From ed21ef74dcd98468cfcc85f8aabe3b081a5b4512 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 19 May 2017 07:19:44 -0400 Subject: [PATCH 001/381] Add labels for crio rename Break container_t rules out to use a separate container_domain Allow containers to be able to set namespaced SYCTLS Allow sandbox containers manage fuse files. Fixes to make container_runtimes work on MLS machines Bump version to allow handling of container_file_t filesystems Allow containers to mount, remount and umount container_file_t file systems Fixes to handle cap_userns Give container_t access to XFRM sockets Allow spc_t to dbus chat with init system Allow spc_t to dbus chat with init system Add rules to allow container runtimes to run with unconfined disabled Add rules to support cgroup file systems mounted into container. Fix typebounds entrypoint problems Fix typebounds problems Add typebounds statement for container_t from container_runtime_t We should only label runc not runc* --- container-selinux.spec | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 8095683..c3382fe 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 8f8caa66c11f8657ebf8ae50d7221ee3a97ac7d3 +%global commit0 14f7c51001a452a1cf3e162845c2915aeb167fac %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.10 +Version: 2.14 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,25 @@ fi %{_datadir}/selinux/* %changelog +* Fri May 19 2017 Dan Walsh - 2.14-1 +- Add labels for crio rename +- Break container_t rules out to use a separate container_domain +- Allow containers to be able to set namespaced SYCTLS +- Allow sandbox containers manage fuse files. +- Fixes to make container_runtimes work on MLS machines +- Bump version to allow handling of container_file_t filesystems +- Allow containers to mount, remount and umount container_file_t file systems +- Fixes to handle cap_userns +- Give container_t access to XFRM sockets +- Allow spc_t to dbus chat with init system +- Allow spc_t to dbus chat with init system +- Add rules to allow container runtimes to run with unconfined disabled +- Add rules to support cgroup file systems mounted into container. +- Fix typebounds entrypoint problems +- Fix typebounds problems +- Add typebounds statement for container_t from container_runtime_t +- We should only label runc not runc* + * Tue Feb 28 2017 Dan Walsh - 2.10-1 - Add rules to allow container runtimes to run with unconfined disabled - Add rules to support cgroup file systems mounted into container. From 1b640cb851ad0f26092d78466d4017b830c2880c Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 19 May 2017 07:21:02 -0400 Subject: [PATCH 002/381] Add labels for crio rename Break container_t rules out to use a separate container_domain Allow containers to be able to set namespaced SYCTLS Allow sandbox containers manage fuse files. Fixes to make container_runtimes work on MLS machines Bump version to allow handling of container_file_t filesystems Allow containers to mount, remount and umount container_file_t file systems Fixes to handle cap_userns Give container_t access to XFRM sockets Allow spc_t to dbus chat with init system Allow spc_t to dbus chat with init system Add rules to allow container runtimes to run with unconfined disabled Add rules to support cgroup file systems mounted into container. Fix typebounds entrypoint problems Fix typebounds problems Add typebounds statement for container_t from container_runtime_t We should only label runc not runc* --- .gitignore | 1 + sources | 1 + 2 files changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 323f47a..0caac17 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ /container-selinux-f7333f9.tar.gz /container-selinux-08bb6e0.tar.gz /container-selinux-8f8caa6.tar.gz +/container-selinux-14f7c51.tar.gz diff --git a/sources b/sources index 9f28c00..1617ef4 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ SHA512 (container-selinux-08bb6e0.tar.gz) = bba16bd77c6d34982637e4fc874ef1a741df7ca73a85ad1edfece5ae2838409efbe00ea44653acb63c22c6939c7afc72f7882715c9c4657d4427eff6f77d2a35 SHA512 (container-selinux-8f8caa6.tar.gz) = b273cb85c6afece175d917b043f92d4c126d03eaa4b2ad5c36c0a6430465a127ad25961d26b66730190723a6aefba4a8ffb694ea942c6b4eb5d6ee950b780856 +SHA512 (container-selinux-14f7c51.tar.gz) = 5a1c5f9574005aa714b08f5db429fa3afaa02f64d0694d4ad63dd2976c4a0f7bf1ff2697a0978bbbcd8c566d6453024390dbfc6579d188827dc2593a048695f2 From 695905d02e3a17966eeb3cf87dd9d1d3e06f1375 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 19 May 2017 07:21:42 -0400 Subject: [PATCH 003/381] Add labels for crio rename Break container_t rules out to use a separate container_domain Allow containers to be able to set namespaced SYCTLS Allow sandbox containers manage fuse files. Fixes to make container_runtimes work on MLS machines Bump version to allow handling of container_file_t filesystems Allow containers to mount, remount and umount container_file_t file systems Fixes to handle cap_userns Give container_t access to XFRM sockets Allow spc_t to dbus chat with init system Allow spc_t to dbus chat with init system Add rules to allow container runtimes to run with unconfined disabled Add rules to support cgroup file systems mounted into container. Fix typebounds entrypoint problems Fix typebounds problems Add typebounds statement for container_t from container_runtime_t We should only label runc not runc* --- .gitignore | 1 + container-selinux.spec | 23 +++++++++++++++++++++-- sources | 3 +-- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 323f47a..0caac17 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ /container-selinux-f7333f9.tar.gz /container-selinux-08bb6e0.tar.gz /container-selinux-8f8caa6.tar.gz +/container-selinux-14f7c51.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 8095683..c3382fe 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 8f8caa66c11f8657ebf8ae50d7221ee3a97ac7d3 +%global commit0 14f7c51001a452a1cf3e162845c2915aeb167fac %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.10 +Version: 2.14 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,25 @@ fi %{_datadir}/selinux/* %changelog +* Fri May 19 2017 Dan Walsh - 2.14-1 +- Add labels for crio rename +- Break container_t rules out to use a separate container_domain +- Allow containers to be able to set namespaced SYCTLS +- Allow sandbox containers manage fuse files. +- Fixes to make container_runtimes work on MLS machines +- Bump version to allow handling of container_file_t filesystems +- Allow containers to mount, remount and umount container_file_t file systems +- Fixes to handle cap_userns +- Give container_t access to XFRM sockets +- Allow spc_t to dbus chat with init system +- Allow spc_t to dbus chat with init system +- Add rules to allow container runtimes to run with unconfined disabled +- Add rules to support cgroup file systems mounted into container. +- Fix typebounds entrypoint problems +- Fix typebounds problems +- Add typebounds statement for container_t from container_runtime_t +- We should only label runc not runc* + * Tue Feb 28 2017 Dan Walsh - 2.10-1 - Add rules to allow container runtimes to run with unconfined disabled - Add rules to support cgroup file systems mounted into container. diff --git a/sources b/sources index 9f28c00..b3c2342 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (container-selinux-08bb6e0.tar.gz) = bba16bd77c6d34982637e4fc874ef1a741df7ca73a85ad1edfece5ae2838409efbe00ea44653acb63c22c6939c7afc72f7882715c9c4657d4427eff6f77d2a35 -SHA512 (container-selinux-8f8caa6.tar.gz) = b273cb85c6afece175d917b043f92d4c126d03eaa4b2ad5c36c0a6430465a127ad25961d26b66730190723a6aefba4a8ffb694ea942c6b4eb5d6ee950b780856 +SHA512 (container-selinux-14f7c51.tar.gz) = 5a1c5f9574005aa714b08f5db429fa3afaa02f64d0694d4ad63dd2976c4a0f7bf1ff2697a0978bbbcd8c566d6453024390dbfc6579d188827dc2593a048695f2 From 379ddc4b04466ab275425f1e3c595d4248c3d842 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 31 May 2017 12:28:03 +0000 Subject: [PATCH 004/381] Allow container types to read/write container_runtime fifo files Allow a container runtime to mount on top of its own /proc --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 4 +--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 0caac17..d3274e4 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ /container-selinux-08bb6e0.tar.gz /container-selinux-8f8caa6.tar.gz /container-selinux-14f7c51.tar.gz +/container-selinux-c81ea26.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index c3382fe..8bc7400 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 14f7c51001a452a1cf3e162845c2915aeb167fac +%global commit0 c81ea2691ffdb436229d20b6b7a92e2fd71d0553 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.14 +Version: 2.15 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,10 @@ fi %{_datadir}/selinux/* %changelog +* Wed May 31 2017 Dan Walsh - 2.15-1 +- Allow container types to read/write container_runtime fifo files +- Allow a container runtime to mount on top of its own /proc + * Fri May 19 2017 Dan Walsh - 2.14-1 - Add labels for crio rename - Break container_t rules out to use a separate container_domain diff --git a/sources b/sources index 1617ef4..10ffcf8 100644 --- a/sources +++ b/sources @@ -1,3 +1 @@ -SHA512 (container-selinux-08bb6e0.tar.gz) = bba16bd77c6d34982637e4fc874ef1a741df7ca73a85ad1edfece5ae2838409efbe00ea44653acb63c22c6939c7afc72f7882715c9c4657d4427eff6f77d2a35 -SHA512 (container-selinux-8f8caa6.tar.gz) = b273cb85c6afece175d917b043f92d4c126d03eaa4b2ad5c36c0a6430465a127ad25961d26b66730190723a6aefba4a8ffb694ea942c6b4eb5d6ee950b780856 -SHA512 (container-selinux-14f7c51.tar.gz) = 5a1c5f9574005aa714b08f5db429fa3afaa02f64d0694d4ad63dd2976c4a0f7bf1ff2697a0978bbbcd8c566d6453024390dbfc6579d188827dc2593a048695f2 +SHA512 (container-selinux-c81ea26.tar.gz) = 984aeede05f41b693908271436a86947cb13366114dfa58de57e24bb985aff657090a1d060f8d066cf7bb918a4269a7172e225f013b0e039adfff680943de519 From 23a6ec68676649db42aabb9c654431a37529b9c9 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 31 May 2017 12:29:46 +0000 Subject: [PATCH 005/381] Allow container types to read/write container_runtime fifo files Allow a container runtime to mount on top of its own /proc --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 0caac17..d3274e4 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ /container-selinux-08bb6e0.tar.gz /container-selinux-8f8caa6.tar.gz /container-selinux-14f7c51.tar.gz +/container-selinux-c81ea26.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index c3382fe..8bc7400 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 14f7c51001a452a1cf3e162845c2915aeb167fac +%global commit0 c81ea2691ffdb436229d20b6b7a92e2fd71d0553 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.14 +Version: 2.15 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,10 @@ fi %{_datadir}/selinux/* %changelog +* Wed May 31 2017 Dan Walsh - 2.15-1 +- Allow container types to read/write container_runtime fifo files +- Allow a container runtime to mount on top of its own /proc + * Fri May 19 2017 Dan Walsh - 2.14-1 - Add labels for crio rename - Break container_t rules out to use a separate container_domain diff --git a/sources b/sources index b3c2342..10ffcf8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-14f7c51.tar.gz) = 5a1c5f9574005aa714b08f5db429fa3afaa02f64d0694d4ad63dd2976c4a0f7bf1ff2697a0978bbbcd8c566d6453024390dbfc6579d188827dc2593a048695f2 +SHA512 (container-selinux-c81ea26.tar.gz) = 984aeede05f41b693908271436a86947cb13366114dfa58de57e24bb985aff657090a1d060f8d066cf7bb918a4269a7172e225f013b0e039adfff680943de519 From 4868764a43644f0ce67ac86031e617bc9e26e301 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 1 Jun 2017 21:47:32 +0000 Subject: [PATCH 006/381] Add default labeling for cri-o in /etc/crio directories --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index d3274e4..40bffaa 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ /container-selinux-8f8caa6.tar.gz /container-selinux-14f7c51.tar.gz /container-selinux-c81ea26.tar.gz +/container-selinux-9027f8e.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 8bc7400..0f62457 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 c81ea2691ffdb436229d20b6b7a92e2fd71d0553 +%global commit0 9027f8e958bbf8c98f1d6856ccd4c8b7b5da8d1c %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.15 +Version: 2.16 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Jun 1 2017 Dan Walsh - 2.16-1 +- Add default labeling for cri-o in /etc/crio directories + * Wed May 31 2017 Dan Walsh - 2.15-1 - Allow container types to read/write container_runtime fifo files - Allow a container runtime to mount on top of its own /proc diff --git a/sources b/sources index 10ffcf8..d2d1e67 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-c81ea26.tar.gz) = 984aeede05f41b693908271436a86947cb13366114dfa58de57e24bb985aff657090a1d060f8d066cf7bb918a4269a7172e225f013b0e039adfff680943de519 +SHA512 (container-selinux-9027f8e.tar.gz) = 19e561a9c71e0b3759a0fa79580cb816274fd90762c164f85e3de514102d7da702faaba9c4b2bf2dd54a39462ed52faea23e4fec2dc34c229267829635390ec6 From cd373dfe6ed1ec4f782d15b4ebaa4d9ceae63224 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 1 Jun 2017 22:03:44 +0000 Subject: [PATCH 007/381] Add default labeling for cri-o in /etc/crio directories --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index d3274e4..40bffaa 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ /container-selinux-8f8caa6.tar.gz /container-selinux-14f7c51.tar.gz /container-selinux-c81ea26.tar.gz +/container-selinux-9027f8e.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 8bc7400..0f62457 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 c81ea2691ffdb436229d20b6b7a92e2fd71d0553 +%global commit0 9027f8e958bbf8c98f1d6856ccd4c8b7b5da8d1c %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.15 +Version: 2.16 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Jun 1 2017 Dan Walsh - 2.16-1 +- Add default labeling for cri-o in /etc/crio directories + * Wed May 31 2017 Dan Walsh - 2.15-1 - Allow container types to read/write container_runtime fifo files - Allow a container runtime to mount on top of its own /proc diff --git a/sources b/sources index 10ffcf8..d2d1e67 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-c81ea26.tar.gz) = 984aeede05f41b693908271436a86947cb13366114dfa58de57e24bb985aff657090a1d060f8d066cf7bb918a4269a7172e225f013b0e039adfff680943de519 +SHA512 (container-selinux-9027f8e.tar.gz) = 19e561a9c71e0b3759a0fa79580cb816274fd90762c164f85e3de514102d7da702faaba9c4b2bf2dd54a39462ed52faea23e4fec2dc34c229267829635390ec6 From 590defb1b5f9a4fd42e9c5bb923b660c2cf0f441 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 5 Jun 2017 20:10:25 +0000 Subject: [PATCH 008/381] Revert change to run the container_runtime as ranged --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 40bffaa..67e2407 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ /container-selinux-14f7c51.tar.gz /container-selinux-c81ea26.tar.gz /container-selinux-9027f8e.tar.gz +/container-selinux-ed3082b.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 0f62457..41e4386 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 9027f8e958bbf8c98f1d6856ccd4c8b7b5da8d1c +%global commit0 ed3082b4d72740d197f4680749347ca507fc1203 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.16 +Version: 2.17 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jun 5 2017 Dan Walsh - 2.17-1 +- Revert change to run the container_runtime as ranged + * Thu Jun 1 2017 Dan Walsh - 2.16-1 - Add default labeling for cri-o in /etc/crio directories diff --git a/sources b/sources index d2d1e67..795ef44 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-9027f8e.tar.gz) = 19e561a9c71e0b3759a0fa79580cb816274fd90762c164f85e3de514102d7da702faaba9c4b2bf2dd54a39462ed52faea23e4fec2dc34c229267829635390ec6 +SHA512 (container-selinux-ed3082b.tar.gz) = a09ecf7002812d6f7deb878bd43a4c057cda41ad87b999ae43bc485f1f5a7229e7065131c9ec8da657005768fd814a612ab2cb84c66f7de74dab30197726568f From 7bb0b37bf3c638db1054ca25716ceef06bf56ebf Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 5 Jun 2017 20:21:30 +0000 Subject: [PATCH 009/381] Revert change to run the container_runtime as ranged --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 40bffaa..67e2407 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ /container-selinux-14f7c51.tar.gz /container-selinux-c81ea26.tar.gz /container-selinux-9027f8e.tar.gz +/container-selinux-ed3082b.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 0f62457..41e4386 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 9027f8e958bbf8c98f1d6856ccd4c8b7b5da8d1c +%global commit0 ed3082b4d72740d197f4680749347ca507fc1203 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.16 +Version: 2.17 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jun 5 2017 Dan Walsh - 2.17-1 +- Revert change to run the container_runtime as ranged + * Thu Jun 1 2017 Dan Walsh - 2.16-1 - Add default labeling for cri-o in /etc/crio directories diff --git a/sources b/sources index d2d1e67..795ef44 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-9027f8e.tar.gz) = 19e561a9c71e0b3759a0fa79580cb816274fd90762c164f85e3de514102d7da702faaba9c4b2bf2dd54a39462ed52faea23e4fec2dc34c229267829635390ec6 +SHA512 (container-selinux-ed3082b.tar.gz) = a09ecf7002812d6f7deb878bd43a4c057cda41ad87b999ae43bc485f1f5a7229e7065131c9ec8da657005768fd814a612ab2cb84c66f7de74dab30197726568f From 35b5399d151f71a10645ab53df2b95b5f5088447 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 6 Jun 2017 19:28:56 +0000 Subject: [PATCH 010/381] Fix labeling for CRI-O files in overlay subdirs --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 41e4386..565136d 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 ed3082b4d72740d197f4680749347ca507fc1203 +%global commit0 5212fea857a5296e1d22b3ac6b875eb59a86ebe7 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.17 +Version: 2.18 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Jun 6 2017 Dan Walsh - 2.18-1 +- Fix labeling for CRI-O files in overlay subdirs + * Mon Jun 5 2017 Dan Walsh - 2.17-1 - Revert change to run the container_runtime as ranged From f7112ead8f9c94082a549b3eee0fe5ea3bbb5fd2 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 6 Jun 2017 19:46:53 +0000 Subject: [PATCH 011/381] Fix labeling for CRI-O files in overlay subdirs --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 67e2407..f607f56 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ /container-selinux-c81ea26.tar.gz /container-selinux-9027f8e.tar.gz /container-selinux-ed3082b.tar.gz +/container-selinux-5212fea.tar.gz diff --git a/sources b/sources index 795ef44..0f81251 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-ed3082b.tar.gz) = a09ecf7002812d6f7deb878bd43a4c057cda41ad87b999ae43bc485f1f5a7229e7065131c9ec8da657005768fd814a612ab2cb84c66f7de74dab30197726568f +SHA512 (container-selinux-5212fea.tar.gz) = 3a796527dfbc1b0ad0b05f7db1a4342ffa8802cbb7778310e6b49f433e8bc5bd0b8fbe7240bff204cfde2169143bd1ad46002368e8a1c9b711f0e8b1ecacecd6 From df84d0dd5d1d3dda4f2ae8ce26117391a6631f44 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 6 Jun 2017 20:24:29 +0000 Subject: [PATCH 012/381] Fix labeling for CRI-O files in overlay subdirs --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 67e2407..f607f56 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ /container-selinux-c81ea26.tar.gz /container-selinux-9027f8e.tar.gz /container-selinux-ed3082b.tar.gz +/container-selinux-5212fea.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 41e4386..565136d 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 ed3082b4d72740d197f4680749347ca507fc1203 +%global commit0 5212fea857a5296e1d22b3ac6b875eb59a86ebe7 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.17 +Version: 2.18 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Jun 6 2017 Dan Walsh - 2.18-1 +- Fix labeling for CRI-O files in overlay subdirs + * Mon Jun 5 2017 Dan Walsh - 2.17-1 - Revert change to run the container_runtime as ranged diff --git a/sources b/sources index 795ef44..0f81251 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-ed3082b.tar.gz) = a09ecf7002812d6f7deb878bd43a4c057cda41ad87b999ae43bc485f1f5a7229e7065131c9ec8da657005768fd814a612ab2cb84c66f7de74dab30197726568f +SHA512 (container-selinux-5212fea.tar.gz) = 3a796527dfbc1b0ad0b05f7db1a4342ffa8802cbb7778310e6b49f433e8bc5bd0b8fbe7240bff204cfde2169143bd1ad46002368e8a1c9b711f0e8b1ecacecd6 From fbb3cfcf9a03a5962aa1cde9705e2344321a3ba9 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 12 Jun 2017 18:13:46 +0000 Subject: [PATCH 013/381] Allow containers to create tun sockets --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index f607f56..c64135c 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ /container-selinux-9027f8e.tar.gz /container-selinux-ed3082b.tar.gz /container-selinux-5212fea.tar.gz +/container-selinux-a80afba.