-selinux-2.188.0/container.te
+===================================================================
+--- container-selinux-2.188.0.orig/container.te
+++ container-selinux-2.188.0/container.te
+@@ -675,6 +675,7 @@ init_dbus_chat(spc_t)
+ optional_policy(`
+ 	systemd_dbus_chat_machined(spc_t)
+ 	systemd_dbus_chat_logind(spc_t)
+	systemd_dbus_chat_timedated(spc_t)
+ ')
+ 
+ optional_policy(`