Merge branch 'f31' of ssh://pkgs.fedoraproject.org/rpms/container-selinux into f31

2020-03-26 10:29:46 -04:00 · 2020-03-26 10:29:46 -04:00 · d498d6ff3d
commit d498d6ff3d
parent db32ab973c d046fa9c5a
3 changed files with 83 additions and 137 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,116 +1,11 @@
-/container-selinux-513572d.tar.gz
-/container-selinux-bcdcb9a.tar.gz
-/container-selinux-3bbbad5.tar.gz
-/container-selinux-b9809fa.tar.gz
-/container-selinux-ba28054.tar.gz
-/container-selinux-9e004af.tar.gz
-/container-selinux-ce95ddb.tar.gz
-/container-selinux-f7333f9.tar.gz
-/container-selinux-08bb6e0.tar.gz
-/container-selinux-8f8caa6.tar.gz
-/container-selinux-14f7c51.tar.gz
-/container-selinux-c81ea26.tar.gz
-/container-selinux-9027f8e.tar.gz
-/container-selinux-ed3082b.tar.gz
-/container-selinux-5212fea.tar.gz
-/container-selinux-a80afba.tar.gz
-/container-selinux-c5fd77f.tar.gz
-/container-selinux-c89e9b5.tar.gz
-/container-selinux-58324f3.tar.gz
-/container-selinux-81ff96c.tar.gz
-/container-selinux-a9260d4.tar.gz
-/container-selinux-e37e93d.tar.gz
-/container-selinux-de38c07.tar.gz
-/container-selinux-0620186.tar.gz
-/container-selinux-47e0448.tar.gz
-/container-selinux-b430a71.tar.gz
-/container-selinux-0b666c4.tar.gz
-/container-selinux-7fe0136.tar.gz
-/container-selinux-dca3b87.tar.gz
-/container-selinux-f9a30e8.tar.gz
-/container-selinux-d985665.tar.gz
-/container-selinux-8ba32a4.tar.gz
-/container-selinux-26c642a.tar.gz
-/container-selinux-96e58bf.tar.gz
-/container-selinux-599072a.tar.gz
-/container-selinux-231b213.tar.gz
-/container-selinux-d148550.tar.gz
-/container-selinux-dfcc97d.tar.gz
-/container-selinux-38a982b.tar.gz
-/container-selinux-2377c73.tar.gz
-/container-selinux-aece4ff.tar.gz
-/container-selinux-663e003.tar.gz
-/container-selinux-fd7d508.tar.gz
-/container-selinux-fd50128.tar.gz
-/container-selinux-bdc0137.tar.gz
-/container-selinux-55c7d4d.tar.gz
-/container-selinux-d248f91.tar.gz
-/container-selinux-d213769.tar.gz
-/container-selinux-701557f.tar.gz
-/container-selinux-97f8dfc.tar.gz
-/container-selinux-9b55129.tar.gz
-/container-selinux-1ecf953.tar.gz
-/container-selinux-284f9e7.tar.gz
-/container-selinux-d346375.tar.gz
-/container-selinux-bf5b26b.tar.gz
-/container-selinux-dfaf8fd.tar.gz
-/container-selinux-8ecc282.tar.gz
-/container-selinux-0407867.tar.gz
-/container-selinux-042f7cf.tar.gz
-/container-selinux-25277c8.tar.gz
-/container-selinux-c139a3d.tar.gz
-/container-selinux-452b90d.tar.gz
-/container-selinux-4e73492.tar.gz
-/container-selinux-5721d74.tar.gz
-/container-selinux-d7a3f33.tar.gz
-/container-selinux-a62c2db.tar.gz
-/container-selinux-99e2cfd.tar.gz
-/container-selinux-87fae85.tar.gz
-/container-selinux-5133af6.tar.gz
-/container-selinux-2c57a17.tar.gz
-/container-selinux-1362777.tar.gz
-/container-selinux-6f01752.tar.gz
-/container-selinux-1b655d9.tar.gz
-/container-selinux-484806a.tar.gz
-/container-selinux-21c2be6.tar.gz
-/container-selinux-5e1f62f.tar.gz
-/container-selinux-ec6fcad.tar.gz
-/container-selinux-eb60838.tar.gz
-/container-selinux-92af7fd.tar.gz
-/container-selinux-c178849.tar.gz
-/container-selinux-891a85f.tar.gz
-/container-selinux-2c1a2ab.tar.gz
-/container-selinux-5c98b56.tar.gz
-/container-selinux-2521d0d.tar.gz
-/container-selinux-619db17.tar.gz
-/container-selinux-acc6941.tar.gz
-/container-selinux-1e99f1d.tar.gz
-/container-selinux-e3ebc68.tar.gz
-/container-selinux-a6c9822.tar.gz
-/container-selinux-aa7b807.tar.gz
-/container-selinux-9a53d6c.tar.gz
-/container-selinux-3b78187.tar.gz
-/container-selinux-b0061dc.tar.gz
-/container-selinux-1c24dcb.tar.gz
-/container-selinux-b275a1f.tar.gz
-/container-selinux-7baad79.tar.gz
-/container-selinux-fc7111d.tar.gz
-/container-selinux-453b816.tar.gz
-/container-selinux-db771da.tar.gz
-/container-selinux-544d71f.tar.gz
-/container-selinux-9a75deb.tar.gz
-/container-selinux-b68cf19.tar.gz
-/container-selinux-4f7d6bb.tar.gz
-/container-selinux-028ab00.tar.gz
-/container-selinux-fddfbbb.tar.gz
-/container-selinux-c5ef5ac.tar.gz
-/container-selinux-bfde70a.tar.gz
-/container-selinux-79bdcb5.tar.gz
-/container-selinux-b383f07.tar.gz
-/container-selinux-2ecb2a8.tar.gz
-/container-selinux-6fb6dcf.tar.gz
-/container-selinux-a233788.tar.gz
-/container-selinux-4560dd4.tar.gz
-/container-selinux-661a904.tar.gz
 /container-selinux-f958d0c.tar.gz
+<<<<<<< HEAD
 /container-selinux-867a377.tar.gz
+=======
+/v2.124.0.tar.gz
+/v1.124.0.tar.gz
+/v2.125.0.tar.gz
+/v2.125.1.tar.gz
+/v2.125.2.tar.gz
+/v2.126.0.tar.gz
+>>>>>>> d046fa9c5aa5d12f924701b7542ac9b6635192f2
--- a/container-selinux.spec
+++ b/container-selinux.spec
@ -16,23 +16,32 @@
 # Format must contain '$x' somewhere to do anything useful
 %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;