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 565136d..996ee3a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 5212fea857a5296e1d22b3ac6b875eb59a86ebe7 +%global commit0 a80afba083834209e5683c8e0320734a4d9d0b64 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.18 +Version: 2.19 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jun 12 2017 Dan Walsh - 2.19-1 +- Allow containers to create tun sockets + * Tue Jun 6 2017 Dan Walsh - 2.18-1 - Fix labeling for CRI-O files in overlay subdirs diff --git a/sources b/sources index 0f81251..a3045ce 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5212fea.tar.gz) = 3a796527dfbc1b0ad0b05f7db1a4342ffa8802cbb7778310e6b49f433e8bc5bd0b8fbe7240bff204cfde2169143bd1ad46002368e8a1c9b711f0e8b1ecacecd6 +SHA512 (container-selinux-a80afba.tar.gz) = 41e7c18cd221113799495d9ca93bbc2844795be5a39e62c16fc07956f6b36cc52ed6d49f2837aae268ad4356f96458835a57d57e72d5dcdb9e978095a0c96d38 From 128d9afe4d06eee25bd4874e488590129b4d127b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 12 Jun 2017 18:23:25 +0000 Subject: [PATCH 014/381] Allow containers to create tun sockets --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index f607f56..c64135c 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ /container-selinux-9027f8e.tar.gz /container-selinux-ed3082b.tar.gz /container-selinux-5212fea.tar.gz +/container-selinux-a80afba.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 565136d..996ee3a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 5212fea857a5296e1d22b3ac6b875eb59a86ebe7 +%global commit0 a80afba083834209e5683c8e0320734a4d9d0b64 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.18 +Version: 2.19 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jun 12 2017 Dan Walsh - 2.19-1 +- Allow containers to create tun sockets + * Tue Jun 6 2017 Dan Walsh - 2.18-1 - Fix labeling for CRI-O files in overlay subdirs diff --git a/sources b/sources index 0f81251..a3045ce 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5212fea.tar.gz) = 3a796527dfbc1b0ad0b05f7db1a4342ffa8802cbb7778310e6b49f433e8bc5bd0b8fbe7240bff204cfde2169143bd1ad46002368e8a1c9b711f0e8b1ecacecd6 +SHA512 (container-selinux-a80afba.tar.gz) = 41e7c18cd221113799495d9ca93bbc2844795be5a39e62c16fc07956f6b36cc52ed6d49f2837aae268ad4356f96458835a57d57e72d5dcdb9e978095a0c96d38 From ef7772c6648773fe0a2f6c3a0c763926b2b287c4 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 30 Jun 2017 15:53:25 +0000 Subject: [PATCH 015/381] Allow container processes to getsession --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index c64135c..5ecda31 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ /container-selinux-ed3082b.tar.gz /container-selinux-5212fea.tar.gz /container-selinux-a80afba.tar.gz +/container-selinux-c5fd77f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 996ee3a..9abe5d1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 a80afba083834209e5683c8e0320734a4d9d0b64 +%global commit0 c5fd77fc2496e04c2722d23860842b58a72d0178 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.19 +Version: 2.20 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Jun 30 2017 Dan Walsh - 2.20-1 +- Allow container processes to getsession + * Mon Jun 12 2017 Dan Walsh - 2.19-1 - Allow containers to create tun sockets diff --git a/sources b/sources index a3045ce..4ce51af 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-a80afba.tar.gz) = 41e7c18cd221113799495d9ca93bbc2844795be5a39e62c16fc07956f6b36cc52ed6d49f2837aae268ad4356f96458835a57d57e72d5dcdb9e978095a0c96d38 +SHA512 (container-selinux-c5fd77f.tar.gz) = 226880f6c73115034bd16b0c5acf6a79f35391fe51eec2ab499cf475d848e561f174dfaf14f7778c53363c4eee006b6b77cf558bd6e36b4474bfd44d9da8f8fa From 0a04ede43e82e802ec65bf49a68a1f976a7453c7 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 30 Jun 2017 15:54:16 +0000 Subject: [PATCH 016/381] Allow container processes to getsession --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index c64135c..5ecda31 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ /container-selinux-ed3082b.tar.gz /container-selinux-5212fea.tar.gz /container-selinux-a80afba.tar.gz +/container-selinux-c5fd77f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 996ee3a..9abe5d1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 a80afba083834209e5683c8e0320734a4d9d0b64 +%global commit0 c5fd77fc2496e04c2722d23860842b58a72d0178 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.19 +Version: 2.20 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Jun 30 2017 Dan Walsh - 2.20-1 +- Allow container processes to getsession + * Mon Jun 12 2017 Dan Walsh - 2.19-1 - Allow containers to create tun sockets diff --git a/sources b/sources index a3045ce..4ce51af 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-a80afba.tar.gz) = 41e7c18cd221113799495d9ca93bbc2844795be5a39e62c16fc07956f6b36cc52ed6d49f2837aae268ad4356f96458835a57d57e72d5dcdb9e978095a0c96d38 +SHA512 (container-selinux-c5fd77f.tar.gz) = 226880f6c73115034bd16b0c5acf6a79f35391fe51eec2ab499cf475d848e561f174dfaf14f7778c53363c4eee006b6b77cf558bd6e36b4474bfd44d9da8f8fa From 852a09a52f8d875c71cd36d22cedace98649272a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 6 Jul 2017 10:47:14 +0000 Subject: [PATCH 017/381] Relabel runc and crio executables --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 9abe5d1..7fad32e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -22,7 +22,7 @@ %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; # Relabel files -%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : +%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : # Version of SELinux we were using %if 0%{?fedora} >= 22 @@ -36,7 +36,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.20 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Jul 6 2017 Dan Walsh - 2.20-2 +- Relabel runc and crio executables + * Fri Jun 30 2017 Dan Walsh - 2.20-1 - Allow container processes to getsession From 7ff0bdeaffa2a6be499768d62cc27a4a3a0fb4fb Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 6 Jul 2017 10:48:37 +0000 Subject: [PATCH 018/381] Relabel runc and crio executables --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 9abe5d1..7fad32e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -22,7 +22,7 @@ %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; # Relabel files -%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : +%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : # Version of SELinux we were using %if 0%{?fedora} >= 22 @@ -36,7 +36,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.20 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Jul 6 2017 Dan Walsh - 2.20-2 +- Relabel runc and crio executables + * Fri Jun 30 2017 Dan Walsh - 2.20-1 - Allow container processes to getsession From bb6875d35822766d863a7252155c44a19aa2850d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 11 Jul 2017 17:36:41 +0000 Subject: [PATCH 019/381] Allow containers to execmod on container_share_t files. --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 5ecda31..339f37c 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ /container-selinux-5212fea.tar.gz /container-selinux-a80afba.tar.gz /container-selinux-c5fd77f.tar.gz +/container-selinux-c89e9b5.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 7fad32e..1e50d15 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 c5fd77fc2496e04c2722d23860842b58a72d0178 +%global commit0 c89e9b5e450367cfbed32d6c166ce04353f2bba7 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,8 +35,8 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.20 -Release: 2%{?dist} +Version: 2.21 +Release: 1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Jul 6 2017 Dan Walsh - 2.21-1 +- Allow containers to execmod on container_share_t files. + * Thu Jul 6 2017 Dan Walsh - 2.20-2 - Relabel runc and crio executables diff --git a/sources b/sources index 4ce51af..28ef135 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-c5fd77f.tar.gz) = 226880f6c73115034bd16b0c5acf6a79f35391fe51eec2ab499cf475d848e561f174dfaf14f7778c53363c4eee006b6b77cf558bd6e36b4474bfd44d9da8f8fa +SHA512 (container-selinux-c89e9b5.tar.gz) = 20f6fd70b18b77162738fa806d91cb37d0cc9efb286441cfe624c833a5d556e880e1658f2a8e1b78b9fb532c5d9075b5b6eaa9d73c8a8c9969a5fbde0784b050 From 9832a5f1a397ff17bc0c6f7f51701c0e2fadd75c Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 11 Jul 2017 17:37:12 +0000 Subject: [PATCH 020/381] Allow containers to execmod on container_share_t files. --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 5ecda31..339f37c 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ /container-selinux-5212fea.tar.gz /container-selinux-a80afba.tar.gz /container-selinux-c5fd77f.tar.gz +/container-selinux-c89e9b5.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 7fad32e..1e50d15 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} -%global commit0 c5fd77fc2496e04c2722d23860842b58a72d0178 +%global commit0 c89e9b5e450367cfbed32d6c166ce04353f2bba7 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,8 +35,8 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} Epoch: 2 %endif -Version: 2.20 -Release: 2%{?dist} +Version: 2.21 +Release: 1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Jul 6 2017 Dan Walsh - 2.21-1 +- Allow containers to execmod on container_share_t files. + * Thu Jul 6 2017 Dan Walsh - 2.20-2 - Relabel runc and crio executables diff --git a/sources b/sources index 4ce51af..28ef135 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-c5fd77f.tar.gz) = 226880f6c73115034bd16b0c5acf6a79f35391fe51eec2ab499cf475d848e561f174dfaf14f7778c53363c4eee006b6b77cf558bd6e36b4474bfd44d9da8f8fa +SHA512 (container-selinux-c89e9b5.tar.gz) = 20f6fd70b18b77162738fa806d91cb37d0cc9efb286441cfe624c833a5d556e880e1658f2a8e1b78b9fb532c5d9075b5b6eaa9d73c8a8c9969a5fbde0784b050 From 5cb66e7ed32a20f0a5df50fb27734edccc5ecc36 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 26 Jul 2017 05:26:19 +0000 Subject: [PATCH 021/381] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 1e50d15..7accf74 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -36,7 +36,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.21 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed Jul 26 2017 Fedora Release Engineering - 2:2.21-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + * Thu Jul 6 2017 Dan Walsh - 2.21-1 - Allow containers to execmod on container_share_t files. From 9a3633bb6ba4411fd98c0af7f17dd186bb139e1f Mon Sep 17 00:00:00 2001 From: Troy Dawson Date: Mon, 14 Aug 2017 13:16:08 -0700 Subject: [PATCH 022/381] Fixup spec file conditionals --- container-selinux.spec | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 7accf74..bc0ea61 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%if 0%{?fedora} +%if 0%{?fedora} || 0%{?rhel} > 7 %global commit0 c89e9b5e450367cfbed32d6c166ce04353f2bba7 %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -25,18 +25,18 @@ %global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : # Version of SELinux we were using -%if 0%{?fedora} >= 22 +%if 0%{?fedora} >= 22 || 0%{?rhel} > 7 %global selinux_policyver 3.13.1-220 %else %global selinux_policyver 3.13.1-39 %endif Name: container-selinux -%if 0%{?fedora} || 0%{?centos} +%if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif Version: 2.21 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -51,7 +51,7 @@ Requires: selinux-policy >= %{selinux_policyver} Requires(post): selinux-policy-base >= %{selinux_policyver} Requires(post): selinux-policy-targeted >= %{selinux_policyver} Requires(post): policycoreutils -%if 0%{?fedora} +%if 0%{?fedora} || 0%{?rhel} > 7 Requires(post): policycoreutils-python-utils %else Requires(post): policycoreutils-python @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Aug 14 2017 Troy Dawson - 2.21-3 +- Fixup spec file conditionals + * Wed Jul 26 2017 Fedora Release Engineering - 2:2.21-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild From 1aad223080e1c2353cdd4d60ebbdc8f839790581 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 5 Sep 2017 20:40:09 +0000 Subject: [PATCH 023/381] Add additonal support for crio labeling. --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 339f37c..0ac645f 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ /container-selinux-a80afba.tar.gz /container-selinux-c5fd77f.tar.gz /container-selinux-c89e9b5.tar.gz +/container-selinux-58324f3.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index bc0ea61..60adde7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 c89e9b5e450367cfbed32d6c166ce04353f2bba7 +%global commit0 58324f302613d8a9cf14896b9ca7e1348f9d6f0a %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,8 +35,8 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.21 -Release: 3%{?dist} +Version: 2.22 +Release: 1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Sep 5 2017 Dan Walsh - 2.22-1 +- Add additonal support for crio labeling. + * Mon Aug 14 2017 Troy Dawson - 2.21-3 - Fixup spec file conditionals diff --git a/sources b/sources index 28ef135..46ccc4f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-c89e9b5.tar.gz) = 20f6fd70b18b77162738fa806d91cb37d0cc9efb286441cfe624c833a5d556e880e1658f2a8e1b78b9fb532c5d9075b5b6eaa9d73c8a8c9969a5fbde0784b050 +SHA512 (container-selinux-58324f3.tar.gz) = cf794466e1b819a24b56f993f5f2e036a594c59fdb6a656400b9a27e4337287917a798e43b50d61fb1de64c869b2fcf4a6156b63a7b5775a22a16709fcbe8e08 From caaff805ad734e4534e50c13a61c141384557b9a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 5 Sep 2017 20:40:42 +0000 Subject: [PATCH 024/381] Add additonal support for crio labeling. --- .gitignore | 1 + container-selinux.spec | 21 +++++++++++++++------ sources | 2 +- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 339f37c..0ac645f 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ /container-selinux-a80afba.tar.gz /container-selinux-c5fd77f.tar.gz /container-selinux-c89e9b5.tar.gz +/container-selinux-58324f3.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1e50d15..60adde7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,8 +2,8 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%if 0%{?fedora} -%global commit0 c89e9b5e450367cfbed32d6c166ce04353f2bba7 +%if 0%{?fedora} || 0%{?rhel} > 7 +%global commit0 58324f302613d8a9cf14896b9ca7e1348f9d6f0a %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -25,17 +25,17 @@ %global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : # Version of SELinux we were using -%if 0%{?fedora} >= 22 +%if 0%{?fedora} >= 22 || 0%{?rhel} > 7 %global selinux_policyver 3.13.1-220 %else %global selinux_policyver 3.13.1-39 %endif Name: container-selinux -%if 0%{?fedora} || 0%{?centos} +%if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.21 +Version: 2.22 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -51,7 +51,7 @@ Requires: selinux-policy >= %{selinux_policyver} Requires(post): selinux-policy-base >= %{selinux_policyver} Requires(post): selinux-policy-targeted >= %{selinux_policyver} Requires(post): policycoreutils -%if 0%{?fedora} +%if 0%{?fedora} || 0%{?rhel} > 7 Requires(post): policycoreutils-python-utils %else Requires(post): policycoreutils-python @@ -118,6 +118,15 @@ fi %{_datadir}/selinux/* %changelog +* Tue Sep 5 2017 Dan Walsh - 2.22-1 +- Add additonal support for crio labeling. + +* Mon Aug 14 2017 Troy Dawson - 2.21-3 +- Fixup spec file conditionals + +* Wed Jul 26 2017 Fedora Release Engineering - 2:2.21-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + * Thu Jul 6 2017 Dan Walsh - 2.21-1 - Allow containers to execmod on container_share_t files. diff --git a/sources b/sources index 28ef135..46ccc4f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-c89e9b5.tar.gz) = 20f6fd70b18b77162738fa806d91cb37d0cc9efb286441cfe624c833a5d556e880e1658f2a8e1b78b9fb532c5d9075b5b6eaa9d73c8a8c9969a5fbde0784b050 +SHA512 (container-selinux-58324f3.tar.gz) = cf794466e1b819a24b56f993f5f2e036a594c59fdb6a656400b9a27e4337287917a798e43b50d61fb1de64c869b2fcf4a6156b63a7b5775a22a16709fcbe8e08 From b74f4a298b6d343d076aef2d00acc8145a76fa96 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 7 Sep 2017 08:43:48 +0000 Subject: [PATCH 025/381] Allow container runtimes to create sockets in tmp dirs --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 60adde7..c096def 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 58324f302613d8a9cf14896b9ca7e1348f9d6f0a +%global commit0 81ff96c3e100ec23f7934000e96adab56762fd96 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.22 +Version: 2.23 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Sep 7 2017 Dan Walsh - 2.23-1 +- Allow container runtimes to create sockets in tmp dirs + * Tue Sep 5 2017 Dan Walsh - 2.22-1 - Add additonal support for crio labeling. From a285f680504913f3897edccf644967fbf38176f0 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 7 Sep 2017 08:45:09 +0000 Subject: [PATCH 026/381] Allow container runtimes to create sockets in tmp dirs --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 60adde7..c096def 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 58324f302613d8a9cf14896b9ca7e1348f9d6f0a +%global commit0 81ff96c3e100ec23f7934000e96adab56762fd96 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.22 +Version: 2.23 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Sep 7 2017 Dan Walsh - 2.23-1 +- Allow container runtimes to create sockets in tmp dirs + * Tue Sep 5 2017 Dan Walsh - 2.22-1 - Add additonal support for crio labeling. From 652d659338ef128416df5135f4fc80eac4dae354 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 7 Sep 2017 09:01:16 +0000 Subject: [PATCH 027/381] Allow container runtimes to create sockets in tmp dirs --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 0ac645f..16244c3 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ /container-selinux-c5fd77f.tar.gz /container-selinux-c89e9b5.tar.gz /container-selinux-58324f3.tar.gz +/container-selinux-81ff96c.tar.gz diff --git a/sources b/sources index 46ccc4f..9f28103 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-58324f3.tar.gz) = cf794466e1b819a24b56f993f5f2e036a594c59fdb6a656400b9a27e4337287917a798e43b50d61fb1de64c869b2fcf4a6156b63a7b5775a22a16709fcbe8e08 +SHA512 (container-selinux-81ff96c.tar.gz) = 4d1fac6319e0f45ed6daf0413bdb4f9bbc6389d8aef3039a5d089084937df9baa67106f33dfd50911d81f47a8f7867cdd1c74a441e8a86fe5d57c87299a46c98 From 485df1a6a4703cf208027afa9fe53b42b592cea0 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 7 Sep 2017 09:01:33 +0000 Subject: [PATCH 028/381] Allow container runtimes to create sockets in tmp dirs --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 0ac645f..16244c3 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ /container-selinux-c5fd77f.tar.gz /container-selinux-c89e9b5.tar.gz /container-selinux-58324f3.tar.gz +/container-selinux-81ff96c.tar.gz diff --git a/sources b/sources index 46ccc4f..9f28103 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-58324f3.tar.gz) = cf794466e1b819a24b56f993f5f2e036a594c59fdb6a656400b9a27e4337287917a798e43b50d61fb1de64c869b2fcf4a6156b63a7b5775a22a16709fcbe8e08 +SHA512 (container-selinux-81ff96c.tar.gz) = 4d1fac6319e0f45ed6daf0413bdb4f9bbc6389d8aef3039a5d089084937df9baa67106f33dfd50911d81f47a8f7867cdd1c74a441e8a86fe5d57c87299a46c98 From c6e706af6d0a89cd2e1486b32fbe488cc31f525a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 22 Sep 2017 11:08:40 +0000 Subject: [PATCH 029/381] Make sure container_runtime_t has all access of container_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 16244c3..109031b 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ /container-selinux-c89e9b5.tar.gz /container-selinux-58324f3.tar.gz /container-selinux-81ff96c.tar.gz +/container-selinux-a9260d4.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index c096def..182d6d7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 81ff96c3e100ec23f7934000e96adab56762fd96 +%global commit0 a9260d44ecb10cc824ad0e18bcd22cb93a5dbdaf %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.23 +Version: 2.24 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Sep 22 2017 Dan Walsh - 2.24-1 +- Make sure container_runtime_t has all access of container_t + * Thu Sep 7 2017 Dan Walsh - 2.23-1 - Allow container runtimes to create sockets in tmp dirs diff --git a/sources b/sources index 9f28103..b692fbb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-81ff96c.tar.gz) = 4d1fac6319e0f45ed6daf0413bdb4f9bbc6389d8aef3039a5d089084937df9baa67106f33dfd50911d81f47a8f7867cdd1c74a441e8a86fe5d57c87299a46c98 +SHA512 (container-selinux-a9260d4.tar.gz) = a28462bdbedd1ad8b94d8da8cb8577f1e2b7ddf441b689ae71d97e0152adb5b75f0f4601e5c2f2311642ec65605e1440b56bb07317246a18206964717af4d981 From 89a5c31e92464b9e010396f383092ed63ca59222 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 22 Sep 2017 11:11:20 +0000 Subject: [PATCH 030/381] Make sure container_runtime_t has all access of container_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 16244c3..109031b 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ /container-selinux-c89e9b5.tar.gz /container-selinux-58324f3.tar.gz /container-selinux-81ff96c.tar.gz +/container-selinux-a9260d4.