From 47278c01e51ccd4d7d8740352aca8e87566e3882 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Mon, 15 Jan 2024 12:53:58 -0600
Subject: [PATCH] nut: Set container_use_devices SELinux tunable

By default, the Fedora SELinux policy does not allow containers to
access device nodes.  This setting is independent of CGroup device
rules.
---
 templates/nut/nut-server.container | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/nut/nut-server.container b/templates/nut/nut-server.container
index 30a9866..c8f9788 100644
--- a/templates/nut/nut-server.container
+++ b/templates/nut/nut-server.container
@@ -20,6 +20,7 @@ Network=host
 PodmanArgs=--device-cgroup-rule 'c 189:* rw'
 
 [Service]
+ExecStartPre=/usr/sbin/setsebool container_use_devices=1
 ExecReload=podman exec systemd-%N upsd -c reload
 
 [Install]