add chronyd-restricted service (RHEL-9972)

Resolves: RHEL-9972
This commit is contained in:
Miroslav Lichvar 2023-12-06 10:13:01 +01:00
parent 23ea7d456e
commit 4e8cad5451

View File

@ -77,6 +77,7 @@ md5sum -c <<-EOF | (! grep -v 'OK$')
c3992e2f985550739cd1cd95f98c9548 examples/chrony.nm-dispatcher.dhcp
4e85d36595727318535af3387411070c examples/chrony.nm-dispatcher.onoffline
60447a26dce93b3a61f488a364ac46cd examples/chronyd.service
46fa3e2d42c8eb9c42e71095686c90ed examples/chronyd-restricted.service
EOF
# don't allow packaging without vendor zone
@ -95,6 +96,10 @@ sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \
touch -r examples/chrony.conf.example2 chrony.conf
# set selinux context in chronyd-restricted service
sed -i '/^ExecStart/a SELinuxContext=system_u:system_r:chronyd_restricted_t:s0' \
examples/chronyd-restricted.service
# regenerate the file from getdate.y
rm -f getdate.c
@ -140,6 +145,8 @@ install -m 644 -p examples/chrony.logrotate \
install -m 644 -p examples/chronyd.service \
$RPM_BUILD_ROOT%{_unitdir}/chronyd.service
install -m 644 -p examples/chronyd-restricted.service \
$RPM_BUILD_ROOT%{_unitdir}/chronyd-restricted.service
install -m 755 -p examples/chrony.nm-dispatcher.onoffline \
$RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-onoffline
install -m 755 -p examples/chrony.nm-dispatcher.dhcp \
@ -180,13 +187,13 @@ if test -a %{_libexecdir}/chrony-helper; then
sed 's|.*|server &|' < $f > /run/chrony-dhcp/"${f##*servers.}.sources"
done 2> /dev/null
fi
%systemd_post chronyd.service chrony-wait.service
%systemd_post chronyd.service chronyd-restricted.service chrony-wait.service
%preun
%systemd_preun chronyd.service chrony-wait.service
%systemd_preun chronyd.service chronyd-restricted.service chrony-wait.service
%postun
%systemd_postun_with_restart chronyd.service
%systemd_postun_with_restart chronyd.service chronyd-restricted.service
%files
%{!?_licensedir:%global license %%doc}