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index c096def..182d6d7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 81ff96c3e100ec23f7934000e96adab56762fd96 +%global commit0 a9260d44ecb10cc824ad0e18bcd22cb93a5dbdaf %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.23 +Version: 2.24 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Sep 22 2017 Dan Walsh - 2.24-1 +- Make sure container_runtime_t has all access of container_t + * Thu Sep 7 2017 Dan Walsh - 2.23-1 - Allow container runtimes to create sockets in tmp dirs diff --git a/sources b/sources index 9f28103..b692fbb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-81ff96c.tar.gz) = 4d1fac6319e0f45ed6daf0413bdb4f9bbc6389d8aef3039a5d089084937df9baa67106f33dfd50911d81f47a8f7867cdd1c74a441e8a86fe5d57c87299a46c98 +SHA512 (container-selinux-a9260d4.tar.gz) = a28462bdbedd1ad8b94d8da8cb8577f1e2b7ddf441b689ae71d97e0152adb5b75f0f4601e5c2f2311642ec65605e1440b56bb07317246a18206964717af4d981 From 5a61b6808ad6e5fae78ec11edb9b983412cf7324 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 4 Oct 2017 09:10:48 +0000 Subject: [PATCH 031/381] Allow container runtimes to work with the netfilter sockets Allow container_file_t to be an entrypoint for VM's Allow spc_t domains to transition to svirt_t --- .gitignore | 1 + container-selinux.spec | 9 +++++++-- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 109031b..df07220 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ /container-selinux-58324f3.tar.gz /container-selinux-81ff96c.tar.gz /container-selinux-a9260d4.tar.gz +/container-selinux-e37e93d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 182d6d7..46524c7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 a9260d44ecb10cc824ad0e18bcd22cb93a5dbdaf +%global commit0 e37e93dbe6cb058fc89c9c5de5ecd4c3be4354fb %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.24 +Version: 2.27 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,11 @@ fi %{_datadir}/selinux/* %changelog +* Fri Sep 22 2017 Dan Walsh - 2.27-1 +- Allow container runtimes to work with the netfilter sockets +- Allow container_file_t to be an entrypoint for VM's +- Allow spc_t domains to transition to svirt_t + * Fri Sep 22 2017 Dan Walsh - 2.24-1 - Make sure container_runtime_t has all access of container_t diff --git a/sources b/sources index b692fbb..9baaa72 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-a9260d4.tar.gz) = a28462bdbedd1ad8b94d8da8cb8577f1e2b7ddf441b689ae71d97e0152adb5b75f0f4601e5c2f2311642ec65605e1440b56bb07317246a18206964717af4d981 +SHA512 (container-selinux-e37e93d.tar.gz) = faf644a4a13c0ffa1198d798390147f815d90aa27ca9af49df71575da1be8678bcbe12f0281f83b345945a29330c10df7c86f79f6862829902f71dc7e7431058 From 4d68bd6e3503d22caa907f1fc43df215d625a630 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 4 Oct 2017 09:11:49 +0000 Subject: [PATCH 032/381] Allow container runtimes to work with the netfilter sockets Allow container_file_t to be an entrypoint for VM's Allow spc_t domains to transition to svirt_t --- .gitignore | 1 + container-selinux.spec | 9 +++++++-- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 109031b..df07220 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ /container-selinux-58324f3.tar.gz /container-selinux-81ff96c.tar.gz /container-selinux-a9260d4.tar.gz +/container-selinux-e37e93d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 182d6d7..46524c7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 a9260d44ecb10cc824ad0e18bcd22cb93a5dbdaf +%global commit0 e37e93dbe6cb058fc89c9c5de5ecd4c3be4354fb %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.24 +Version: 2.27 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,11 @@ fi %{_datadir}/selinux/* %changelog +* Fri Sep 22 2017 Dan Walsh - 2.27-1 +- Allow container runtimes to work with the netfilter sockets +- Allow container_file_t to be an entrypoint for VM's +- Allow spc_t domains to transition to svirt_t + * Fri Sep 22 2017 Dan Walsh - 2.24-1 - Make sure container_runtime_t has all access of container_t diff --git a/sources b/sources index b692fbb..9baaa72 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-a9260d4.tar.gz) = a28462bdbedd1ad8b94d8da8cb8577f1e2b7ddf441b689ae71d97e0152adb5b75f0f4601e5c2f2311642ec65605e1440b56bb07317246a18206964717af4d981 +SHA512 (container-selinux-e37e93d.tar.gz) = faf644a4a13c0ffa1198d798390147f815d90aa27ca9af49df71575da1be8678bcbe12f0281f83b345945a29330c10df7c86f79f6862829902f71dc7e7431058 From ecb1760cbbdc370c09ef9f99be2e203135dbd1c0 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 9 Oct 2017 13:29:39 +0000 Subject: [PATCH 033/381] Allow a container to umount a container_file_t filesystem --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index df07220..3661347 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ /container-selinux-81ff96c.tar.gz /container-selinux-a9260d4.tar.gz /container-selinux-e37e93d.tar.gz +/container-selinux-de38c07.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 46524c7..3a4c3df 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 e37e93dbe6cb058fc89c9c5de5ecd4c3be4354fb +%global commit0 de38c07f355f6d885192ed974236a735be9e455c %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.27 +Version: 2.28 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Oct 9 2017 Dan Walsh - 2.28-1 +- Allow a container to umount a container_file_t filesystem + * Fri Sep 22 2017 Dan Walsh - 2.27-1 - Allow container runtimes to work with the netfilter sockets - Allow container_file_t to be an entrypoint for VM's diff --git a/sources b/sources index 9baaa72..5829058 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-e37e93d.tar.gz) = faf644a4a13c0ffa1198d798390147f815d90aa27ca9af49df71575da1be8678bcbe12f0281f83b345945a29330c10df7c86f79f6862829902f71dc7e7431058 +SHA512 (container-selinux-de38c07.tar.gz) = bada050900ceb4972ee75330a5ca6de49561c208f15b669261f8f028b0783bc1cf5cc64e9c6e6fa79c7988ccec001e8084b10e04683ccd3c414c4b0ad53c651b From 7e365500a8870850d27c13f68e77d6753be1927d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 9 Oct 2017 13:30:47 +0000 Subject: [PATCH 034/381] Allow a container to umount a container_file_t filesystem --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index df07220..3661347 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ /container-selinux-81ff96c.tar.gz /container-selinux-a9260d4.tar.gz /container-selinux-e37e93d.tar.gz +/container-selinux-de38c07.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 46524c7..3a4c3df 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 e37e93dbe6cb058fc89c9c5de5ecd4c3be4354fb +%global commit0 de38c07f355f6d885192ed974236a735be9e455c %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.27 +Version: 2.28 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Oct 9 2017 Dan Walsh - 2.28-1 +- Allow a container to umount a container_file_t filesystem + * Fri Sep 22 2017 Dan Walsh - 2.27-1 - Allow container runtimes to work with the netfilter sockets - Allow container_file_t to be an entrypoint for VM's diff --git a/sources b/sources index 9baaa72..5829058 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-e37e93d.tar.gz) = faf644a4a13c0ffa1198d798390147f815d90aa27ca9af49df71575da1be8678bcbe12f0281f83b345945a29330c10df7c86f79f6862829902f71dc7e7431058 +SHA512 (container-selinux-de38c07.tar.gz) = bada050900ceb4972ee75330a5ca6de49561c208f15b669261f8f028b0783bc1cf5cc64e9c6e6fa79c7988ccec001e8084b10e04683ccd3c414c4b0ad53c651b From b99f18b8ce347f1675cf7f21d3f472ab6da93f52 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 10 Oct 2017 16:17:55 +0000 Subject: [PATCH 035/381] Add support for lxcd Add support for labeling of tmpfs storage created within a container. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 3661347..eedfcc2 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ /container-selinux-a9260d4.tar.gz /container-selinux-e37e93d.tar.gz /container-selinux-de38c07.tar.gz +/container-selinux-0620186.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 3a4c3df..1a9f183 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 de38c07f355f6d885192ed974236a735be9e455c +%global commit0 0620186b7396af617fa0f570e82e875e5b3ac8d7 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.28 +Version: 2.29 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,10 @@ fi %{_datadir}/selinux/* %changelog +* Tue Oct 10 2017 Dan Walsh - 2.29-1 +- Add support for lxcd +- Add support for labeling of tmpfs storage created within a container. + * Mon Oct 9 2017 Dan Walsh - 2.28-1 - Allow a container to umount a container_file_t filesystem diff --git a/sources b/sources index 5829058..f7a2a23 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-de38c07.tar.gz) = bada050900ceb4972ee75330a5ca6de49561c208f15b669261f8f028b0783bc1cf5cc64e9c6e6fa79c7988ccec001e8084b10e04683ccd3c414c4b0ad53c651b +SHA512 (container-selinux-0620186.tar.gz) = e28dfec9ae2444714314eb77fd74b5ddb41cb044b1806d8096a796f3a9b765d78cbf2d2b156ef7e16f87e7ee0fcbf511074042b6fe6cde09cc989c6b23ea1bea From db10f72ff2b541668f3f40e6271d2abfad865d12 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 10 Oct 2017 16:18:26 +0000 Subject: [PATCH 036/381] Add support for lxcd Add support for labeling of tmpfs storage created within a container. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 3661347..eedfcc2 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ /container-selinux-a9260d4.tar.gz /container-selinux-e37e93d.tar.gz /container-selinux-de38c07.tar.gz +/container-selinux-0620186.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 3a4c3df..1a9f183 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 de38c07f355f6d885192ed974236a735be9e455c +%global commit0 0620186b7396af617fa0f570e82e875e5b3ac8d7 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.28 +Version: 2.29 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,10 @@ fi %{_datadir}/selinux/* %changelog +* Tue Oct 10 2017 Dan Walsh - 2.29-1 +- Add support for lxcd +- Add support for labeling of tmpfs storage created within a container. + * Mon Oct 9 2017 Dan Walsh - 2.28-1 - Allow a container to umount a container_file_t filesystem diff --git a/sources b/sources index 5829058..f7a2a23 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-de38c07.tar.gz) = bada050900ceb4972ee75330a5ca6de49561c208f15b669261f8f028b0783bc1cf5cc64e9c6e6fa79c7988ccec001e8084b10e04683ccd3c414c4b0ad53c651b +SHA512 (container-selinux-0620186.tar.gz) = e28dfec9ae2444714314eb77fd74b5ddb41cb044b1806d8096a796f3a9b765d78cbf2d2b156ef7e16f87e7ee0fcbf511074042b6fe6cde09cc989c6b23ea1bea From 31963a3bb5adfba12cf0dbddfdd97a95b7badd92 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 26 Oct 2017 11:38:02 +0000 Subject: [PATCH 037/381] Allow the container runtime to dbus chat with dnsmasq add dontaudit rules for container trying to write to /proc --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index eedfcc2..dfbcd0a 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ /container-selinux-e37e93d.tar.gz /container-selinux-de38c07.tar.gz /container-selinux-0620186.tar.gz +/container-selinux-47e0448.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1a9f183..1990cdf 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 0620186b7396af617fa0f570e82e875e5b3ac8d7 +%global commit0 47e0448a47a97cddbb66fd35d8ae536f980307f1 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.29 +Version: 2.31 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,10 @@ fi %{_datadir}/selinux/* %changelog +* Thu Oct 26 2017 Dan Walsh - 2.31-1 +- Allow the container runtime to dbus chat with dnsmasq +- add dontaudit rules for container trying to write to /proc + * Tue Oct 10 2017 Dan Walsh - 2.29-1 - Add support for lxcd - Add support for labeling of tmpfs storage created within a container. diff --git a/sources b/sources index f7a2a23..18fd0d9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-0620186.tar.gz) = e28dfec9ae2444714314eb77fd74b5ddb41cb044b1806d8096a796f3a9b765d78cbf2d2b156ef7e16f87e7ee0fcbf511074042b6fe6cde09cc989c6b23ea1bea +SHA512 (container-selinux-47e0448.tar.gz) = 675b11109c33a2e7ecfbf67828f80c4f7a7245605024f76394d4b55351de2d8f3009058f7842d6f20eb9845b5a0d56cb395c48f9e5387935b8ad973e342397fe From 22a11a24ba523bcd7ca0a1749f3edba4365f1b9d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 26 Oct 2017 11:38:44 +0000 Subject: [PATCH 038/381] Allow the container runtime to dbus chat with dnsmasq add dontaudit rules for container trying to write to /proc --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index eedfcc2..dfbcd0a 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ /container-selinux-e37e93d.tar.gz /container-selinux-de38c07.tar.gz /container-selinux-0620186.tar.gz +/container-selinux-47e0448.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1a9f183..1990cdf 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 0620186b7396af617fa0f570e82e875e5b3ac8d7 +%global commit0 47e0448a47a97cddbb66fd35d8ae536f980307f1 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.29 +Version: 2.31 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,10 @@ fi %{_datadir}/selinux/* %changelog +* Thu Oct 26 2017 Dan Walsh - 2.31-1 +- Allow the container runtime to dbus chat with dnsmasq +- add dontaudit rules for container trying to write to /proc + * Tue Oct 10 2017 Dan Walsh - 2.29-1 - Add support for lxcd - Add support for labeling of tmpfs storage created within a container. diff --git a/sources b/sources index f7a2a23..18fd0d9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-0620186.tar.gz) = e28dfec9ae2444714314eb77fd74b5ddb41cb044b1806d8096a796f3a9b765d78cbf2d2b156ef7e16f87e7ee0fcbf511074042b6fe6cde09cc989c6b23ea1bea +SHA512 (container-selinux-47e0448.tar.gz) = 675b11109c33a2e7ecfbf67828f80c4f7a7245605024f76394d4b55351de2d8f3009058f7842d6f20eb9845b5a0d56cb395c48f9e5387935b8ad973e342397fe From be0a39a792e204d7f459520657b60b7b1b09bd21 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 8 Nov 2017 21:10:33 +0000 Subject: [PATCH 039/381] Make sure users creating content in /var/lib with right labels --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index dfbcd0a..a4d000c 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ /container-selinux-de38c07.tar.gz /container-selinux-0620186.tar.gz /container-selinux-47e0448.tar.gz +/container-selinux-b430a71.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1990cdf..026fb14 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 47e0448a47a97cddbb66fd35d8ae536f980307f1 +%global commit0 b430a71a44ce80364ff3ef95fa8134afb35d667e %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.31 +Version: 2.32 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed Nov 8 2017 Dan Walsh - 2.32-1 +- Make sure users creating content in /var/lib with right labels + * Thu Oct 26 2017 Dan Walsh - 2.31-1 - Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc diff --git a/sources b/sources index 18fd0d9..4e83c9e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-47e0448.tar.gz) = 675b11109c33a2e7ecfbf67828f80c4f7a7245605024f76394d4b55351de2d8f3009058f7842d6f20eb9845b5a0d56cb395c48f9e5387935b8ad973e342397fe +SHA512 (container-selinux-b430a71.tar.gz) = 7b89826e64c26bc57b86345dc482bca56d12ab730e9965b53802e97ed572b169aea3daf89d4f50b88ffa3878da157e6165dd2294d537e59fe97fafed9db141dc From c642d7e1534c1b7532ad239e066e7785ddc0edb6 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 8 Nov 2017 21:15:16 +0000 Subject: [PATCH 040/381] Make sure users creating content in /var/lib with right labels --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index dfbcd0a..a4d000c 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ /container-selinux-de38c07.tar.gz /container-selinux-0620186.tar.gz /container-selinux-47e0448.tar.gz +/container-selinux-b430a71.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1990cdf..026fb14 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 47e0448a47a97cddbb66fd35d8ae536f980307f1 +%global commit0 b430a71a44ce80364ff3ef95fa8134afb35d667e %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.31 +Version: 2.32 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed Nov 8 2017 Dan Walsh - 2.32-1 +- Make sure users creating content in /var/lib with right labels + * Thu Oct 26 2017 Dan Walsh - 2.31-1 - Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc diff --git a/sources b/sources index 18fd0d9..4e83c9e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-47e0448.tar.gz) = 675b11109c33a2e7ecfbf67828f80c4f7a7245605024f76394d4b55351de2d8f3009058f7842d6f20eb9845b5a0d56cb395c48f9e5387935b8ad973e342397fe +SHA512 (container-selinux-b430a71.tar.gz) = 7b89826e64c26bc57b86345dc482bca56d12ab730e9965b53802e97ed572b169aea3daf89d4f50b88ffa3878da157e6165dd2294d537e59fe97fafed9db141dc From cc32bab0b38e87895083fe9cb753dd5ef013e5c8 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 19 Nov 2017 11:41:27 +0000 Subject: [PATCH 041/381] Allow containers to read /etc/resolv.conf and /etc/hosts if volume mounted into container. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index a4d000c..8d57c63 100644 --- a/.gitignore +++ b/.gitignore @@ -24,3 +24,4 @@ /container-selinux-0620186.tar.gz /container-selinux-47e0448.tar.gz /container-selinux-b430a71.tar.gz +/container-selinux-0b666c4.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 026fb14..4ecf83a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 b430a71a44ce80364ff3ef95fa8134afb35d667e +%global commit0 0b666c4f1422d60dde6ffac69a919872385e289d %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.32 +Version: 2.33 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,10 @@ fi %{_datadir}/selinux/* %changelog +* Sun Nov 19 2017 Dan Walsh - 2.33-1 +- Allow containers to read /etc/resolv.conf and /etc/hosts if volume +- mounted into container. + * Wed Nov 8 2017 Dan Walsh - 2.32-1 - Make sure users creating content in /var/lib with right labels diff --git a/sources b/sources index 4e83c9e..d591a60 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-b430a71.tar.gz) = 7b89826e64c26bc57b86345dc482bca56d12ab730e9965b53802e97ed572b169aea3daf89d4f50b88ffa3878da157e6165dd2294d537e59fe97fafed9db141dc +SHA512 (container-selinux-0b666c4.tar.gz) = 46833377d09ecd57d743f2277b225b6b381c55ac0b6f2331bc455f9e51cdd55774703d854735d98f9f4db54e0db7e14e29e4fb0229afd554cbe9efbd026bf20d From 947138ab8121dbd2c7b87f94735c4493329275f5 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 19 Nov 2017 11:42:04 +0000 Subject: [PATCH 042/381] Allow containers to read /etc/resolv.conf and /etc/hosts if volume mounted into container. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index a4d000c..8d57c63 100644 --- a/.gitignore +++ b/.gitignore @@ -24,3 +24,4 @@ /container-selinux-0620186.tar.gz /container-selinux-47e0448.tar.gz /container-selinux-b430a71.tar.gz +/container-selinux-0b666c4.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 026fb14..4ecf83a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 b430a71a44ce80364ff3ef95fa8134afb35d667e +%global commit0 0b666c4f1422d60dde6ffac69a919872385e289d %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.32 +Version: 2.33 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,10 @@ fi %{_datadir}/selinux/* %changelog +* Sun Nov 19 2017 Dan Walsh - 2.33-1 +- Allow containers to read /etc/resolv.conf and /etc/hosts if volume +- mounted into container. + * Wed Nov 8 2017 Dan Walsh - 2.32-1 - Make sure users creating content in /var/lib with right labels diff --git a/sources b/sources index 4e83c9e..d591a60 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-b430a71.tar.gz) = 7b89826e64c26bc57b86345dc482bca56d12ab730e9965b53802e97ed572b169aea3daf89d4f50b88ffa3878da157e6165dd2294d537e59fe97fafed9db141dc +SHA512 (container-selinux-0b666c4.tar.gz) = 46833377d09ecd57d743f2277b225b6b381c55ac0b6f2331bc455f9e51cdd55774703d854735d98f9f4db54e0db7e14e29e4fb0229afd554cbe9efbd026bf20d From 4e9b7c333a31bfc8d9158206585424f9514a3e48 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 22 Nov 2017 15:35:20 +0000 Subject: [PATCH 043/381] Dontaudit container processes getattr on kernel file systems --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 8d57c63..30cc055 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ /container-selinux-47e0448.tar.gz /container-selinux-b430a71.tar.gz /container-selinux-0b666c4.tar.gz +/container-selinux-7fe0136.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 4ecf83a..930259e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 0b666c4f1422d60dde6ffac69a919872385e289d +%global commit0 7fe0136a943ef5428869ad930e5384b185ade39a %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.33 +Version: 2.34 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed Nov 22 2017 Dan Walsh - 2.34-1 +- Dontaudit container processes getattr on kernel file systems + * Sun Nov 19 2017 Dan Walsh - 2.33-1 - Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container. diff --git a/sources b/sources index d591a60..67ca532 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-0b666c4.tar.gz) = 46833377d09ecd57d743f2277b225b6b381c55ac0b6f2331bc455f9e51cdd55774703d854735d98f9f4db54e0db7e14e29e4fb0229afd554cbe9efbd026bf20d +SHA512 (container-selinux-7fe0136.tar.gz) = 93c80da31f8a6f4e333baed39d75f329467d3b4b9b499b486a2d635be62df072fedc28cd50c5cb005d4dbc2ae352d073b611b7d33b183c183f7ca551f307c39b From 426e651721fe83bca9399d4ade447c36ce95f39f Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 22 Nov 2017 15:35:58 +0000 Subject: [PATCH 044/381] Dontaudit container processes getattr on kernel file systems --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 8d57c63..30cc055 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ /container-selinux-47e0448.tar.gz /container-selinux-b430a71.tar.gz /container-selinux-0b666c4.tar.gz +/container-selinux-7fe0136.