Disable system env generator to work around selinux denials

The system env generator is used to get the list of flatpak apps in
gnome-initial-setup for parental controls support. We don't have
parental controls enabled in F33 and F34 (although it's planned for
F35), so we can just disable the system env generator to work around the
selinux denials for now while we don't have the selinux policy side
changes figured out.

https://bugzilla.redhat.com/show_bug.cgi?id=1947214
https://bugzilla.redhat.com/show_bug.cgi?id=1916652
https://github.com/flatpak/flatpak/issues/4128
This commit is contained in:
Kalev Lember 2021-04-14 22:28:16 +02:00
parent fb7919120d
commit 89da895a64

View File

@ -3,7 +3,7 @@
Name: flatpak
Version: 1.10.2
Release: 2%{?dist}
Release: 3%{?dist}
Summary: Application deployment framework for desktop apps
License: LGPLv2+
@ -156,6 +156,11 @@ install -D -t %{buildroot}%{_unitdir} %{SOURCE1}
rm -f %{buildroot}%{_libdir}/libflatpak.la
%find_lang %{name}
# Work around selinux denials, see
# https://github.com/flatpak/flatpak/issues/4128 for details. Note that we are
# going to need the system env generator if we should enable malcontent support
# in the future.
rm %{buildroot}%{_systemd_system_env_generator_dir}/60-flatpak-system-only
%pre
getent group flatpak >/dev/null || groupadd -r flatpak
@ -232,7 +237,6 @@ fi
%{_unitdir}/flatpak-system-helper.service
%{_userunitdir}/flatpak-oci-authenticator.service
%{_userunitdir}/flatpak-portal.service
%{_systemd_system_env_generator_dir}/60-flatpak-system-only
%{_systemd_user_env_generator_dir}/60-flatpak
%files devel
@ -264,6 +268,9 @@ fi
%changelog
* Wed Apr 14 2021 Kalev Lember <klember@redhat.com> - 1.10.2-3
- Disable system env generator to work around selinux denials (#1947214)
* Mon Apr 05 2021 Kalev Lember <klember@redhat.com> - 1.10.2-2
- OCI: Switch to pax format for tar archives