-# Relabel files
-%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*podman* %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || :
-
 # Version of SELinux we were using
-%global selinux_policyver 3.14.4-43
+%if 0%{?fedora}
+%define selinux_policyver 3.14.4-43
+%else
+%define selinux_policyver 3.14.3-20
+%endif
+
+# Used for comparing with latest upstream tag
+# to decide whether to autobuild (non-rawhide only)
+%define built_tag v2.126.0
+%define built_tag_strip %(b=%{built_tag}; echo ${b:1})
+%define download_url https://github.com/containers/%{name}/archive/%{built_tag}.tar.gz

 # Hooked up to autobuilder, please check with @lsm5 before updating
 Name: container-selinux
-%if 0%{?fedora}
 Epoch: 2
+<<<<<<< HEAD
 %endif
+=======
+>>>>>>> d046fa9c5aa5d12f924701b7542ac9b6635192f2
 Version: 2.126.0
 Release: 1%{?dist}
 License: GPLv2
 URL: %{git0}
 Summary: SELinux policies for container runtimes
-Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
+Source0: %{download_url}
 BuildArch: noarch
 BuildRequires: git
 BuildRequires: pkgconfig(systemd)
@ -40,7 +49,7 @@ BuildRequires: selinux-policy >= %{selinux_policyver}
 BuildRequires: selinux-policy-devel >= %{selinux_policyver}
 # RE: rhbz#1195804 - ensure min NVR for selinux-policy
 Requires: selinux-policy >= %{selinux_policyver}
-Requires(post): selinux-policy-base >= %{selinux_policyver}
+Requires(post): selinux-policy-minimum >= %{selinux_policyver}
 Requires(post): selinux-policy-targeted >= %{selinux_policyver}
 Requires(post): policycoreutils
 Requires(post): libselinux-utils
@ -53,7 +62,7 @@ Provides: docker-selinux = %{epoch}:%{version}-%{release}
 SELinux policy modules for use with container runtimes.