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 4ecf83a..930259e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 0b666c4f1422d60dde6ffac69a919872385e289d +%global commit0 7fe0136a943ef5428869ad930e5384b185ade39a %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.33 +Version: 2.34 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed Nov 22 2017 Dan Walsh - 2.34-1 +- Dontaudit container processes getattr on kernel file systems + * Sun Nov 19 2017 Dan Walsh - 2.33-1 - Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container. diff --git a/sources b/sources index d591a60..67ca532 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-0b666c4.tar.gz) = 46833377d09ecd57d743f2277b225b6b381c55ac0b6f2331bc455f9e51cdd55774703d854735d98f9f4db54e0db7e14e29e4fb0229afd554cbe9efbd026bf20d +SHA512 (container-selinux-7fe0136.tar.gz) = 93c80da31f8a6f4e333baed39d75f329467d3b4b9b499b486a2d635be62df072fedc28cd50c5cb005d4dbc2ae352d073b611b7d33b183c183f7ca551f307c39b From 8ed545a6c504849a92cbb5e59acb449842412070 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 27 Nov 2017 13:21:48 +0000 Subject: [PATCH 045/381] Allow container to map chr_files labeled container_file_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 30cc055..a62e07f 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ /container-selinux-b430a71.tar.gz /container-selinux-0b666c4.tar.gz /container-selinux-7fe0136.tar.gz +/container-selinux-dca3b87.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 930259e..ad1a2a4 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 7fe0136a943ef5428869ad930e5384b185ade39a +%global commit0 dca3b870c4ee54ffd5703f32cd3a13365053ae2f %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.34 +Version: 2.35 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Nov 27 2017 Dan Walsh - 2.35-1 +- Allow container to map chr_files labeled container_file_t + * Wed Nov 22 2017 Dan Walsh - 2.34-1 - Dontaudit container processes getattr on kernel file systems diff --git a/sources b/sources index 67ca532..8fdbf39 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-7fe0136.tar.gz) = 93c80da31f8a6f4e333baed39d75f329467d3b4b9b499b486a2d635be62df072fedc28cd50c5cb005d4dbc2ae352d073b611b7d33b183c183f7ca551f307c39b +SHA512 (container-selinux-dca3b87.tar.gz) = 8be0d2a16f834156591a4ce27daaf1ceda98ca769c8e6b3be20c9d591afc3349e153424fb503e496b404407f96fd422cb482adab54e920e1487c98dc4d1c4e0d From 31e82a57c94b0ba096673ab6f092d25ab1aa67d9 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 27 Nov 2017 13:22:45 +0000 Subject: [PATCH 046/381] Allow container to map chr_files labeled container_file_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 30cc055..a62e07f 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ /container-selinux-b430a71.tar.gz /container-selinux-0b666c4.tar.gz /container-selinux-7fe0136.tar.gz +/container-selinux-dca3b87.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 930259e..ad1a2a4 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 7fe0136a943ef5428869ad930e5384b185ade39a +%global commit0 dca3b870c4ee54ffd5703f32cd3a13365053ae2f %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.34 +Version: 2.35 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Nov 27 2017 Dan Walsh - 2.35-1 +- Allow container to map chr_files labeled container_file_t + * Wed Nov 22 2017 Dan Walsh - 2.34-1 - Dontaudit container processes getattr on kernel file systems diff --git a/sources b/sources index 67ca532..8fdbf39 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-7fe0136.tar.gz) = 93c80da31f8a6f4e333baed39d75f329467d3b4b9b499b486a2d635be62df072fedc28cd50c5cb005d4dbc2ae352d073b611b7d33b183c183f7ca551f307c39b +SHA512 (container-selinux-dca3b87.tar.gz) = 8be0d2a16f834156591a4ce27daaf1ceda98ca769c8e6b3be20c9d591afc3349e153424fb503e496b404407f96fd422cb482adab54e920e1487c98dc4d1c4e0d From 751a4e3feed5df2adf09b600e4e072a9df70ed37 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 27 Nov 2017 14:43:49 +0000 Subject: [PATCH 047/381] Allow container to map chr_files labeled container_file_t --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index a62e07f..bb11c38 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,4 @@ /container-selinux-0b666c4.tar.gz /container-selinux-7fe0136.tar.gz /container-selinux-dca3b87.tar.gz +/container-selinux-f9a30e8.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index ad1a2a4..bc16ae6 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 dca3b870c4ee54ffd5703f32cd3a13365053ae2f +%global commit0 f9a30e8011afcfd159aa383d746e2c99f67c9b3a %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 diff --git a/sources b/sources index 8fdbf39..203307c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-dca3b87.tar.gz) = 8be0d2a16f834156591a4ce27daaf1ceda98ca769c8e6b3be20c9d591afc3349e153424fb503e496b404407f96fd422cb482adab54e920e1487c98dc4d1c4e0d +SHA512 (container-selinux-f9a30e8.tar.gz) = 754a3851aa27dd977861cca8977354fc5899887c5c9e4e2b79c989ebb3c91c25d04e5c31ee6452732a1857ceed5fa7dce172b27c11691d52b552446928e36758 From fd0719481c56e0cbffe52eca387725e69426934e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 27 Nov 2017 14:44:12 +0000 Subject: [PATCH 048/381] Allow container to map chr_files labeled container_file_t --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index a62e07f..bb11c38 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,4 @@ /container-selinux-0b666c4.tar.gz /container-selinux-7fe0136.tar.gz /container-selinux-dca3b87.tar.gz +/container-selinux-f9a30e8.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index ad1a2a4..bc16ae6 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 dca3b870c4ee54ffd5703f32cd3a13365053ae2f +%global commit0 f9a30e8011afcfd159aa383d746e2c99f67c9b3a %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 diff --git a/sources b/sources index 8fdbf39..203307c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-dca3b87.tar.gz) = 8be0d2a16f834156591a4ce27daaf1ceda98ca769c8e6b3be20c9d591afc3349e153424fb503e496b404407f96fd422cb482adab54e920e1487c98dc4d1c4e0d +SHA512 (container-selinux-f9a30e8.tar.gz) = 754a3851aa27dd977861cca8977354fc5899887c5c9e4e2b79c989ebb3c91c25d04e5c31ee6452732a1857ceed5fa7dce172b27c11691d52b552446928e36758 From 7f79cfab648d42afe02e2f3bcfb6067892049216 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 27 Nov 2017 14:57:52 +0000 Subject: [PATCH 049/381] Allow containers to relabelto/from all file types to container_file_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index bb11c38..4c9bf29 100644 --- a/.gitignore +++ b/.gitignore @@ -28,3 +28,4 @@ /container-selinux-7fe0136.tar.gz /container-selinux-dca3b87.tar.gz /container-selinux-f9a30e8.tar.gz +/container-selinux-d985665.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index bc16ae6..da103c2 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 f9a30e8011afcfd159aa383d746e2c99f67c9b3a +%global commit0 d985665b8129d2f8553621539c5a3355e36887a5 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.35 +Version: 2.36 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Nov 27 2017 Dan Walsh - 2.36-1 +- Allow containers to relabelto/from all file types to container_file_t + * Mon Nov 27 2017 Dan Walsh - 2.35-1 - Allow container to map chr_files labeled container_file_t diff --git a/sources b/sources index 203307c..4444f6e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-f9a30e8.tar.gz) = 754a3851aa27dd977861cca8977354fc5899887c5c9e4e2b79c989ebb3c91c25d04e5c31ee6452732a1857ceed5fa7dce172b27c11691d52b552446928e36758 +SHA512 (container-selinux-d985665.tar.gz) = 173c7f733d6588ec85436b28b1acff734777d1b506c6ba2f20019dedcda39969d8f6c159daa8c0e37940ef5ae2af1ac47b241a9f60e086a559e1e98b8353d24b From 21cd0d4949adffbec1c4040655b03573732e1792 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 27 Nov 2017 14:58:16 +0000 Subject: [PATCH 050/381] Allow containers to relabelto/from all file types to container_file_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index bb11c38..4c9bf29 100644 --- a/.gitignore +++ b/.gitignore @@ -28,3 +28,4 @@ /container-selinux-7fe0136.tar.gz /container-selinux-dca3b87.tar.gz /container-selinux-f9a30e8.tar.gz +/container-selinux-d985665.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index bc16ae6..da103c2 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 f9a30e8011afcfd159aa383d746e2c99f67c9b3a +%global commit0 d985665b8129d2f8553621539c5a3355e36887a5 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.35 +Version: 2.36 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Nov 27 2017 Dan Walsh - 2.36-1 +- Allow containers to relabelto/from all file types to container_file_t + * Mon Nov 27 2017 Dan Walsh - 2.35-1 - Allow container to map chr_files labeled container_file_t diff --git a/sources b/sources index 203307c..4444f6e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-f9a30e8.tar.gz) = 754a3851aa27dd977861cca8977354fc5899887c5c9e4e2b79c989ebb3c91c25d04e5c31ee6452732a1857ceed5fa7dce172b27c11691d52b552446928e36758 +SHA512 (container-selinux-d985665.tar.gz) = 173c7f733d6588ec85436b28b1acff734777d1b506c6ba2f20019dedcda39969d8f6c159daa8c0e37940ef5ae2af1ac47b241a9f60e086a559e1e98b8353d24b From 0ce8700159d4554f65369560e06159566ed3a6e9 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Sun, 3 Dec 2017 21:38:21 -0500 Subject: [PATCH 051/381] remove git from builddep can't find git in the module ecosystem and git isn't critical for package build. Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index da103c2..dd44702 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -42,7 +42,6 @@ URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz BuildArch: noarch -BuildRequires: git BuildRequires: pkgconfig(systemd) BuildRequires: selinux-policy >= %{selinux_policyver} BuildRequires: selinux-policy-devel >= %{selinux_policyver} @@ -65,7 +64,7 @@ Provides: docker-selinux = %{epoch}:%{version}-%{release} SELinux policy modules for use with container runtimes. %prep -%autosetup -Sgit -n %{name}-%{commit0} +%setup -q -n %{name}-%{commit0} %build make From 06bc2d9bc10209894591e949fb03f9c31e96c755 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Sun, 3 Dec 2017 21:38:21 -0500 Subject: [PATCH 052/381] remove git from builddep can't find git in the module ecosystem and git isn't critical for package build. Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index da103c2..dd44702 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -42,7 +42,6 @@ URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz BuildArch: noarch -BuildRequires: git BuildRequires: pkgconfig(systemd) BuildRequires: selinux-policy >= %{selinux_policyver} BuildRequires: selinux-policy-devel >= %{selinux_policyver} @@ -65,7 +64,7 @@ Provides: docker-selinux = %{epoch}:%{version}-%{release} SELinux policy modules for use with container runtimes. %prep -%autosetup -Sgit -n %{name}-%{commit0} +%setup -q -n %{name}-%{commit0} %build make From e0502dafa3ffc08aacd0d44eccf3e27e416678c9 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 12 Dec 2017 13:11:14 +0000 Subject: [PATCH 053/381] Allow containers to use inherited ttys Allow ostree to handle labels under /var/lib/containers/ostree --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 4c9bf29..6fb3e4a 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,4 @@ /container-selinux-dca3b87.tar.gz /container-selinux-f9a30e8.tar.gz /container-selinux-d985665.tar.gz +/container-selinux-8ba32a4.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index da103c2..c7a1831 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 d985665b8129d2f8553621539c5a3355e36887a5 +%global commit0 8ba32a4fd3a235373e9871b90e60a61a1a382471 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.36 +Version: 2.37 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,10 @@ fi %{_datadir}/selinux/* %changelog +* Tue Dec 12 2017 Dan Walsh - 2.37-1 +- Allow containers to use inherited ttys +- Allow ostree to handle labels under /var/lib/containers/ostree + * Mon Nov 27 2017 Dan Walsh - 2.36-1 - Allow containers to relabelto/from all file types to container_file_t diff --git a/sources b/sources index 4444f6e..87e6ab9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-d985665.tar.gz) = 173c7f733d6588ec85436b28b1acff734777d1b506c6ba2f20019dedcda39969d8f6c159daa8c0e37940ef5ae2af1ac47b241a9f60e086a559e1e98b8353d24b +SHA512 (container-selinux-8ba32a4.tar.gz) = f23324003695989d93a4fd149fcd7fc739c84aadedb0ac5919e00cdcef06c0fb89967e191391d1650d79f972d88ce6d966566b2a8762b4961343c748de63be9e From 25cb53d06ed9a3be6b05797eba486d0a06a84f42 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 12 Dec 2017 13:12:53 +0000 Subject: [PATCH 054/381] Allow containers to use inherited ttys Allow ostree to handle labels under /var/lib/containers/ostree --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 4c9bf29..6fb3e4a 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,4 @@ /container-selinux-dca3b87.tar.gz /container-selinux-f9a30e8.tar.gz /container-selinux-d985665.tar.gz +/container-selinux-8ba32a4.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index dd44702..5c691c3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 d985665b8129d2f8553621539c5a3355e36887a5 +%global commit0 8ba32a4fd3a235373e9871b90e60a61a1a382471 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.36 +Version: 2.37 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,10 @@ fi %{_datadir}/selinux/* %changelog +* Tue Dec 12 2017 Dan Walsh - 2.37-1 +- Allow containers to use inherited ttys +- Allow ostree to handle labels under /var/lib/containers/ostree + * Mon Nov 27 2017 Dan Walsh - 2.36-1 - Allow containers to relabelto/from all file types to container_file_t diff --git a/sources b/sources index 4444f6e..87e6ab9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-d985665.tar.gz) = 173c7f733d6588ec85436b28b1acff734777d1b506c6ba2f20019dedcda39969d8f6c159daa8c0e37940ef5ae2af1ac47b241a9f60e086a559e1e98b8353d24b +SHA512 (container-selinux-8ba32a4.tar.gz) = f23324003695989d93a4fd149fcd7fc739c84aadedb0ac5919e00cdcef06c0fb89967e191391d1650d79f972d88ce6d966566b2a8762b4961343c748de63be9e From 98e715e396176ff7052fc6aeb99096eb77ec0acc Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 6 Jan 2018 07:34:20 -0500 Subject: [PATCH 055/381] Allow container runtimes to mmap container_file_t devices Add labeling for rhel push plugin --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 6fb3e4a..20ff007 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,4 @@ /container-selinux-f9a30e8.tar.gz /container-selinux-d985665.tar.gz /container-selinux-8ba32a4.tar.gz +/container-selinux-26c642a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 5c691c3..03bea77 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 8ba32a4fd3a235373e9871b90e60a61a1a382471 +%global commit0 26c642ae12820ff55697d6101f33d8b5b4274296 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.37 +Version: 2.38 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,10 @@ fi %{_datadir}/selinux/* %changelog +* Sat Jan 6 2018 Dan Walsh - 2.38-1 +- Allow container runtimes to mmap container_file_t devices +- Add labeling for rhel push plugin + * Tue Dec 12 2017 Dan Walsh - 2.37-1 - Allow containers to use inherited ttys - Allow ostree to handle labels under /var/lib/containers/ostree diff --git a/sources b/sources index 87e6ab9..9afc32c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-8ba32a4.tar.gz) = f23324003695989d93a4fd149fcd7fc739c84aadedb0ac5919e00cdcef06c0fb89967e191391d1650d79f972d88ce6d966566b2a8762b4961343c748de63be9e +SHA512 (container-selinux-26c642a.tar.gz) = ae172f6650b542a51963df4089687107363ec47727d8e5bacd8478df1aa2cb19c569801e7692b0e6a5b36d46efeffb0c3e3c9df76e678381265346ad79a0819e From 373b35483798c0b0d387a8a2eb307d4dd5015cd5 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 6 Jan 2018 07:35:29 -0500 Subject: [PATCH 056/381] Allow container runtimes to mmap container_file_t devices Add labeling for rhel push plugin --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 6fb3e4a..20ff007 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,4 @@ /container-selinux-f9a30e8.tar.gz /container-selinux-d985665.tar.gz /container-selinux-8ba32a4.tar.gz +/container-selinux-26c642a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 5c691c3..03bea77 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 8ba32a4fd3a235373e9871b90e60a61a1a382471 +%global commit0 26c642ae12820ff55697d6101f33d8b5b4274296 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.37 +Version: 2.38 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,10 @@ fi %{_datadir}/selinux/* %changelog +* Sat Jan 6 2018 Dan Walsh - 2.38-1 +- Allow container runtimes to mmap container_file_t devices +- Add labeling for rhel push plugin + * Tue Dec 12 2017 Dan Walsh - 2.37-1 - Allow containers to use inherited ttys - Allow ostree to handle labels under /var/lib/containers/ostree diff --git a/sources b/sources index 87e6ab9..9afc32c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-8ba32a4.tar.gz) = f23324003695989d93a4fd149fcd7fc739c84aadedb0ac5919e00cdcef06c0fb89967e191391d1650d79f972d88ce6d966566b2a8762b4961343c748de63be9e +SHA512 (container-selinux-26c642a.tar.gz) = ae172f6650b542a51963df4089687107363ec47727d8e5bacd8478df1aa2cb19c569801e7692b0e6a5b36d46efeffb0c3e3c9df76e678381265346ad79a0819e From 64fe9d8cb173f9925582817870670cc8890b34d9 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 8 Jan 2018 08:41:05 -0500 Subject: [PATCH 057/381] Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 20ff007..cc777fe 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,4 @@ /container-selinux-d985665.tar.gz /container-selinux-8ba32a4.tar.gz /container-selinux-26c642a.tar.gz +/container-selinux-96e58bf.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 03bea77..bf0ac61 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 26c642ae12820ff55697d6101f33d8b5b4274296 +%global commit0 96e58bf7fd152f24f6b95efc156d8cbb4446c354 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.38 +Version: 2.39 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,10 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jan 8 2018 Dan Walsh - 2.39-1 +- Allow container runtimes to use interited terminals. This helps +satisfy the bounds check of container_t versus container_runtime_t. + * Sat Jan 6 2018 Dan Walsh - 2.38-1 - Allow container runtimes to mmap container_file_t devices - Add labeling for rhel push plugin diff --git a/sources b/sources index 9afc32c..c291f4b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-26c642a.tar.gz) = ae172f6650b542a51963df4089687107363ec47727d8e5bacd8478df1aa2cb19c569801e7692b0e6a5b36d46efeffb0c3e3c9df76e678381265346ad79a0819e +SHA512 (container-selinux-96e58bf.tar.gz) = d496b4ba8aa1c47b47dbed644b9d8a9e97e154814b878280929108609820aa30b00aa6dba37edc83568fcd8c82343b82fae642db6c18e2deddfaf499cc8276c5 From 0da116e4a745e15bf4b5c43f0651a28f05c7dc39 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 8 Jan 2018 08:41:55 -0500 Subject: [PATCH 058/381] Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 20ff007..cc777fe 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,4 @@ /container-selinux-d985665.tar.gz /container-selinux-8ba32a4.tar.gz /container-selinux-26c642a.tar.gz +/container-selinux-96e58bf.