From dd472d8c34c2eeb10b4e2bddd3304ae4af48f5d4 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 21 Jun 2023 11:03:16 +0200
Subject: [PATCH] set selinux context in chronyd-restricted service (#2169949)

---
 chrony.spec | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/chrony.spec b/chrony.spec
index 90bcec0..fe057df 100644
--- a/chrony.spec
+++ b/chrony.spec
@@ -85,6 +85,10 @@ sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \
 
 touch -r examples/chrony.conf.example2 chrony.conf
 
+# set selinux context in chronyd-restricted service
+sed -i '/^ExecStart/a SELinuxContext=system_u:system_r:chronyd_restricted_t:s0' \
+	examples/chronyd-restricted.service
+
 # regenerate the file from getdate.y
 rm -f getdate.c