Packit: fix build issues

[lsm5]

A prior merge of 5802ca2
undid some changes for the install.selinux-user target in rpm/spec.
This commit also fixes that.

[lsm5]

Let me make sure that things work when the version is changed. The Source0 was one thing that needed fixing.

[lsm5]

@rhatdan ok we're past the packit config errors, the rpm build fails at:

container.te:1469:ERROR 'permission watch is not defined for class file' at token ';' on line 70562:
allow container_domain fusefs_t:file { append create entrypoint execmod execute execute_no_trans getattr ioctl link lock map mounton open read rename setattr unlink watch watch_reads write };
allow container_domain container_var_lib_t:file entrypoint;
container.te:1469:ERROR 'permission watch_reads is not defined for class file' at token ';' on line 70562:
allow container_domain fusefs_t:file { append create entrypoint execmod execute execute_no_trans getattr ioctl link lock map mounton open read rename setattr unlink watch watch_reads write };
allow container_domain container_var_lib_t:file entrypoint;
/usr/bin/checkmodule:  error(s) encountered while parsing configuration
make[1]: Leaving directory '/builddir/build/BUILD/container-selinux-2.212.0'
make[1]: *** [/usr/share/selinux/devel/include/Makefile:157: tmp/container.mod] Error 1
make: *** [Makefile:16: container.pp] Error 2

EDIT: This seems to be centos 9 only.

[rhatdan]

Yup this is a case where watch is not available for older selinux-policies.
Need to sed them out.

[rhatdan]

watch and watch_reads.

[lsm5]

will do ..

[lsm5]

i merged a commit for ghosting /var/lib/* which undid the spec file selinux-user changes. Adding them back again here.

[lsm5]

@rhatdan would be good to cut a new release after this and verify that fedora downstream process works as expected with packit.

[lsm5]

whoops tests failed. looking ..

[lsm5]

@rhatdan podman selinux system tests need to be updated.

[lsm5]

The system tests are run against the podman built from main branch, so it would be ideal to fix podman upstream, then have the tests succeed here before merge.

EDIT: We should get that change cherry-picked to the v4.5 upstream branch and all other branches that would require the new container-selinux.

[rhatdan]

Might need containers/podman#18439 for the tests to pass. If these are the only breakage, then I think we should merge and cut a new release.

[lsm5]

let's merge after the build tests pass.