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 03bea77..bf0ac61 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 26c642ae12820ff55697d6101f33d8b5b4274296 +%global commit0 96e58bf7fd152f24f6b95efc156d8cbb4446c354 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.38 +Version: 2.39 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,10 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jan 8 2018 Dan Walsh - 2.39-1 +- Allow container runtimes to use interited terminals. This helps +satisfy the bounds check of container_t versus container_runtime_t. + * Sat Jan 6 2018 Dan Walsh - 2.38-1 - Allow container runtimes to mmap container_file_t devices - Add labeling for rhel push plugin diff --git a/sources b/sources index 9afc32c..c291f4b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-26c642a.tar.gz) = ae172f6650b542a51963df4089687107363ec47727d8e5bacd8478df1aa2cb19c569801e7692b0e6a5b36d46efeffb0c3e3c9df76e678381265346ad79a0819e +SHA512 (container-selinux-96e58bf.tar.gz) = d496b4ba8aa1c47b47dbed644b9d8a9e97e154814b878280929108609820aa30b00aa6dba37edc83568fcd8c82343b82fae642db6c18e2deddfaf499cc8276c5 From a8518096d50abc7a2dc108e050d9b10d7e42efb5 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 9 Jan 2018 09:30:05 -0500 Subject: [PATCH 059/381] Allow container_runtime_t to use user ttys Fixes bounds check for container_t --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index cc777fe..9489df1 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,4 @@ /container-selinux-8ba32a4.tar.gz /container-selinux-26c642a.tar.gz /container-selinux-96e58bf.tar.gz +/container-selinux-599072a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index bf0ac61..a0a357a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 96e58bf7fd152f24f6b95efc156d8cbb4446c354 +%global commit0 599072a930b995ba13ca7a4a6add7e808aa9b01f %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.39 +Version: 2.40 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,10 @@ fi %{_datadir}/selinux/* %changelog +* Tue Jan 9 2018 Dan Walsh - 2.40-1 +- Allow container_runtime_t to use user ttys +- Fixes bounds check for container_t + * Mon Jan 8 2018 Dan Walsh - 2.39-1 - Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t. diff --git a/sources b/sources index c291f4b..4135ee4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-96e58bf.tar.gz) = d496b4ba8aa1c47b47dbed644b9d8a9e97e154814b878280929108609820aa30b00aa6dba37edc83568fcd8c82343b82fae642db6c18e2deddfaf499cc8276c5 +SHA512 (container-selinux-599072a.tar.gz) = d3b21648444c83623b952ce08e4317f1400c6e2ed54923512e6e8fafdf2abd539d85d4e1e5c9f19144666bb2792ca991a3f77f6f7e9b927a5869c4be16324684 From cb65ff1f2bbb639f235e43cb888f0eb38f1fb1df Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 9 Jan 2018 09:30:45 -0500 Subject: [PATCH 060/381] Allow container_runtime_t to use user ttys Fixes bounds check for container_t --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index cc777fe..9489df1 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,4 @@ /container-selinux-8ba32a4.tar.gz /container-selinux-26c642a.tar.gz /container-selinux-96e58bf.tar.gz +/container-selinux-599072a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index bf0ac61..a0a357a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 96e58bf7fd152f24f6b95efc156d8cbb4446c354 +%global commit0 599072a930b995ba13ca7a4a6add7e808aa9b01f %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.39 +Version: 2.40 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,10 @@ fi %{_datadir}/selinux/* %changelog +* Tue Jan 9 2018 Dan Walsh - 2.40-1 +- Allow container_runtime_t to use user ttys +- Fixes bounds check for container_t + * Mon Jan 8 2018 Dan Walsh - 2.39-1 - Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t. diff --git a/sources b/sources index c291f4b..4135ee4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-96e58bf.tar.gz) = d496b4ba8aa1c47b47dbed644b9d8a9e97e154814b878280929108609820aa30b00aa6dba37edc83568fcd8c82343b82fae642db6c18e2deddfaf499cc8276c5 +SHA512 (container-selinux-599072a.tar.gz) = d3b21648444c83623b952ce08e4317f1400c6e2ed54923512e6e8fafdf2abd539d85d4e1e5c9f19144666bb2792ca991a3f77f6f7e9b927a5869c4be16324684 From 15578313e450e17bce89a9603e1fc6e9a53b4c99 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 9 Jan 2018 11:47:20 -0500 Subject: [PATCH 061/381] Add support to nnp_transition for container domains Eliminates need for typebounds. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 9489df1..2339939 100644 --- a/.gitignore +++ b/.gitignore @@ -33,3 +33,4 @@ /container-selinux-26c642a.tar.gz /container-selinux-96e58bf.tar.gz /container-selinux-599072a.tar.gz +/container-selinux-231b213.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index a0a357a..f4b7e87 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 599072a930b995ba13ca7a4a6add7e808aa9b01f +%global commit0 231b213555c3a3d38dcfa69c854ab95d1c8bf6eb %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.40 +Version: 2.41 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,10 @@ fi %{_datadir}/selinux/* %changelog +* Tue Jan 9 2018 Dan Walsh - 2.41-1 +- Add support to nnp_transition for container domains +- Eliminates need for typebounds. + * Tue Jan 9 2018 Dan Walsh - 2.40-1 - Allow container_runtime_t to use user ttys - Fixes bounds check for container_t diff --git a/sources b/sources index 4135ee4..64b389b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-599072a.tar.gz) = d3b21648444c83623b952ce08e4317f1400c6e2ed54923512e6e8fafdf2abd539d85d4e1e5c9f19144666bb2792ca991a3f77f6f7e9b927a5869c4be16324684 +SHA512 (container-selinux-231b213.tar.gz) = be907960062135a71d82921b51b53e9fdbdd7db85200e511487469215cec014aa253b49525098282d817808d4862b2de46f0df0314811de70b6bb82a711cc9eb From 4aa4cce607d7afbe51e4a498b21312b40c4835d9 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 9 Jan 2018 11:48:13 -0500 Subject: [PATCH 062/381] Add support to nnp_transition for container domains Eliminates need for typebounds. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 9489df1..2339939 100644 --- a/.gitignore +++ b/.gitignore @@ -33,3 +33,4 @@ /container-selinux-26c642a.tar.gz /container-selinux-96e58bf.tar.gz /container-selinux-599072a.tar.gz +/container-selinux-231b213.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index a0a357a..f4b7e87 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 599072a930b995ba13ca7a4a6add7e808aa9b01f +%global commit0 231b213555c3a3d38dcfa69c854ab95d1c8bf6eb %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.40 +Version: 2.41 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,10 @@ fi %{_datadir}/selinux/* %changelog +* Tue Jan 9 2018 Dan Walsh - 2.41-1 +- Add support to nnp_transition for container domains +- Eliminates need for typebounds. + * Tue Jan 9 2018 Dan Walsh - 2.40-1 - Allow container_runtime_t to use user ttys - Fixes bounds check for container_t diff --git a/sources b/sources index 4135ee4..64b389b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-599072a.tar.gz) = d3b21648444c83623b952ce08e4317f1400c6e2ed54923512e6e8fafdf2abd539d85d4e1e5c9f19144666bb2792ca991a3f77f6f7e9b927a5869c4be16324684 +SHA512 (container-selinux-231b213.tar.gz) = be907960062135a71d82921b51b53e9fdbdd7db85200e511487469215cec014aa253b49525098282d817808d4862b2de46f0df0314811de70b6bb82a711cc9eb From a4c374a14d16d7cdbbd138e9f13659f4e4c203d7 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 16 Jan 2018 13:56:33 -0500 Subject: [PATCH 063/381] Allow unconfined domains to transition to container types, when no-new-privs is set. --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 2339939..9361781 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ /container-selinux-96e58bf.tar.gz /container-selinux-599072a.tar.gz /container-selinux-231b213.tar.gz +/container-selinux-d148550.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index f4b7e87..91ac826 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 231b213555c3a3d38dcfa69c854ab95d1c8bf6eb +%global commit0 d148550d8c829bd2ee557fe503d2b8f9df53db8f %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.41 +Version: 2.42 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Jan 16 2018 Dan Walsh - 2.42-1 +- Allow unconfined domains to transition to container types, when no-new-privs is set. + * Tue Jan 9 2018 Dan Walsh - 2.41-1 - Add support to nnp_transition for container domains - Eliminates need for typebounds. diff --git a/sources b/sources index 64b389b..3e23a9d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-231b213.tar.gz) = be907960062135a71d82921b51b53e9fdbdd7db85200e511487469215cec014aa253b49525098282d817808d4862b2de46f0df0314811de70b6bb82a711cc9eb +SHA512 (container-selinux-d148550.tar.gz) = 43b8f93c552a0879aa8743703dd0ccc75e7b207c6a4c4c14ec9b85f125307c8aab8914d48be983fc94b9ca1413c112a340ddf9bf0da0751986701c809ece5e27 From f846c338af6211138fa47db472108bb79d940d7a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 16 Jan 2018 13:57:08 -0500 Subject: [PATCH 064/381] Allow unconfined domains to transition to container types, when no-new-privs is set. --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 2339939..9361781 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ /container-selinux-96e58bf.tar.gz /container-selinux-599072a.tar.gz /container-selinux-231b213.tar.gz +/container-selinux-d148550.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index f4b7e87..91ac826 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 231b213555c3a3d38dcfa69c854ab95d1c8bf6eb +%global commit0 d148550d8c829bd2ee557fe503d2b8f9df53db8f %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.41 +Version: 2.42 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Jan 16 2018 Dan Walsh - 2.42-1 +- Allow unconfined domains to transition to container types, when no-new-privs is set. + * Tue Jan 9 2018 Dan Walsh - 2.41-1 - Add support to nnp_transition for container domains - Eliminates need for typebounds. diff --git a/sources b/sources index 64b389b..3e23a9d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-231b213.tar.gz) = be907960062135a71d82921b51b53e9fdbdd7db85200e511487469215cec014aa253b49525098282d817808d4862b2de46f0df0314811de70b6bb82a711cc9eb +SHA512 (container-selinux-d148550.tar.gz) = 43b8f93c552a0879aa8743703dd0ccc75e7b207c6a4c4c14ec9b85f125307c8aab8914d48be983fc94b9ca1413c112a340ddf9bf0da0751986701c809ece5e27 From a7ce3135c290bf396acb784f29dd7b0f7ef44abe Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 22 Jan 2018 09:40:35 -0500 Subject: [PATCH 065/381] Allow containers to memory map the fifo_files leaked into container from container runtimes. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 9361781..7bf8bd6 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,4 @@ /container-selinux-599072a.tar.gz /container-selinux-231b213.tar.gz /container-selinux-d148550.tar.gz +/container-selinux-dfcc97d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 91ac826..a10c6c7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 d148550d8c829bd2ee557fe503d2b8f9df53db8f +%global commit0 dfcc97d9c6a5b22d41c2b9d5693d86a65bd9db04 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.42 +Version: 2.43 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,10 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jan 22 2018 Dan Walsh - 2.43-1 +- Allow containers to memory map the fifo_files leaked into container from +container runtimes. + * Tue Jan 16 2018 Dan Walsh - 2.42-1 - Allow unconfined domains to transition to container types, when no-new-privs is set. diff --git a/sources b/sources index 3e23a9d..6a16252 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-d148550.tar.gz) = 43b8f93c552a0879aa8743703dd0ccc75e7b207c6a4c4c14ec9b85f125307c8aab8914d48be983fc94b9ca1413c112a340ddf9bf0da0751986701c809ece5e27 +SHA512 (container-selinux-dfcc97d.tar.gz) = ed9cad7e2cd1de72bb1f505ee45789ede27ad4e8fc064c45b2435cb2b772b1c1aaff462907b77cd301d986fcd45e06aba9e191099fc7b573894a3f8b21306858 From 5b2867045c51220dbd4667d37fde83ce33c2a3c6 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 29 Jan 2018 06:58:52 +0100 Subject: [PATCH 066/381] Allow container domains to read kernel ipc info --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 7bf8bd6..2ccd52a 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,4 @@ /container-selinux-231b213.tar.gz /container-selinux-d148550.tar.gz /container-selinux-dfcc97d.tar.gz +/container-selinux-38a982b.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index a10c6c7..d40abc1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 dfcc97d9c6a5b22d41c2b9d5693d86a65bd9db04 +%global commit0 38a982b915dcd9f4a0a49217066fcc93c8ff4184 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.43 +Version: 2.44 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jan 29 2018 Dan Walsh - 2.44-1 +- Allow container domains to read kernel ipc info + * Mon Jan 22 2018 Dan Walsh - 2.43-1 - Allow containers to memory map the fifo_files leaked into container from container runtimes. diff --git a/sources b/sources index 6a16252..7f46c5c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-dfcc97d.tar.gz) = ed9cad7e2cd1de72bb1f505ee45789ede27ad4e8fc064c45b2435cb2b772b1c1aaff462907b77cd301d986fcd45e06aba9e191099fc7b573894a3f8b21306858 +SHA512 (container-selinux-38a982b.tar.gz) = 6b32edc3843d7dbe4329779181c7caf1a96d66faada19becfb7fe5d297a0757bcafcc944fa862114b6d0fafe68e145ce214523a3a68b28627b76fa51546e10a7 From de8c560d08840ccc7de43082ef1604bf724b4d58 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 29 Jan 2018 07:11:48 +0100 Subject: [PATCH 067/381] Allow container domains to read kernel ipc info --- .gitignore | 2 ++ container-selinux.spec | 11 +++++++++-- sources | 2 +- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 9361781..2ccd52a 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,5 @@ /container-selinux-599072a.tar.gz /container-selinux-231b213.tar.gz /container-selinux-d148550.tar.gz +/container-selinux-dfcc97d.tar.gz +/container-selinux-38a982b.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 91ac826..d40abc1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 d148550d8c829bd2ee557fe503d2b8f9df53db8f +%global commit0 38a982b915dcd9f4a0a49217066fcc93c8ff4184 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.42 +Version: 2.44 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,13 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jan 29 2018 Dan Walsh - 2.44-1 +- Allow container domains to read kernel ipc info + +* Mon Jan 22 2018 Dan Walsh - 2.43-1 +- Allow containers to memory map the fifo_files leaked into container from +container runtimes. + * Tue Jan 16 2018 Dan Walsh - 2.42-1 - Allow unconfined domains to transition to container types, when no-new-privs is set. diff --git a/sources b/sources index 3e23a9d..7f46c5c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-d148550.tar.gz) = 43b8f93c552a0879aa8743703dd0ccc75e7b207c6a4c4c14ec9b85f125307c8aab8914d48be983fc94b9ca1413c112a340ddf9bf0da0751986701c809ece5e27 +SHA512 (container-selinux-38a982b.tar.gz) = 6b32edc3843d7dbe4329779181c7caf1a96d66faada19becfb7fe5d297a0757bcafcc944fa862114b6d0fafe68e145ce214523a3a68b28627b76fa51546e10a7 From 1b206540108e1ab8098e4b55baf08c914bb56dd1 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 2 Feb 2018 13:40:54 -0500 Subject: [PATCH 068/381] Allow containers to sendto their own stream sockets --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index d40abc1..5ec50b0 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 38a982b915dcd9f4a0a49217066fcc93c8ff4184 +%global commit0 95b7c01e1c986e6069a2736dec393c657c11fe6e %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.44 +Version: 2.45 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Feb 02 2018 Dan Walsh - 2.45-1 +- Allow containers to sendto their own stream sockets + * Mon Jan 29 2018 Dan Walsh - 2.44-1 - Allow container domains to read kernel ipc info From f4c446bc2c20d805a6cc0e2be3c93835e76146b5 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 2 Feb 2018 13:41:12 -0500 Subject: [PATCH 069/381] Allow containers to sendto their own stream sockets --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index d40abc1..5ec50b0 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 38a982b915dcd9f4a0a49217066fcc93c8ff4184 +%global commit0 95b7c01e1c986e6069a2736dec393c657c11fe6e %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.44 +Version: 2.45 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Feb 02 2018 Dan Walsh - 2.45-1 +- Allow containers to sendto their own stream sockets + * Mon Jan 29 2018 Dan Walsh - 2.44-1 - Allow container domains to read kernel ipc info From 3b45b2783adb7d1952a27aef07da7ad573c1c67f Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 3 Feb 2018 06:17:13 -0500 Subject: [PATCH 070/381] Add support for nosuid_transition flags for container_runtime and unconfined domains --- .gitignore | 1 + container-selinux.spec | 6 ++++-- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 2ccd52a..0d74309 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,4 @@ /container-selinux-d148550.tar.gz /container-selinux-dfcc97d.tar.gz /container-selinux-38a982b.tar.gz +/container-selinux-2377c73.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 5ec50b0..c23ed40 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 95b7c01e1c986e6069a2736dec393c657c11fe6e +%global commit0 2377c73a19fa960792b4392ddf7d0c7a85585d9a %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.45 +Version: 2.46 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,8 @@ fi %{_datadir}/selinux/* %changelog +* Sat Feb 03 2018 Dan Walsh - 2.46-1 +- Add support for nosuid_transition flags for container_runtime and unconfined domains * Fri Feb 02 2018 Dan Walsh - 2.45-1 - Allow containers to sendto their own stream sockets diff --git a/sources b/sources index 7f46c5c..4621a7d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-38a982b.tar.gz) = 6b32edc3843d7dbe4329779181c7caf1a96d66faada19becfb7fe5d297a0757bcafcc944fa862114b6d0fafe68e145ce214523a3a68b28627b76fa51546e10a7 +SHA512 (container-selinux-2377c73.tar.gz) = 705aae6cdc578a5dec3632d848db931217243dbd6b1dd87a63dc0f07cba16e0ead8f4ebebbe979453d5161c9ff7fe1dcc7c62766a38b0a2f84966ea9e669c020 From 07b6801cafaa4b248cc65cb5871a5de2079f662c Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 7 Feb 2018 05:40:38 +0000 Subject: [PATCH 071/381] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index c23ed40..4cfea3d 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -36,7 +36,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.46 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -117,6 +117,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed Feb 07 2018 Fedora Release Engineering - 2:2.46-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + * Sat Feb 03 2018 Dan Walsh - 2.46-1 - Add support for nosuid_transition flags for container_runtime and unconfined domains * Fri Feb 02 2018 Dan Walsh - 2.45-1 From a7071bc06f7babd7c94abeda7615000a1f634037 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Fri, 9 Feb 2018 09:04:17 +0100 Subject: [PATCH 072/381] Escape macros in %changelog Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/ Signed-off-by: Igor Gnatenko --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 4cfea3d..1692f0d 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -36,7 +36,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.46 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -117,6 +117,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Feb 09 2018 Igor Gnatenko - 2:2.46-3 +- Escape macros in %%changelog + * Wed Feb 07 2018 Fedora Release Engineering - 2:2.46-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild @@ -278,7 +281,7 @@ satisfy the bounds check of container_t versus container_runtime_t. - use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7 * Tue Jan 10 2017 Jonathan Lebon - 2:2.2-3 -- properly disable docker module in %post +- properly disable docker module in %%post * Sat Jan 07 2017 Lokesh Mandvekar - 2:2.2-2 - depend on selinux-policy-targeted From f8193b5e323ea53f5eea27c34cadb6bf93f85794 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 10 Feb 2018 07:18:48 -0500 Subject: [PATCH 073/381] Change default label of /exports to container_var_lib_t --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 0d74309..a1882f4 100644 --- a/.gitignore +++ b/.gitignore @@ -38,3 +38,4 @@ /container-selinux-dfcc97d.tar.gz /container-selinux-38a982b.tar.gz /container-selinux-2377c73.tar.gz +/container-selinux-aece4ff.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1692f0d..12de1ea 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 2377c73a19fa960792b4392ddf7d0c7a85585d9a +%global commit0 aece4ff33825561eb153f6e697afbde309c46efb %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,8 +35,8 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.46 -Release: 3%{?dist} +Version: 2.47 +Release: 1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -117,6 +117,9 @@ fi %{_datadir}/selinux/* %changelog +* Sat Feb 10 2018 Dan Walsh - 2.47-1 +- Change default label of /exports to container_var_lib_t + * Fri Feb 09 2018 Igor Gnatenko - 2:2.46-3 - Escape macros in %%changelog diff --git a/sources b/sources index 4621a7d..81ef3da 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-2377c73.tar.gz) = 705aae6cdc578a5dec3632d848db931217243dbd6b1dd87a63dc0f07cba16e0ead8f4ebebbe979453d5161c9ff7fe1dcc7c62766a38b0a2f84966ea9e669c020 +SHA512 (container-selinux-aece4ff.tar.gz) = 23d14ce8b1e4176fb52591edf61ce3efb21a461ddb6df75ca2b50ea2f8746a0f74e3319163b56f936d0dda8736f1d38d2900d1f486743aa8b62a022dfadb7c7d From e2a7448aaee32265ba23b6526e995e0592195832 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 10 Feb 2018 07:20:10 -0500 Subject: [PATCH 074/381] Change default label of /exports to container_var_lib_t --- .gitignore | 2 ++ container-selinux.spec | 17 ++++++++++++++--- sources | 2 +- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 2ccd52a..a1882f4 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,5 @@ /container-selinux-d148550.tar.gz /container-selinux-dfcc97d.tar.gz /container-selinux-38a982b.tar.gz +/container-selinux-2377c73.tar.gz +/container-selinux-aece4ff.