 %prep
-%autosetup -Sgit -n %{name}-%{commit0}
+%autosetup -Sgit -n %{name}-%{built_tag_strip}

 %build
 make
@ -73,6 +82,9 @@ rm -rf container-selinux.spec

 %check

+%pre
+%selinux_relabel_pre -s %{selinuxtype}
+
 %post
 # Install all modules in a single transaction
 if [ $1 -eq 1 ]; then
@ -82,28 +94,19 @@ fi
 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
 %{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null
 %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
-%{_sbindir}/semodule -n -X 200 -s %{selinuxtype} -i $MODULES > /dev/null
-if %{_sbindir}/selinuxenabled ; then
-    %{_sbindir}/load_policy
-    %relabel_files
-    if [ $1 -eq 1 ]; then
-      restorecon -R %{_sharedstatedir}/docker &> /dev/null || :
-      restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
-    fi
-fi
+%selinux_modules_install -s %{selinuxtype} $MODULES
 . %{_sysconfdir}/selinux/config
 sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types 
 matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :

 %postun
 if [ $1 -eq 0 ]; then
-%{_sbindir}/semodule -n -r %{modulenames} &> /dev/null || :
-if %{_sbindir}/selinuxenabled ; then
-%{_sbindir}/load_policy
-%relabel_files
-fi
+   %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
 fi

+%posttrans
+%selinux_relabel_post -s %{selinuxtype}
+
 #define license tag if not already defined
 %{!?_licensedir:%global license %doc}

@ -114,13 +117,57 @@ fi
 %dir %{_datadir}/containers/selinux
 %{_datadir}/containers/selinux/contexts

-# Hooked up to autobuilder, please check with @lsm5 before updating
+# Hooked up to autobuilder (usually), please check with @lsm5 before updating
 %changelog
+<<<<<<< HEAD
 %changelog
 * Thu Mar 26 2020 Dan Walsh <dwalsh@fedoraproject.org> - 2:2.126.0-1
 - Add container_kvm_t for kata containers
 - Add contaienr_init_t for systemd based containers
 - Install container_contexts file
+=======
+* Thu Mar 26 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.126.0-1
+- autobuilt v2.126.0
+
+* Mon Mar 23 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.125.2-1
+- autobuilt v2.125.2
+
+* Mon Mar 23 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.125.1-1
+- autobuilt v2.125.1
+
+* Fri Mar 20 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.125.0-1
+- autobuilt v2.125.0
+
+* Fri Mar 20 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.124.0-4
+- upstream tags are messed up, says latest tag is v1.124.0
+- autobuild disabled for now, version fixed manually
+
+* Sat Feb 15 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:1.124.0-1
+- autobuilt v1.124.0
+
+* Thu Feb 06 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.124.0-3
+- correct version
+
+* Tue Feb 04 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.124.0-2
+- bump to v1.124.0
+- autobuilt f958d0c
+
+* Fri Jan 03 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.124.0-3
+- bump release to conserve upgrade path
+- be sure to use newer selinux policy version
+
+* Mon Dec 23 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.124.0-2
+- implement spec file refactoring by Zdenek Pytela, namely:
+  Change the uninstall command in the %%postun section of the specfile
+  to use the %%selinux_modules_uninstall macro which uses priority 200.
+  Change the install command in the %%post section if the specfile
+  to use the %%selinux_modules_install macro.
+  Replace relabel commands with using the %%selinux_relabel_pre and
+  %%selinux_relabel_post macros.
+  Change formatting so that the lines are vertically aligned
+  in the %%postun section.
+  (https://github.com/containers/container-selinux/pull/85)
+>>>>>>> d046fa9c5aa5d12f924701b7542ac9b6635192f2

 * Wed Dec 11 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2:2.124.0-1
 - Allow systemd_logind_t to transition to container_runtime_exec_t
--- a/4
+++ b/4
@ -1 +1,5 @@
+<<<<<<< HEAD
 SHA512 (container-selinux-867a377.tar.gz) = 8bcf14b5200a0974741de1ed750c71f311f8943277ffeafbfe4aac00d1957f94242d47400ac5cff21d135d14fcad6c4a66d1c23979eb7a6f50296a204bae2f25
+=======
+SHA512 (v2.126.0.tar.gz) = f31c277250be0c8baac483cfd7fac9f9bcf5986b357c185fdf1a76146169c617ae4d24f3311a12a1dff833dec81bb58c00356ebd81935fe3337c8436da9d8b27
+>>>>>>> d046fa9c5aa5d12f924701b7542ac9b6635192f2