From 2df7a71ba4948f43621d2e58c70e214a8c10ffe5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 5 Nov 2024 20:27:13 +0100
Subject: [PATCH 1/2] Build appconfig files in default target
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Helps to clean up temporary files as normal user after
`sudo make install`, since otherwise these files would be created by
root.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 Rules.modular    | 6 ++++--
 Rules.monolithic | 4 +++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Rules.modular b/Rules.modular
index bd650581d..c705541ec 100644
--- a/Rules.modular
+++ b/Rules.modular
@@ -37,9 +37,11 @@ vpath %.fc $(all_layers)
 #
 # default action: create all module packages
 #
-default: policy
+default: all
 
-all policy: base modules
+all: policy $(builtappfiles)
+
+policy: base modules
 
 base: $(base_pkg)
 
diff --git a/Rules.monolithic b/Rules.monolithic
index a0ea29aae..2cbee5a17 100644
--- a/Rules.monolithic
+++ b/Rules.monolithic
@@ -58,7 +58,9 @@ vpath %.fc $(all_layers)
 #
 # default action: build policy locally
 #
-default: policy
+default: all
+
+all: policy $(builtappfiles)
 
 policy: $(polver)
 

From 546655bfaf9f34edab8f96a14d44abf50f553790 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 5 Nov 2024 20:29:57 +0100
Subject: [PATCH 2/2] systemd: permit sd-sysuser access to admin terminal
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Required to print possible error messages on package upgrade.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 policy/modules/system/systemd.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index d58aba30b..b8c7301cc 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1848,6 +1848,10 @@ systemd_log_parse_environment(systemd_sysusers_t)
 
 systemd_stream_connect_nsresourced(systemd_sysusers_t)
 
+# package upgrade
+userdom_use_all_users_fds(systemd_sysusers_t)
+userdom_use_inherited_user_terminals(systemd_sysusers_t)
+
 #########################################
 #
 # Tmpfiles local policy