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 5ec50b0..12de1ea 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 95b7c01e1c986e6069a2736dec393c657c11fe6e +%global commit0 aece4ff33825561eb153f6e697afbde309c46efb %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.45 +Version: 2.47 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,17 @@ fi %{_datadir}/selinux/* %changelog +* Sat Feb 10 2018 Dan Walsh - 2.47-1 +- Change default label of /exports to container_var_lib_t + +* Fri Feb 09 2018 Igor Gnatenko - 2:2.46-3 +- Escape macros in %%changelog + +* Wed Feb 07 2018 Fedora Release Engineering - 2:2.46-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Feb 03 2018 Dan Walsh - 2.46-1 +- Add support for nosuid_transition flags for container_runtime and unconfined domains * Fri Feb 02 2018 Dan Walsh - 2.45-1 - Allow containers to sendto their own stream sockets @@ -273,7 +284,7 @@ satisfy the bounds check of container_t versus container_runtime_t. - use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7 * Tue Jan 10 2017 Jonathan Lebon - 2:2.2-3 -- properly disable docker module in %post +- properly disable docker module in %%post * Sat Jan 07 2017 Lokesh Mandvekar - 2:2.2-2 - depend on selinux-policy-targeted diff --git a/sources b/sources index 7f46c5c..81ef3da 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-38a982b.tar.gz) = 6b32edc3843d7dbe4329779181c7caf1a96d66faada19becfb7fe5d297a0757bcafcc944fa862114b6d0fafe68e145ce214523a3a68b28627b76fa51546e10a7 +SHA512 (container-selinux-aece4ff.tar.gz) = 23d14ce8b1e4176fb52591edf61ce3efb21a461ddb6df75ca2b50ea2f8746a0f74e3319163b56f936d0dda8736f1d38d2900d1f486743aa8b62a022dfadb7c7d From 9a7a65d0b56853e511e2c01c87dcb2d4bc971be3 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 15 Feb 2018 12:55:50 -0500 Subject: [PATCH 075/381] Allow container domains to map container_file_t directories --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index a1882f4..51e935c 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,4 @@ /container-selinux-38a982b.tar.gz /container-selinux-2377c73.tar.gz /container-selinux-aece4ff.tar.gz +/container-selinux-663e003.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 12de1ea..8de89a0 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 aece4ff33825561eb153f6e697afbde309c46efb +%global commit0 663e003b8797564398648b20ad41cf094f87a86e %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.47 +Version: 2.48 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Feb 15 2018 Dan Walsh - 2.48-1 +- Allow container domains to map container_file_t directories + * Sat Feb 10 2018 Dan Walsh - 2.47-1 - Change default label of /exports to container_var_lib_t diff --git a/sources b/sources index 81ef3da..7d4636f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-aece4ff.tar.gz) = 23d14ce8b1e4176fb52591edf61ce3efb21a461ddb6df75ca2b50ea2f8746a0f74e3319163b56f936d0dda8736f1d38d2900d1f486743aa8b62a022dfadb7c7d +SHA512 (container-selinux-663e003.tar.gz) = e81b7b8e61e09ddb0ffdfe95b7135b3cf9d10719e325b9349364aad7c805e0944ee5baddb8763bf19202537ed8439c255259ec87cc32457da867a10d97cd8d4a From 5a5bf66b861ccef89b17a021bd56d41147ca7b31 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 7 Mar 2018 05:59:10 +0000 Subject: [PATCH 076/381] Allow bin_t as a container_runtime_t entrypoint Add rules for running container runtimes on mls --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 51e935c..f40f3c1 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,4 @@ /container-selinux-2377c73.tar.gz /container-selinux-aece4ff.tar.gz /container-selinux-663e003.tar.gz +/container-selinux-fd7d508.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 8de89a0..0879ce3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 663e003b8797564398648b20ad41cf094f87a86e +%global commit0 fd7d5085365c3a04e601debbdb0c7f1ceb32afb7 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.48 +Version: 2.50 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,10 @@ fi %{_datadir}/selinux/* %changelog +* Wed Mar 7 2018 Dan Walsh - 2.50-1 +- Allow bin_t as a container_runtime_t entrypoint +- Add rules for running container runtimes on mls + * Thu Feb 15 2018 Dan Walsh - 2.48-1 - Allow container domains to map container_file_t directories diff --git a/sources b/sources index 7d4636f..2439e3e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-663e003.tar.gz) = e81b7b8e61e09ddb0ffdfe95b7135b3cf9d10719e325b9349364aad7c805e0944ee5baddb8763bf19202537ed8439c255259ec87cc32457da867a10d97cd8d4a +SHA512 (container-selinux-fd7d508.tar.gz) = 3c627b973db2e86bdd389463fc5f2298740472117e02b76c18a35ec266b273b5e2d2b35212f3d307d80f586f24f767a78850772250d5b773969ef48568043343 From b658aee2f14f423caa3dd9748b774c7cf0edca4c Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 8 Mar 2018 07:54:07 +0000 Subject: [PATCH 077/381] Allow shell_exec_t as a container_runtime_t entrypoint --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index f40f3c1..790d38d 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,4 @@ /container-selinux-aece4ff.tar.gz /container-selinux-663e003.tar.gz /container-selinux-fd7d508.tar.gz +/container-selinux-fd50128.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 0879ce3..031ee58 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 fd7d5085365c3a04e601debbdb0c7f1ceb32afb7 +%global commit0 fd5012800ea530d629af7e0290066002e17ac054 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.50 +Version: 2.51 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Mar 8 2018 Dan Walsh - 2.51-1 +- Allow shell_exec_t as a container_runtime_t entrypoint + * Wed Mar 7 2018 Dan Walsh - 2.50-1 - Allow bin_t as a container_runtime_t entrypoint - Add rules for running container runtimes on mls diff --git a/sources b/sources index 2439e3e..5557ec4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-fd7d508.tar.gz) = 3c627b973db2e86bdd389463fc5f2298740472117e02b76c18a35ec266b273b5e2d2b35212f3d307d80f586f24f767a78850772250d5b773969ef48568043343 +SHA512 (container-selinux-fd50128.tar.gz) = 9f2b4a3e16bf31931488813ffb7167621836ab555657a21f29af07f9ebefa04e0cc50eaa2a25a3fd817799656023bdcf3b137f81aff98b2a1c0ba1e887529766 From 69afd19c0ab845102ffbb30fa0993f6a8395775f Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 8 Mar 2018 14:33:17 +0000 Subject: [PATCH 078/381] Add rules for container domains to make writing custom policy easier --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 790d38d..78abd50 100644 --- a/.gitignore +++ b/.gitignore @@ -42,3 +42,4 @@ /container-selinux-663e003.tar.gz /container-selinux-fd7d508.tar.gz /container-selinux-fd50128.tar.gz +/container-selinux-bdc0137.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 031ee58..e6a21af 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 fd5012800ea530d629af7e0290066002e17ac054 +%global commit0 bdc0137288e5fe3616c32cd0a02de9aee1503897 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.51 +Version: 2.52 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Mar 8 2018 Dan Walsh - 2.52-1 +- Add rules for container domains to make writing custom policy easier + * Thu Mar 8 2018 Dan Walsh - 2.51-1 - Allow shell_exec_t as a container_runtime_t entrypoint diff --git a/sources b/sources index 5557ec4..49bd965 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-fd50128.tar.gz) = 9f2b4a3e16bf31931488813ffb7167621836ab555657a21f29af07f9ebefa04e0cc50eaa2a25a3fd817799656023bdcf3b137f81aff98b2a1c0ba1e887529766 +SHA512 (container-selinux-bdc0137.tar.gz) = 011891936937ad62122f4026e4247d8dbb3ae7c9317d37e419438924e8c4f37d9092f5f3739cd9ca9de526445c4a7a147a956646c852ef1abd9e4f456e77594b From 37b78d28cef0402cc0a89fcb423030f2ae2873d0 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 14 Mar 2018 09:39:06 -0400 Subject: [PATCH 079/381] Add rules for container domains to make writing custom policy easier Allow shell_exec_t as a container_runtime_t entrypoint --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 78abd50..51e8133 100644 --- a/.gitignore +++ b/.gitignore @@ -43,3 +43,4 @@ /container-selinux-fd7d508.tar.gz /container-selinux-fd50128.tar.gz /container-selinux-bdc0137.tar.gz +/container-selinux-55c7d4d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e6a21af..53ae942 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 bdc0137288e5fe3616c32cd0a02de9aee1503897 +%global commit0 55c7d4dfeb063bd6177ebe2e4c5b8c466facdb16 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.52 +Version: 2.54 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,10 @@ fi %{_datadir}/selinux/* %changelog +* Wed Mar 14 2018 Dan Walsh - 2.54-1 +- Add rules for container domains to make writing custom policy easier +- Allow shell_exec_t as a container_runtime_t entrypoint + * Thu Mar 8 2018 Dan Walsh - 2.52-1 - Add rules for container domains to make writing custom policy easier diff --git a/sources b/sources index 49bd965..134881e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-bdc0137.tar.gz) = 011891936937ad62122f4026e4247d8dbb3ae7c9317d37e419438924e8c4f37d9092f5f3739cd9ca9de526445c4a7a147a956646c852ef1abd9e4f456e77594b +SHA512 (container-selinux-55c7d4d.tar.gz) = d148367e0e1112cb7430e891e5e6d29ca2edfe4af8ad7ca495938b2e1aed4354f41e5e0426c3ff96bf8f8c06a86ae6ef7f88207970009fe0cb1a6b67a5e75e3a From c46266a878d86dfb69a314f8351681dff991d329 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 15 Mar 2018 07:14:36 -0400 Subject: [PATCH 080/381] Dontaudit attempts by containers to write to /proc/self --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 51e8133..644c033 100644 --- a/.gitignore +++ b/.gitignore @@ -44,3 +44,4 @@ /container-selinux-fd50128.tar.gz /container-selinux-bdc0137.tar.gz /container-selinux-55c7d4d.tar.gz +/container-selinux-d248f91.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 53ae942..15610c7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 55c7d4dfeb063bd6177ebe2e4c5b8c466facdb16 +%global commit0 d248f9197acde3e7c489f2ee09c10f8b29ef1a68 %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.54 +Version: 2.55 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Mar 15 2018 Dan Walsh - 2.55-1 +- Dontaudit attempts by containers to write to /proc/self + * Wed Mar 14 2018 Dan Walsh - 2.54-1 - Add rules for container domains to make writing custom policy easier - Allow shell_exec_t as a container_runtime_t entrypoint diff --git a/sources b/sources index 134881e..eb6df7c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-55c7d4d.tar.gz) = d148367e0e1112cb7430e891e5e6d29ca2edfe4af8ad7ca495938b2e1aed4354f41e5e0426c3ff96bf8f8c06a86ae6ef7f88207970009fe0cb1a6b67a5e75e3a +SHA512 (container-selinux-d248f91.tar.gz) = 28f7a36228581fce097f3c0a3798a727300f609dc927d976c4cf0d8c10834a3695503b1f340bc73ba86fdca4906cd12cf0c73804a40dfd1e99aecaa9e2bc3917 From 4c7ed6951be12ff43548177d3a5375a64ba9d226 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 9 Apr 2018 07:47:49 -0400 Subject: [PATCH 081/381] packaging changes for centos v/s fedora Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 15610c7..a5aec49 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -4,11 +4,12 @@ %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 %global commit0 d248f9197acde3e7c489f2ee09c10f8b29ef1a68 +%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 -%global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 +%global el_commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 +%global shortcommit0 %(c=%{el_commit0}; echo ${c:0:7}) %endif -%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -42,6 +43,7 @@ URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz BuildArch: noarch +BuildRequires: git BuildRequires: pkgconfig(systemd) BuildRequires: selinux-policy >= %{selinux_policyver} BuildRequires: selinux-policy-devel >= %{selinux_policyver} @@ -64,7 +66,11 @@ Provides: docker-selinux = %{epoch}:%{version}-%{release} SELinux policy modules for use with container runtimes. %prep -%setup -q -n %{name}-%{commit0} +%if 0%{?fedora} || 0%{?rhel} > 7 +%autosetup -Sgit -n %{name}-%{commit0} +%else +%autosetup -Sgit -n %{name}-%{el_commit0} +%endif %build make From 802379f60164ca80976a0e4c01f65738c97234cb Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 9 Apr 2018 07:50:15 -0400 Subject: [PATCH 082/381] container-selinux- - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index a5aec49..f301218 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.55 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -123,6 +123,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 09 2018 Lokesh Mandvekar - 2:2.55-2 +- autobuilt commit d248f91 + * Thu Mar 15 2018 Dan Walsh - 2.55-1 - Dontaudit attempts by containers to write to /proc/self From c9ddfc8c4a0079a0256f8041dfa21bb5e40ce7ff Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 9 Apr 2018 07:55:39 -0400 Subject: [PATCH 083/381] change case cause it messes up my autobuilder script :D Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index f301218..f7ae188 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -150,7 +150,7 @@ fi - Change default label of /exports to container_var_lib_t * Fri Feb 09 2018 Igor Gnatenko - 2:2.46-3 -- Escape macros in %%changelog +- Escape macros in %%CHANGELOG * Wed Feb 07 2018 Fedora Release Engineering - 2:2.46-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild From 7c6163820035427bb0e8a917581f1360af6ea64f Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 9 Apr 2018 07:56:05 -0400 Subject: [PATCH 084/381] container-selinux-2:2.55-3 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index f7ae188..c98be22 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.55 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -123,6 +123,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 09 2018 Lokesh Mandvekar - 2:2.55-3 +- autobuilt commit d248f91 + * Mon Apr 09 2018 Lokesh Mandvekar - 2:2.55-2 - autobuilt commit d248f91 From af36061d14f442fd399e447e34daa693a93a84b6 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Mon, 9 Apr 2018 15:30:25 +0000 Subject: [PATCH 085/381] container-selinux-2:2.55-4 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index c98be22..1249b3a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.55 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -123,6 +123,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 09 2018 Lokesh Mandvekar (Bot) - 2:2.55-4 +- autobuilt commit d248f91 + * Mon Apr 09 2018 Lokesh Mandvekar - 2:2.55-3 - autobuilt commit d248f91 From e49a7cae6a5367829073cdc31ffbee3e1ef70582 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Mon, 9 Apr 2018 19:29:53 +0000 Subject: [PATCH 086/381] container-selinux-2:2.55-5 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 1249b3a..e446271 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.55 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -123,6 +123,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 09 2018 Lokesh Mandvekar (Bot) - 2:2.55-5 +- autobuilt commit d248f91 + * Mon Apr 09 2018 Lokesh Mandvekar (Bot) - 2:2.55-4 - autobuilt commit d248f91 From 03bdc4666887889f125fd8f09b60b11e2f91f3a5 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Mon, 16 Apr 2018 02:57:50 +0000 Subject: [PATCH 087/381] container-selinux-2:2.55-6 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index e446271..7c0f5f3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.55 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -123,6 +123,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-6 +- autobuilt commit d248f91 + * Mon Apr 09 2018 Lokesh Mandvekar (Bot) - 2:2.55-5 - autobuilt commit d248f91 From 357bc56e2f02ba75dc693933ade3d0ce2344d9f2 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Mon, 16 Apr 2018 03:21:09 +0000 Subject: [PATCH 088/381] container-selinux-2:2.55-7 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 7c0f5f3..115d9ca 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.55 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -123,6 +123,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-7 +- autobuilt commit d248f91 + * Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-6 - autobuilt commit d248f91 From 95b2b1d800085b79378cab1c273d4d701811881a Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Mon, 16 Apr 2018 03:31:26 +0000 Subject: [PATCH 089/381] container-selinux-2:2.55-8 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 115d9ca..e1134d4 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.55 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -123,6 +123,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-8 +- autobuilt commit d248f91 + * Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-7 - autobuilt commit d248f91 From 7506926843960326427dea6946b24901b9985d8b Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Sun, 15 Apr 2018 23:42:42 -0400 Subject: [PATCH 090/381] add shortcommit0 in release string Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index e1134d4..143d8f2 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.55 -Release: 8%{?dist} +Release: 8.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes From 6d73abcf30f7989d7a6423375a2e18a06d99898e Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Mon, 16 Apr 2018 14:49:04 +0000 Subject: [PATCH 091/381] container-selinux-2:2.55-9.gitd248f91 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 143d8f2..9d4fbec 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.55 -Release: 8.git%{shortcommit0}%{?dist} +Release: 9.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -123,6 +123,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-9.gitd248f91 +- autobuilt commit d248f91 + * Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-8 - autobuilt commit d248f91 From 654515c52527197a17df5ba11046bdaef5447331 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Mon, 16 Apr 2018 19:10:54 +0000 Subject: [PATCH 092/381] container-selinux-2:2.55-10.gitd248f91 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 9d4fbec..c81db97 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.55 -Release: 9.git%{shortcommit0}%{?dist} +Release: 10.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -123,6 +123,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-10.gitd248f91 +- autobuilt commit d248f91 + * Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-9.gitd248f91 - autobuilt commit d248f91 From e87f1288250b9a495b53a1fe91c23283267c67e4 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 16 Apr 2018 15:59:39 -0400 Subject: [PATCH 093/381] correct Source0 if centos Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/container-selinux.spec b/container-selinux.spec index c81db97..d2d0a5f 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -41,7 +41,11 @@ Release: 10.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes +%if 0%{?fedora} || 0%{?rhel} >7 Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +%else +Source0: %{git0}/archive/%{el_commit0}/%{name}-%{shortcommit0}.tar.gz +%endif BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) From 68364ba992b76cfec285d8f46b120dd7743e415e Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Tue, 17 Apr 2018 17:53:26 +0000 Subject: [PATCH 094/381] container-selinux-2:2.55-11.gitd248f91 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index d2d0a5f..68222c7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.55 -Release: 10.git%{shortcommit0}%{?dist} +Release: 11.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -127,6 +127,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Apr 17 2018 Lokesh Mandvekar (Bot) - 2:2.55-11.gitd248f91 +- autobuilt commit d248f91 + * Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-10.gitd248f91 - autobuilt commit d248f91 From cbb99afa99f8757959775ea4903d85ec1b64d192 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Tue, 17 Apr 2018 18:32:42 +0000 Subject: [PATCH 095/381] container-selinux-2:2.55-12.gitd248f91 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 68222c7..f677e2c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.55 -Release: 11.git%{shortcommit0}%{?dist} +Release: 12.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -127,6 +127,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Apr 17 2018 Lokesh Mandvekar (Bot) - 2:2.55-12.gitd248f91 +- autobuilt commit d248f91 + * Tue Apr 17 2018 Lokesh Mandvekar (Bot) - 2:2.55-11.gitd248f91 - autobuilt commit d248f91 From 1f65dab45247645fe49a1a65e0997578f11413c2 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 18 May 2018 11:53:51 -0400 Subject: [PATCH 096/381] Add labels to allow podman to be run from a systemd unit file --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 644c033..041a4e4 100644 --- a/.gitignore +++ b/.gitignore @@ -45,3 +45,4 @@ /container-selinux-bdc0137.tar.gz /container-selinux-55c7d4d.tar.gz /container-selinux-d248f91.tar.gz +/container-selinux-d213769.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index f677e2c..dabdc01 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 d248f9197acde3e7c489f2ee09c10f8b29ef1a68 +%global commit0 d2137698cba817ee241a02210b7d63473bd38233 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -36,8 +36,8 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.55 -Release: 12.git%{shortcommit0}%{?dist} +Version: 2.58 +Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -127,6 +127,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri May 18 2018 Dan Walsh - 2.57-1 +- Add labels to allow podman to be run from a systemd unit file + * Tue Apr 17 2018 Lokesh Mandvekar (Bot) - 2:2.55-12.gitd248f91 - autobuilt commit d248f91 diff --git a/sources b/sources index eb6df7c..480858b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-d248f91.tar.gz) = 28f7a36228581fce097f3c0a3798a727300f609dc927d976c4cf0d8c10834a3695503b1f340bc73ba86fdca4906cd12cf0c73804a40dfd1e99aecaa9e2bc3917 +SHA512 (container-selinux-d213769.tar.gz) = 94c3b6b097b9ad6b943bfec4b0d28d38a6fd10057b75c4236f03e52383361d1209d4c96acd02c2295707db037b26e5269eec5ead077bd90017518ea58fd5cc7a From cbb3d2bf04ed30504060e5eaed22934a1c2bb8c1 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 21 May 2018 11:03:42 -0400 Subject: [PATCH 097/381] Run restorecon /usr/bin/podman in postinstall --- container-selinux.