Disable system env generator to work around selinux denials

The system env generator is used to get the list of flatpak apps in
gnome-initial-setup for parental controls support. We don't have
parental controls enabled in F33 and F34 (although it's planned for
F35), so we can just disable the system env generator to work around the
selinux denials for now while we don't have the selinux policy side
changes figured out.

https://bugzilla.redhat.com/show_bug.cgi?id=1947214
https://bugzilla.redhat.com/show_bug.cgi?id=1916652
https://github.com/flatpak/flatpak/issues/4128

Resolves: #1951122

(cherry picked from Fedora commit 89da895a6498469bd458c8913c23c073ce047e47)
This commit is contained in:
Kalev Lember 2021-04-14 22:28:16 +02:00
parent 1eb980f5bb
commit 6e8a1c7707

View File

@ -3,7 +3,7 @@
Name: flatpak Name: flatpak
Version: 1.10.2 Version: 1.10.2
Release: 3%{?dist} Release: 4%{?dist}
Summary: Application deployment framework for desktop apps Summary: Application deployment framework for desktop apps
License: LGPLv2+ License: LGPLv2+
@ -156,6 +156,11 @@ install -D -t %{buildroot}%{_unitdir} %{SOURCE1}
rm -f %{buildroot}%{_libdir}/libflatpak.la rm -f %{buildroot}%{_libdir}/libflatpak.la
%find_lang %{name} %find_lang %{name}
# Work around selinux denials, see
# https://github.com/flatpak/flatpak/issues/4128 for details. Note that we are
# going to need the system env generator if we should enable malcontent support
# in the future.
rm %{buildroot}%{_systemd_system_env_generator_dir}/60-flatpak-system-only
%pre %pre
getent group flatpak >/dev/null || groupadd -r flatpak getent group flatpak >/dev/null || groupadd -r flatpak
@ -232,7 +237,6 @@ fi
%{_unitdir}/flatpak-system-helper.service %{_unitdir}/flatpak-system-helper.service
%{_userunitdir}/flatpak-oci-authenticator.service %{_userunitdir}/flatpak-oci-authenticator.service
%{_userunitdir}/flatpak-portal.service %{_userunitdir}/flatpak-portal.service
%{_systemd_system_env_generator_dir}/60-flatpak-system-only
%{_systemd_user_env_generator_dir}/60-flatpak %{_systemd_user_env_generator_dir}/60-flatpak
%files devel %files devel
@ -264,6 +268,9 @@ fi
%changelog %changelog
* Fri May 07 2021 Kalev Lember <klember@redhat.com> - 1.10.2-4
- Disable system env generator to work around selinux denials (#1947214)
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.10.2-3 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.10.2-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937