From 9d7c50aa030ee70d507c414bb02f0add8ffa2835 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Fri, 18 May 2018 16:28:51 -0400
Subject: Tighten the security on the podman varlink socket

We only want root to be allowed to access this socket.
Also move socket to /run/podman directory.  This requires
us to drop a podman.conf tmpfiles.d file.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #806
Approved by: mheon
---
 contrib/spec/podman.spec.in | 1 +
 1 file changed, 1 insertion(+)

(limited to 'contrib/spec')

diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in
index d0ddcea25..b1afee208 100644
--- a/contrib/spec/podman.spec.in
+++ b/contrib/spec/podman.spec.in
@@ -469,6 +469,7 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %config(noreplace) %{_sysconfdir}/cni/net.d/87-%{name}-bridge.conflist
 %{_unitdir}/io.%{project}.%{name}.service
 %{_unitdir}/io.%{project}.%{name}.socket
+%{_tmpfilesdir}/%{name}.conf
 
 %if 0%{?fedora} >= 28
 %files -n python3-%{name}
-- 
cgit v1.2.3-54-g00ecf