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index dabdc01..7e67c30 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -23,7 +23,7 @@ %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; # Relabel files -%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : +%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*podman* %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : # Version of SELinux we were using %if 0%{?fedora} >= 22 || 0%{?rhel} > 7 @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.58 -Release: 1.git%{shortcommit0}%{?dist} +Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -127,7 +127,10 @@ fi %{_datadir}/selinux/* %changelog -* Fri May 18 2018 Dan Walsh - 2.57-1 +* Mon May 21 2018 Dan Walsh - 2.58-2 +- Run restorecon /usr/bin/podman in postinstall + +* Fri May 18 2018 Dan Walsh - 2.58-1 - Add labels to allow podman to be run from a systemd unit file * Tue Apr 17 2018 Lokesh Mandvekar (Bot) - 2:2.55-12.gitd248f91 From 2be9204393376a1d5338798145414846f83619de Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 21 May 2018 12:49:37 -0400 Subject: [PATCH 098/381] Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t. --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 041a4e4..511bfce 100644 --- a/.gitignore +++ b/.gitignore @@ -46,3 +46,4 @@ /container-selinux-55c7d4d.tar.gz /container-selinux-d248f91.tar.gz /container-selinux-d213769.tar.gz +/container-selinux-701557f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 7e67c30..dcd40e5 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 d2137698cba817ee241a02210b7d63473bd38233 +%global commit0 701557f1cd94a488a191215db04123ae533c5142 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -36,8 +36,8 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.58 -Release: 2.git%{shortcommit0}%{?dist} +Version: 2.59 +Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -127,6 +127,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon May 21 2018 Dan Walsh - 2.59-1 +- Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t. + * Mon May 21 2018 Dan Walsh - 2.58-2 - Run restorecon /usr/bin/podman in postinstall diff --git a/sources b/sources index 480858b..9bfdad7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-d213769.tar.gz) = 94c3b6b097b9ad6b943bfec4b0d28d38a6fd10057b75c4236f03e52383361d1209d4c96acd02c2295707db037b26e5269eec5ead077bd90017518ea58fd5cc7a +SHA512 (container-selinux-701557f.tar.gz) = 407baf6258b40241905ca682e1f0f7ad7109bd05bb92efad8c88defdf257b374353b6dacfac343d0a6e2347236d80e408edf320e95e5bf31e97b26e7829e876e From 59df2c8753f048cd5ec5f07d83b48b212c52a1ff Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 21 May 2018 13:19:17 -0400 Subject: [PATCH 099/381] Allow containers to list cgroup directories --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 511bfce..513b13f 100644 --- a/.gitignore +++ b/.gitignore @@ -47,3 +47,4 @@ /container-selinux-d248f91.tar.gz /container-selinux-d213769.tar.gz /container-selinux-701557f.tar.gz +/container-selinux-97f8dfc.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index dcd40e5..ae7d2ab 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 701557f1cd94a488a191215db04123ae533c5142 +%global commit0 97f8dfc2baf1c27f7e1de9ca3e11299f7e6c32d8 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -36,7 +36,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.59 +Version: 2.60 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -127,6 +127,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon May 21 2018 Dan Walsh - 2.60-1 +- Allow containers to list cgroup directories + * Mon May 21 2018 Dan Walsh - 2.59-1 - Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t. diff --git a/sources b/sources index 9bfdad7..da629a0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-701557f.tar.gz) = 407baf6258b40241905ca682e1f0f7ad7109bd05bb92efad8c88defdf257b374353b6dacfac343d0a6e2347236d80e408edf320e95e5bf31e97b26e7829e876e +SHA512 (container-selinux-97f8dfc.tar.gz) = 3938f6b31a720571a948a5233c1a2b40417c87685fb22f78fb7b3d54fadde2cfe1cd53ad92fe150155ebd0a1ed4986598dbda866ca05e4948d5d919c99293ca9 From 25c4cb361a3be662cd3d983111a4c5136269f53c Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 21 May 2018 17:13:15 -0400 Subject: [PATCH 100/381] Allow spc_t to load kernel modules from inside of container --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 513b13f..0d68d82 100644 --- a/.gitignore +++ b/.gitignore @@ -48,3 +48,4 @@ /container-selinux-d213769.tar.gz /container-selinux-701557f.tar.gz /container-selinux-97f8dfc.tar.gz +/container-selinux-9b55129.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index ae7d2ab..1f9138f 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 97f8dfc2baf1c27f7e1de9ca3e11299f7e6c32d8 +%global commit0 9b55129d5f2f7178a5423c7232cf99d74c1f94b3 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -36,7 +36,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.60 +Version: 2.61 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -127,6 +127,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon May 21 2018 Dan Walsh - 2.61-1 +- Allow spc_t to load kernel modules from inside of container + * Mon May 21 2018 Dan Walsh - 2.60-1 - Allow containers to list cgroup directories diff --git a/sources b/sources index da629a0..40a3367 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-97f8dfc.tar.gz) = 3938f6b31a720571a948a5233c1a2b40417c87685fb22f78fb7b3d54fadde2cfe1cd53ad92fe150155ebd0a1ed4986598dbda866ca05e4948d5d919c99293ca9 +SHA512 (container-selinux-9b55129.tar.gz) = ddafb1237c393ffc4a328e7fa824c5c1f8c0b910be5d8a732a58965f76a6ec561846c968cd7baad0f108f653d027b7b4513b7a9c23823757edd5ae436ffa61b6 From c2346462efbd419eb95cb9d9ace6ecdcef6ad782 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Fri, 25 May 2018 18:35:07 +0000 Subject: [PATCH 101/381] container-selinux-2:2.62-1.git1ecf953 - bump to 2.62 - autobuilt 1ecf953 Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 0d68d82..981d72c 100644 --- a/.gitignore +++ b/.gitignore @@ -49,3 +49,4 @@ /container-selinux-701557f.tar.gz /container-selinux-97f8dfc.tar.gz /container-selinux-9b55129.tar.gz +/container-selinux-1ecf953.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1f9138f..1f28f83 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 9b55129d5f2f7178a5423c7232cf99d74c1f94b3 +%global commit0 1ecf9533560e1004a26287a9ed31215cbaa83bd4 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -36,7 +36,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.61 +Version: 2.62 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -127,6 +127,10 @@ fi %{_datadir}/selinux/* %changelog +* Fri May 25 2018 Lokesh Mandvekar (Bot) - 2:2.62-1.git1ecf953 +- bump to 2.62 +- autobuilt 1ecf953 + * Mon May 21 2018 Dan Walsh - 2.61-1 - Allow spc_t to load kernel modules from inside of container diff --git a/sources b/sources index 40a3367..be3d22c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-9b55129.tar.gz) = ddafb1237c393ffc4a328e7fa824c5c1f8c0b910be5d8a732a58965f76a6ec561846c968cd7baad0f108f653d027b7b4513b7a9c23823757edd5ae436ffa61b6 +SHA512 (container-selinux-1ecf953.tar.gz) = df1f9586b1bbefddffd62b5800a0cf6346fafa8d32ae2ff93abe31c5f30bce9b6ce5caf6351f5b07b3324a5d7a49c389bb69825880fa1433a02e82e5fdd9cf72 From 71d86626927723a62dc7a8c0ce6fcad80f7d9cd1 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 30 May 2018 11:10:00 -0400 Subject: [PATCH 102/381] Allow containers to create icmp packets --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 981d72c..ba75bf5 100644 --- a/.gitignore +++ b/.gitignore @@ -50,3 +50,4 @@ /container-selinux-97f8dfc.tar.gz /container-selinux-9b55129.tar.gz /container-selinux-1ecf953.tar.gz +/container-selinux-284f9e7.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1f28f83..0a7cf66 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 1ecf9533560e1004a26287a9ed31215cbaa83bd4 +%global commit0 284f9e75b1356de59299f5aa6e7045243749f420 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -36,7 +36,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.62 +Version: 2.63 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -127,6 +127,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed May 30 2018 Dan Walsh - 2.63-1 +- Allow containers to create icmp packets + * Fri May 25 2018 Lokesh Mandvekar (Bot) - 2:2.62-1.git1ecf953 - bump to 2.62 - autobuilt 1ecf953 diff --git a/sources b/sources index be3d22c..3b91760 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-1ecf953.tar.gz) = df1f9586b1bbefddffd62b5800a0cf6346fafa8d32ae2ff93abe31c5f30bce9b6ce5caf6351f5b07b3324a5d7a49c389bb69825880fa1433a02e82e5fdd9cf72 +SHA512 (container-selinux-284f9e7.tar.gz) = b14bc6666da449525e53990ea2598e004f4383c851b7647f34d2ac7ee779130a95808d2dfbdd8381e2c90461205fa8d9a93ace5027af1fff2e724ab5b9945ea1 From 91cc6aa5358eed9a32e168cb9ea3077a3e749f8f Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 3 Jun 2018 06:09:33 -0400 Subject: [PATCH 103/381] Allow containers to create all socket classes --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 0a7cf66..916dbed 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 284f9e75b1356de59299f5aa6e7045243749f420 +%global commit0 d34637560ae7e992abdb70b2edafe9588e80c3aa %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -36,7 +36,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.63 +Version: 2.64 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -127,6 +127,9 @@ fi %{_datadir}/selinux/* %changelog +* Sun Jun 3 2018 Dan Walsh - 2.64-1 +- Allow containers to create all socket classes + * Wed May 30 2018 Dan Walsh - 2.63-1 - Allow containers to create icmp packets From 3cc70f644889a2b72246562fbee93619391cabc3 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 3 Jun 2018 06:14:48 -0400 Subject: [PATCH 104/381] Allow containers to create all socket classes --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index ba75bf5..a473e8e 100644 --- a/.gitignore +++ b/.gitignore @@ -51,3 +51,4 @@ /container-selinux-9b55129.tar.gz /container-selinux-1ecf953.tar.gz /container-selinux-284f9e7.tar.gz +/container-selinux-d346375.tar.gz diff --git a/sources b/sources index 3b91760..2bdfc14 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-284f9e7.tar.gz) = b14bc6666da449525e53990ea2598e004f4383c851b7647f34d2ac7ee779130a95808d2dfbdd8381e2c90461205fa8d9a93ace5027af1fff2e724ab5b9945ea1 +SHA512 (container-selinux-d346375.tar.gz) = 773ddd8f3c0280a1c88b75a619b961dfdc7aa95c807bebb161d80f04040dff3f039ca2eb0560f6ccf8a8d5367a96639c0fc634ac02b5ecd29b54dea028dcc9fc From 781a8d1c0d62b811abdac34e6f79d05948d25829 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 11 Jun 2018 08:55:28 -0400 Subject: [PATCH 105/381] Add new type to handle containers running with a non priv user in a userns allow containers to map all sockets --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index a473e8e..3605338 100644 --- a/.gitignore +++ b/.gitignore @@ -52,3 +52,4 @@ /container-selinux-1ecf953.tar.gz /container-selinux-284f9e7.tar.gz /container-selinux-d346375.tar.gz +/container-selinux-bf5b26b.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 916dbed..ee16a60 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 d34637560ae7e992abdb70b2edafe9588e80c3aa +%global commit0 bf5b26b07c9fa182142566bdcd27e91f9355529c %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -36,7 +36,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.64 +Version: 2.65 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -127,6 +127,10 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jun 11 2018 Dan Walsh - 2.65-1 +- Add new type to handle containers running with a non priv user in a userns +- allow containers to map all sockets + * Sun Jun 3 2018 Dan Walsh - 2.64-1 - Allow containers to create all socket classes diff --git a/sources b/sources index 2bdfc14..0f22f53 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-d346375.tar.gz) = 773ddd8f3c0280a1c88b75a619b961dfdc7aa95c807bebb161d80f04040dff3f039ca2eb0560f6ccf8a8d5367a96639c0fc634ac02b5ecd29b54dea028dcc9fc +SHA512 (container-selinux-bf5b26b.tar.gz) = 2227ef893bce792841ccca589c844ad8e9f5a067cb78f8f2c9f8d1224ac49ae9ec0d6894d2f165e90ecd253baf0e8e6ff94e55da4f535aa49d8cef6577ab211d From ee88cda7eb2443358eb40a3956bbbb297297bec6 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Tue, 12 Jun 2018 04:41:04 +0000 Subject: [PATCH 106/381] container-selinux-2:2.64-1.gitdfaf8fd - bump to 2.64 - autobuilt dfaf8fd Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 3605338..8c81e28 100644 --- a/.gitignore +++ b/.gitignore @@ -53,3 +53,4 @@ /container-selinux-284f9e7.tar.gz /container-selinux-d346375.tar.gz /container-selinux-bf5b26b.tar.gz +/container-selinux-dfaf8fd.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index ee16a60..eabd2e4 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 bf5b26b07c9fa182142566bdcd27e91f9355529c +%global commit0 dfaf8fd64fd8e14b160db5a9f36937692673fdc1 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -36,7 +36,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.65 +Version: 2.64 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -127,11 +127,15 @@ fi %{_datadir}/selinux/* %changelog +* Tue Jun 12 2018 Lokesh Mandvekar (Bot) - 2:2.64-1.gitdfaf8fd +- bump to 2.64 +- autobuilt dfaf8fd + * Mon Jun 11 2018 Dan Walsh - 2.65-1 - Add new type to handle containers running with a non priv user in a userns - allow containers to map all sockets -* Sun Jun 3 2018 Dan Walsh - 2.64-1 +* Sun Jun 3 2018 Dan Walsh - 2.64-1.gitdfaf8fd - Allow containers to create all socket classes * Wed May 30 2018 Dan Walsh - 2.63-1 diff --git a/sources b/sources index 0f22f53..1d0c648 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-bf5b26b.tar.gz) = 2227ef893bce792841ccca589c844ad8e9f5a067cb78f8f2c9f8d1224ac49ae9ec0d6894d2f165e90ecd253baf0e8e6ff94e55da4f535aa49d8cef6577ab211d +SHA512 (container-selinux-dfaf8fd.tar.gz) = 955996938ce724f809aac2f451d2eb72cd7501c5fb48229c00ca0e9ca74c8b3fd94e9365a79940bd25558958659afa74e5f33b1b19c1fc61204037fa028ac021 From e3d623436f12e840bc846aad4866e68995e51bda Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 30 Jun 2018 07:25:12 -0400 Subject: [PATCH 107/381] Allow container runtimes to dbus chat with systemd-resolved --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index eabd2e4..85a962f 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 dfaf8fd64fd8e14b160db5a9f36937692673fdc1 +%global commit0 8ecc282b93f70c91e6cfc23e5ddbe55a2628eaf8 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -36,7 +36,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.64 +Version: 2.66 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -127,6 +127,9 @@ fi %{_datadir}/selinux/* %changelog +* Sat Jun 30 2018 Dan Walsh - 2.66-1 +- Allow container runtimes to dbus chat with systemd-resolved + * Tue Jun 12 2018 Lokesh Mandvekar (Bot) - 2:2.64-1.gitdfaf8fd - bump to 2.64 - autobuilt dfaf8fd From 37cbbf8e2c9db03feb6b6faafc3a0de928f24ec3 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 30 Jun 2018 07:25:56 -0400 Subject: [PATCH 108/381] Allow container runtimes to dbus chat with systemd-resolved --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 8c81e28..e71acf3 100644 --- a/.gitignore +++ b/.gitignore @@ -54,3 +54,4 @@ /container-selinux-d346375.tar.gz /container-selinux-bf5b26b.tar.gz /container-selinux-dfaf8fd.tar.gz +/container-selinux-8ecc282.tar.gz diff --git a/sources b/sources index 1d0c648..135dda2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-dfaf8fd.tar.gz) = 955996938ce724f809aac2f451d2eb72cd7501c5fb48229c00ca0e9ca74c8b3fd94e9365a79940bd25558958659afa74e5f33b1b19c1fc61204037fa028ac021 +SHA512 (container-selinux-8ecc282.tar.gz) = db120dceb1db050aa906f1fbc74a0c541345880e8c1eccf65355f1ce640c59e0493a025a3ab6c6b7c7ac385160694a0b23612572791412eb9d11eebe4da5460a From da11a8106d1a90c5a36ade85a2dccc51a4b072c6 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Sat, 7 Jul 2018 04:53:53 +0000 Subject: [PATCH 109/381] container-selinux-2:2.67-1.git0407867 - bump to 2.67 - autobuilt 0407867 Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index e71acf3..75b3c4a 100644 --- a/.gitignore +++ b/.gitignore @@ -55,3 +55,4 @@ /container-selinux-bf5b26b.tar.gz /container-selinux-dfaf8fd.tar.gz /container-selinux-8ecc282.tar.gz +/container-selinux-0407867.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 85a962f..b1b75b3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 8ecc282b93f70c91e6cfc23e5ddbe55a2628eaf8 +%global commit0 04078674cd4f0125a2a650ca750ca9c3ca3529b9 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -36,7 +36,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.66 +Version: 2.67 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -127,6 +127,10 @@ fi %{_datadir}/selinux/* %changelog +* Sat Jul 07 2018 Lokesh Mandvekar (Bot) - 2:2.67-1.git0407867 +- bump to 2.67 +- autobuilt 0407867 + * Sat Jun 30 2018 Dan Walsh - 2.66-1 - Allow container runtimes to dbus chat with systemd-resolved diff --git a/sources b/sources index 135dda2..b6f276e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-8ecc282.tar.gz) = db120dceb1db050aa906f1fbc74a0c541345880e8c1eccf65355f1ce640c59e0493a025a3ab6c6b7c7ac385160694a0b23612572791412eb9d11eebe4da5460a +SHA512 (container-selinux-0407867.tar.gz) = e72b17bd3e43538c4ea28361572a5a81316566183b1511d5ad5c03d3afc9b75840f3aecad74b13643d338b89e1c9605ae2b7ca61fae5a95626dac6e1bc0455d6 From 814ce627ca42a91eaed7e85aa3efd240b77e9237 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Mon, 9 Jul 2018 15:15:01 +0000 Subject: [PATCH 110/381] container-selinux-2:2.67-2.git042f7cf - autobuilt 042f7cf Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 75b3c4a..8058813 100644 --- a/.gitignore +++ b/.gitignore @@ -56,3 +56,4 @@ /container-selinux-dfaf8fd.tar.gz /container-selinux-8ecc282.tar.gz /container-selinux-0407867.tar.gz +/container-selinux-042f7cf.