From 0e748d372ab6e22123e693ba2e167af5b90df133 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Tue, 16 Sep 2025 11:12:37 +0200
Subject: [PATCH 1/2] infra/image/shdefaults: Add capability SYS_ADMIN for
 systemd 258

Fedora 43 and 44 switched to systemd 258 rc4. The dbus-broker service
of systemd 258 does not start any more without enabling the capability
SYS_ADMIN.

The capabilities AUDIT_WRITE, SETUID and SETGID should be enough, but
they are not sufficient to be able to start the service.

With final systemd 258 it should be tested if the capability can be
removed again.
---
 infra/image/shdefaults | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/infra/image/shdefaults b/infra/image/shdefaults
index b5768cca..b2983f4f 100644
--- a/infra/image/shdefaults
+++ b/infra/image/shdefaults
@@ -6,4 +6,6 @@
 CAP_DEFAULTS=(
     "+DAC_READ_SEARCH"  # Required for SSSD
     "+SYS_PTRACE"       # Required for debugging
+    "+SYS_ADMIN"        # Required to make dbus-brokder for systemd 258 work
+                        # Should be "+AUDIT_WRITE", "+SETUID", "+SETGID"
 )

From cd7d19bfeb7f21eaed1160a6fd9dc4d455c4da50 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Tue, 16 Sep 2025 11:24:45 +0200
Subject: [PATCH 2/2] Dockerfiles c8s,c9s,fedora-latest and fedora-rawhide:
 Install hostname

The hostname command is needed to be able to execute fixnet.service. It
has been missing from some docker files and therefore the script failed
in the -base images. The server images have not been affected as
ipa-client has a requirement for hostname.
---
 infra/image/dockerfile/c8s            | 1 +
 infra/image/dockerfile/c9s            | 1 +
 infra/image/dockerfile/fedora-latest  | 1 +
 infra/image/dockerfile/fedora-rawhide | 1 +
 4 files changed, 4 insertions(+)

diff --git a/infra/image/dockerfile/c8s b/infra/image/dockerfile/c8s
index 3737ce79..610acc42 100644
--- a/infra/image/dockerfile/c8s
+++ b/infra/image/dockerfile/c8s
@@ -12,6 +12,7 @@ dnf --assumeyes install \
     bash \
     systemd \
     procps-ng \
+    hostname \
     iproute; \
 dnf clean all; \
 rm -rf /var/cache/dnf/;
diff --git a/infra/image/dockerfile/c9s b/infra/image/dockerfile/c9s
index be729e6f..35ae19e6 100644
--- a/infra/image/dockerfile/c9s
+++ b/infra/image/dockerfile/c9s
@@ -9,6 +9,7 @@ dnf --assumeyes install \
     bash \
     systemd \
     procps-ng \
+    hostname \
     iproute; \
 rm -rf /var/cache/dnf/;
 
diff --git a/infra/image/dockerfile/fedora-latest b/infra/image/dockerfile/fedora-latest
index ae6dbcfe..440ff676 100644
--- a/infra/image/dockerfile/fedora-latest
+++ b/infra/image/dockerfile/fedora-latest
@@ -11,6 +11,7 @@ dnf --assumeyes install \
     bash \
     systemd \
     procps-ng \
+    hostname \
     iproute; \
 dnf clean all; \
 rm -rf /var/cache/dnf/;
diff --git a/infra/image/dockerfile/fedora-rawhide b/infra/image/dockerfile/fedora-rawhide
index c6f37397..d0b205c6 100644
--- a/infra/image/dockerfile/fedora-rawhide
+++ b/infra/image/dockerfile/fedora-rawhide
@@ -11,6 +11,7 @@ dnf --assumeyes install \
     bash \
     systemd \
     procps-ng \
+    hostname \
     iproute; \
 dnf clean all; \
 rm -rf /var/cache/dnf/;