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index b1b75b3..6bfb9f6 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 04078674cd4f0125a2a650ca750ca9c3ca3529b9 +%global commit0 042f7cf69af273963d7965bb511f4ffa4049bca0 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.67 -Release: 1.git%{shortcommit0}%{?dist} +Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -127,6 +127,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jul 09 2018 Lokesh Mandvekar (Bot) - 2:2.67-2.git042f7cf +- autobuilt 042f7cf + * Sat Jul 07 2018 Lokesh Mandvekar (Bot) - 2:2.67-1.git0407867 - bump to 2.67 - autobuilt 0407867 diff --git a/sources b/sources index b6f276e..b8647c5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-0407867.tar.gz) = e72b17bd3e43538c4ea28361572a5a81316566183b1511d5ad5c03d3afc9b75840f3aecad74b13643d338b89e1c9605ae2b7ca61fae5a95626dac6e1bc0455d6 +SHA512 (container-selinux-042f7cf.tar.gz) = 9a8bf256d574762a88ae8b8ff4634a51a202ce5b5e90187c3caf928827d4fb485719041da530f6fb42d6888eab24d2907d97dd85dfa0e4277e6f080e38dc78f7 From aa27ac4a7456e5ecc5d3a4df56e2207a4ebb5a1d Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 9 Jul 2018 12:07:01 -0400 Subject: [PATCH 111/381] update release tag to reflect unreleased status Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 6bfb9f6..0fb55b8 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.67 -Release: 2.git%{shortcommit0}%{?dist} +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes From 49aa687d4c071ec7ad2949cafe16fe95037a34d6 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 12 Jul 2018 22:12:40 +0000 Subject: [PATCH 112/381] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 0fb55b8..67b0b8a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.67 -Release: 2.dev.git%{shortcommit0}%{?dist} +Release: 3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -127,6 +127,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Jul 12 2018 Fedora Release Engineering - 2:2.67-3.dev.git042f7cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Mon Jul 09 2018 Lokesh Mandvekar (Bot) - 2:2.67-2.git042f7cf - autobuilt 042f7cf From be54b1d5ac637d793f4745dd8fc01bca7038628e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 16 Jul 2018 12:16:01 -0400 Subject: [PATCH 113/381] Add labels for /var/lib/origin directory Add container_file_t as a customizable_type Signed-off-by: Daniel J Walsh --- .gitignore | 4 ++++ container-selinux.spec | 14 +++++++++++--- sources | 2 +- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 8058813..a80c699 100644 --- a/.gitignore +++ b/.gitignore @@ -56,4 +56,8 @@ /container-selinux-dfaf8fd.tar.gz /container-selinux-8ecc282.tar.gz /container-selinux-0407867.tar.gz +<<<<<<< Updated upstream /container-selinux-042f7cf.tar.gz +======= +/container-selinux-25277c8.tar.gz +>>>>>>> Stashed changes diff --git a/container-selinux.spec b/container-selinux.spec index 67b0b8a..14d6d71 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 042f7cf69af273963d7965bb511f4ffa4049bca0 +%global commit0 25277c867c16433c505a22840bbe90e4902a1f69 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -36,8 +36,8 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.67 -Release: 3.dev.git%{shortcommit0}%{?dist} +Version: 2.68 +Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -62,6 +62,7 @@ Requires(post): policycoreutils-python-utils Requires(post): policycoreutils-python %endif Requires(post): libselinux-utils +Requires(post): sed Obsoletes: %{name} <= 2:1.12.5-13 Obsoletes: docker-selinux <= 2:1.12.4-28 Provides: docker-selinux = %{epoch}:%{version}-%{release} @@ -109,6 +110,9 @@ if %{_sbindir}/selinuxenabled ; then restorecon -R %{_sharedstatedir}/docker &> /dev/null || : fi fi +. %{_sysconfdir}/selinux/config +sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types + %postun if [ $1 -eq 0 ]; then @@ -127,6 +131,10 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jul 16 2018 Dan Walsh - 2.67-1 +- Add label for /var/lib/origin +- Add customizable_file_t to customizable_types + * Thu Jul 12 2018 Fedora Release Engineering - 2:2.67-3.dev.git042f7cf - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild diff --git a/sources b/sources index b8647c5..5acc311 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-042f7cf.tar.gz) = 9a8bf256d574762a88ae8b8ff4634a51a202ce5b5e90187c3caf928827d4fb485719041da530f6fb42d6888eab24d2907d97dd85dfa0e4277e6f080e38dc78f7 +SHA512 (container-selinux-25277c8.tar.gz) = b75d2f255cde830eeea4b081528289fd005b51622c6a6d6336dca4cd97a86bd0ae2b34880110ca3e2b06a405e496f3b302130e98cb89d379bae9cc0a79c38366 From 08b0e73601c29f696ee47234390c56745831d9f0 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Wed, 18 Jul 2018 02:04:23 +0000 Subject: [PATCH 114/381] container-selinux-2:2.68-2.gitc139a3d - autobuilt c139a3d Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index a80c699..3e89e39 100644 --- a/.gitignore +++ b/.gitignore @@ -61,3 +61,4 @@ ======= /container-selinux-25277c8.tar.gz >>>>>>> Stashed changes +/container-selinux-c139a3d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 14d6d71..1c82143 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 25277c867c16433c505a22840bbe90e4902a1f69 +%global commit0 c139a3d768b0ac8b16f23c30ecf7f394cf8b27ee %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -37,7 +37,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.68 -Release: 1.git%{shortcommit0}%{?dist} +Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -131,6 +131,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed Jul 18 2018 Lokesh Mandvekar (Bot) - 2:2.68-2.gitc139a3d +- autobuilt c139a3d + * Mon Jul 16 2018 Dan Walsh - 2.67-1 - Add label for /var/lib/origin - Add customizable_file_t to customizable_types diff --git a/sources b/sources index 5acc311..21cded0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-25277c8.tar.gz) = b75d2f255cde830eeea4b081528289fd005b51622c6a6d6336dca4cd97a86bd0ae2b34880110ca3e2b06a405e496f3b302130e98cb89d379bae9cc0a79c38366 +SHA512 (container-selinux-c139a3d.tar.gz) = babc99b3a4efbb43a20ac40bc4d181e7e43888212ccde106ca1645650c3f400fa23c1943b1d33047e9520852eee8a7bec4fb2b3fb5c503430f4a1b0f85d72582 From 4ed36528d000b008815be85ba6c215005a985c4c Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 25 Jul 2018 17:35:22 -0400 Subject: [PATCH 115/381] dontaudit attempts to write to sysctl_kernel_t --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 3e89e39..60cb8d6 100644 --- a/.gitignore +++ b/.gitignore @@ -62,3 +62,4 @@ /container-selinux-25277c8.tar.gz >>>>>>> Stashed changes /container-selinux-c139a3d.tar.gz +/container-selinux-452b90d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1c82143..62e489e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 c139a3d768b0ac8b16f23c30ecf7f394cf8b27ee +%global commit0 452b90de0cbc75f0a55defa1d45b7bc337d4f076 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %else # use upstream's RHEL-1.12 branch for CentOS 7 @@ -36,8 +36,8 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.68 -Release: 2.git%{shortcommit0}%{?dist} +Version: 2.69 +Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -131,6 +131,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed Jul 25 2018 Dan Walsh - 2.69-1 +- dontaudit attempts to write to sysctl_kernel_t + * Wed Jul 18 2018 Lokesh Mandvekar (Bot) - 2:2.68-2.gitc139a3d - autobuilt c139a3d diff --git a/sources b/sources index 21cded0..dab2d47 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-c139a3d.tar.gz) = babc99b3a4efbb43a20ac40bc4d181e7e43888212ccde106ca1645650c3f400fa23c1943b1d33047e9520852eee8a7bec4fb2b3fb5c503430f4a1b0f85d72582 +SHA512 (container-selinux-452b90d.tar.gz) = f9bc9c9fafd98aca03b755dc44807baec3aec2b0a97bd539be6b49bc2f1f571973bef8e8a716ef990255f4b26ef9650e2c03ce9bf3ee0961f99205e309475944 From efac8b1c4bd3d25d0c169aaa4c30104cf438bb3e Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Sun, 12 Aug 2018 01:45:38 -0400 Subject: [PATCH 116/381] remove unnecessary distro conditionals Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 24 +----------------------- 1 file changed, 1 insertion(+), 23 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 62e489e..9f90b25 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,14 +2,8 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%if 0%{?fedora} || 0%{?rhel} > 7 %global commit0 452b90de0cbc75f0a55defa1d45b7bc337d4f076 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) -%else -# use upstream's RHEL-1.12 branch for CentOS 7 -%global el_commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 -%global shortcommit0 %(c=%{el_commit0}; echo ${c:0:7}) -%endif # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -26,14 +20,10 @@ %global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*podman* %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : # Version of SELinux we were using -%if 0%{?fedora} >= 22 || 0%{?rhel} > 7 %global selinux_policyver 3.13.1-220 -%else -%global selinux_policyver 3.13.1-39 -%endif Name: container-selinux -%if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 +%if 0%{?fedora} Epoch: 2 %endif Version: 2.69 @@ -41,11 +31,7 @@ Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes -%if 0%{?fedora} || 0%{?rhel} >7 Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz -%else -Source0: %{git0}/archive/%{el_commit0}/%{name}-%{shortcommit0}.tar.gz -%endif BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) @@ -56,11 +42,7 @@ Requires: selinux-policy >= %{selinux_policyver} Requires(post): selinux-policy-base >= %{selinux_policyver} Requires(post): selinux-policy-targeted >= %{selinux_policyver} Requires(post): policycoreutils -%if 0%{?fedora} || 0%{?rhel} > 7 Requires(post): policycoreutils-python-utils -%else -Requires(post): policycoreutils-python -%endif Requires(post): libselinux-utils Requires(post): sed Obsoletes: %{name} <= 2:1.12.5-13 @@ -71,11 +53,7 @@ Provides: docker-selinux = %{epoch}:%{version}-%{release} SELinux policy modules for use with container runtimes. %prep -%if 0%{?fedora} || 0%{?rhel} > 7 %autosetup -Sgit -n %{name}-%{commit0} -%else -%autosetup -Sgit -n %{name}-%{el_commit0} -%endif %build make From e6bf4b2eb83a952bc252115d61f4069cbf2a86e2 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 22 Aug 2018 07:30:54 -0700 Subject: [PATCH 117/381] Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 60cb8d6..211b827 100644 --- a/.gitignore +++ b/.gitignore @@ -63,3 +63,4 @@ >>>>>>> Stashed changes /container-selinux-c139a3d.tar.gz /container-selinux-452b90d.tar.gz +/container-selinux-4e73492.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 9f90b25..b710818 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 452b90de0cbc75f0a55defa1d45b7bc337d4f076 +%global commit0 4e73492e3e0f48ccfa84c946706359648cc6986e %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.69 +Version: 2.70 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed Aug 22 2018 Dan Walsh - 2.70-1 +- Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t + * Wed Jul 25 2018 Dan Walsh - 2.69-1 - dontaudit attempts to write to sysctl_kernel_t diff --git a/sources b/sources index dab2d47..683a5b7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-452b90d.tar.gz) = f9bc9c9fafd98aca03b755dc44807baec3aec2b0a97bd539be6b49bc2f1f571973bef8e8a716ef990255f4b26ef9650e2c03ce9bf3ee0961f99205e309475944 +SHA512 (container-selinux-4e73492.tar.gz) = 53bbccd00a37095165b27f03411304753bb41351bc29c756f026b3ae17bc1012dac3d1953c323a3dd75df578955f781710fd524e09f90f70a9e816165120594b From 1c6b7ec5b2ba0e1d0f8d95d8e1dd888f70c3e99b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 22 Aug 2018 18:20:47 -0700 Subject: [PATCH 118/381] Allow unconfined_r to transition to system_r over container_runtime_exec_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 211b827..addd98e 100644 --- a/.gitignore +++ b/.gitignore @@ -64,3 +64,4 @@ /container-selinux-c139a3d.tar.gz /container-selinux-452b90d.tar.gz /container-selinux-4e73492.tar.gz +/container-selinux-5721d74.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index b710818..26d2f68 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 4e73492e3e0f48ccfa84c946706359648cc6986e +%global commit0 5721d746acccaa840a9af5be6ee30ca3b0c2a2bb %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.70 +Version: 2.71 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed Aug 22 2018 Dan Walsh - 2.71-1 +- Allow unconfined_r to transition to system_r over container_runtime_exec_t + * Wed Aug 22 2018 Dan Walsh - 2.70-1 - Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t diff --git a/sources b/sources index 683a5b7..c7f4eec 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-4e73492.tar.gz) = 53bbccd00a37095165b27f03411304753bb41351bc29c756f026b3ae17bc1012dac3d1953c323a3dd75df578955f781710fd524e09f90f70a9e816165120594b +SHA512 (container-selinux-5721d74.tar.gz) = 6c965d64022967cffad10fc7f69ef7111998c91dc6a5be4c227f00d82d6af6c4c6b9c86d1f6809204a7ee8bf950483b32efb5ee8ce05a0ad71a5e57c7f3230b3 From 5c39536b9a84ee1f6b3c8fb5afe79897c13085af Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 27 Aug 2018 09:17:30 -0400 Subject: [PATCH 119/381] Fix restorecon to not error on missing directory --- container-selinux.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 26d2f68..bd7bc5e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -27,7 +27,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.71 -Release: 1.git%{shortcommit0}%{?dist} +Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -86,10 +86,12 @@ if %{_sbindir}/selinuxenabled ; then %relabel_files if [ $1 -eq 1 ]; then restorecon -R %{_sharedstatedir}/docker &> /dev/null || : + restorecon -R %{_sharedstatedir}/containers &> /dev/null || : fi fi . %{_sysconfdir}/selinux/config sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types +matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || : %postun @@ -109,6 +111,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Aug 27 2018 Dan Walsh - 2.71-2 +- Fix restorecon to not error on missing directory + * Wed Aug 22 2018 Dan Walsh - 2.71-1 - Allow unconfined_r to transition to system_r over container_runtime_exec_t From 90d38a296abec6c9945c7a86b8be8893df006cd0 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 12 Sep 2018 07:45:24 -0400 Subject: [PATCH 120/381] Allow container_runtimes to setattr on callers fifo_files --- container-selinux.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index bd7bc5e..2b5276c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 5721d746acccaa840a9af5be6ee30ca3b0c2a2bb +%global commit0 f6c7f410ca8bfe20bd0a217dd75b22735a32f212 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.71 -Release: 2.git%{shortcommit0}%{?dist} +Version: 2.72 +Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed Sep 12 2018 Dan Walsh - 2.72-1 +- Allow container_runtimes to setattr on callers fifo_files + * Mon Aug 27 2018 Dan Walsh - 2.71-2 - Fix restorecon to not error on missing directory From 88328244edc3548630a28934415063a2b5cf9dcf Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 13 Sep 2018 09:33:50 -0400 Subject: [PATCH 121/381] Define spc_t as a container_domain, so that container_runtime will transition to spc_t even when setup with nosuid. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index addd98e..5d8f5df 100644 --- a/.gitignore +++ b/.gitignore @@ -65,3 +65,4 @@ /container-selinux-452b90d.tar.gz /container-selinux-4e73492.tar.gz /container-selinux-5721d74.tar.gz +/container-selinux-d7a3f33.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 2b5276c..5445396 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 f6c7f410ca8bfe20bd0a217dd75b22735a32f212 +%global commit0 d7a3f33548ae5c5912006dc2b14270d650f5e52f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.72 +Version: 2.73 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi %{_datadir}/selinux/* %changelog +* Wed Sep 12 2018 Dan Walsh - 2.73-1 +- Define spc_t as a container_domain, so that container_runtime will transition +to spc_t even when setup with nosuid. + * Wed Sep 12 2018 Dan Walsh - 2.72-1 - Allow container_runtimes to setattr on callers fifo_files diff --git a/sources b/sources index c7f4eec..22fed4c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5721d74.tar.gz) = 6c965d64022967cffad10fc7f69ef7111998c91dc6a5be4c227f00d82d6af6c4c6b9c86d1f6809204a7ee8bf950483b32efb5ee8ce05a0ad71a5e57c7f3230b3 +SHA512 (container-selinux-d7a3f33.tar.gz) = c2db2bc9e1bc8de49631d8d40210bcb065af21892c4ee4f94f13dcbb1bbd61c18b95b086aa0f83205c060b497581e1ed7bb9dda5c927b32cebc48c456bdfd553 From 2efd385d7d299b7ba37a8255f3d9dcadd52b94b1 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 22 Sep 2018 06:39:25 -0400 Subject: [PATCH 122/381] Remove requires for policycoreutils-python-utils we don't need it. --- container-selinux.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 5445396..84d6f98 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -27,7 +27,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.73 -Release: 1.git%{shortcommit0}%{?dist} +Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -42,7 +42,6 @@ Requires: selinux-policy >= %{selinux_policyver} Requires(post): selinux-policy-base >= %{selinux_policyver} Requires(post): selinux-policy-targeted >= %{selinux_policyver} Requires(post): policycoreutils -Requires(post): policycoreutils-python-utils Requires(post): libselinux-utils Requires(post): sed Obsoletes: %{name} <= 2:1.12.5-13 @@ -93,7 +92,6 @@ fi sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || : - %postun if [ $1 -eq 0 ]; then %{_sbindir}/semodule -n -r %{modulenames} docker &> /dev/null || : @@ -111,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Sat Sep 22 2018 Dan Walsh - 2.73-2 +- Remove requires for policycoreutils-python-utils we don't need it. + * Wed Sep 12 2018 Dan Walsh - 2.73-1 - Define spc_t as a container_domain, so that container_runtime will transition to spc_t even when setup with nosuid. From 5df1d6fc433f6357f028dcabe76da43632162337 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 19 Oct 2018 17:45:33 -0400 Subject: [PATCH 123/381] Allow containers to setexec themselves --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 5d8f5df..2e1d733 100644 --- a/.gitignore +++ b/.gitignore @@ -66,3 +66,4 @@ /container-selinux-4e73492.tar.gz /container-selinux-5721d74.tar.gz /container-selinux-d7a3f33.tar.gz +/container-selinux-a62c2db.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 84d6f98..b8ebc9c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 d7a3f33548ae5c5912006dc2b14270d650f5e52f +%global commit0 a62c2dbcdbe98d3f975d617f55faabafe7835357 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.73 -Release: 2.git%{shortcommit0}%{?dist} +Version: 2.74 +Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Oct 19 2018 Dan Walsh - 2.74-1 +- Allow containers to setexec themselves + * Sat Sep 22 2018 Dan Walsh - 2.73-2 - Remove requires for policycoreutils-python-utils we don't need it. diff --git a/sources b/sources index 22fed4c..f8be47a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-d7a3f33.tar.gz) = c2db2bc9e1bc8de49631d8d40210bcb065af21892c4ee4f94f13dcbb1bbd61c18b95b086aa0f83205c060b497581e1ed7bb9dda5c927b32cebc48c456bdfd553 +SHA512 (container-selinux-a62c2db.tar.gz) = d74911fcb3c4102515c56af2893bbdc03b2e45214a93fd5f1cabc1b55bfa526e3f79da35be3250ab5fb5045a1d4b34809f0965644885844182e166d2f0c1af78 From 20e37ffd794b9220392c2b3a993889766a8bcf0d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 30 Oct 2018 08:34:06 -0400 Subject: [PATCH 124/381] Allow containers to use fuse file systems by default --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 2e1d733..2884676 100644 --- a/.gitignore +++ b/.gitignore @@ -67,3 +67,4 @@ /container-selinux-5721d74.tar.gz /container-selinux-d7a3f33.tar.gz /container-selinux-a62c2db.tar.gz +/container-selinux-99e2cfd.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index b8ebc9c..f833f39 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 a62c2dbcdbe98d3f975d617f55faabafe7835357 +%global commit0 99e2cfd56536d1c2463ad7a68c29bb478eb67e8a %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.74 +Version: 2.75 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Oct 30 2018 Dan Walsh - 2.75-1 +- Allow containers to use fuse file systems by default + * Fri Oct 19 2018 Dan Walsh - 2.74-1 - Allow containers to setexec themselves @@ -121,7 +124,7 @@ to spc_t even when setup with nosuid. * Wed Sep 12 2018 Dan Walsh - 2.72-1 - Allow container_runtimes to setattr on callers fifo_files - +github.com/opencontainers/selinux * Mon Aug 27 2018 Dan Walsh - 2.71-2 - Fix restorecon to not error on missing directory diff --git a/sources b/sources index f8be47a..16a8920 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-a62c2db.tar.gz) = d74911fcb3c4102515c56af2893bbdc03b2e45214a93fd5f1cabc1b55bfa526e3f79da35be3250ab5fb5045a1d4b34809f0965644885844182e166d2f0c1af78 +SHA512 (container-selinux-99e2cfd.tar.gz) = 489f420cb14bf6049eab9f2939bb61a98cdae43bc2d78d3607760922158e519d3bf6781b8f652ce6ed74ce03d8f453ee621860471324c932fe723c645b9ef8cd From b66e01696f7a06753a9ffd3db275328d79be813a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 12 Nov 2018 15:48:19 -0500 Subject: [PATCH 125/381] Allow containers to sendto dgram socket of container runtimes Needed to run container runtimes in notify socket unit files. --- container-selinux.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index f833f39..cb00b61 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 99e2cfd56536d1c2463ad7a68c29bb478eb67e8a +%global commit0 87fae856c438047d472db4e1b083e8a8f8ed3103 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.75 +Version: 2.76 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Mon Nov 12 2018 Dan Walsh - 2.76-1 +- Allow containers to sendto dgram socket of container runtimes +- Needed to run container runtimes in notify socket unit files. + * Tue Oct 30 2018 Dan Walsh - 2.75-1 - Allow containers to use fuse file systems by default From 60e901fa3344caa44638139f9e0a551f4f2b26e4 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 12 Nov 2018 15:48:53 -0500 Subject: [PATCH 126/381] Allow containers to sendto dgram socket of container runtimes Needed to run container runtimes in notify socket unit files. --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 2884676..f991c91 100644 --- a/.gitignore +++ b/.gitignore @@ -68,3 +68,4 @@ /container-selinux-d7a3f33.tar.gz /container-selinux-a62c2db.tar.gz /container-selinux-99e2cfd.tar.gz +/container-selinux-87fae85.tar.gz diff --git a/sources b/sources index 16a8920..29f4f57 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-99e2cfd.tar.gz) = 489f420cb14bf6049eab9f2939bb61a98cdae43bc2d78d3607760922158e519d3bf6781b8f652ce6ed74ce03d8f453ee621860471324c932fe723c645b9ef8cd +SHA512 (container-selinux-87fae85.tar.gz) = 4ec03e76830fa2dc15602831cda3e9ca846b62d3f806049785bb94004f079314e6a2039987f02251ff54aa4a9ed890d558506861fe0986264cc610920a7f85df From fbbda7e41118b8565a2157a8da2771a3806b3490 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Tue, 13 Nov 2018 04:05:43 +0000 Subject: [PATCH 127/381] container-selinux-2:2.752.75-1.dev.git99e2cfd1 - bump to 2.75 - autobuilt 99e2cfd Signed-off-by: Lokesh Mandvekar (Bot) --- container-selinux.spec | 12 ++++++++---- sources | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index cb00b61..2754ca2 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 87fae856c438047d472db4e1b083e8a8f8ed3103 +%global commit0 99e2cfd56536d1c2463ad7a68c29bb478eb67e8a %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.76 -Release: 1.git%{shortcommit0}%{?dist} +Version: 2.752.75 +Release: 1.dev.git%{shortcommit0}%{?dist}1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,11 +109,15 @@ fi %{_datadir}/selinux/* %changelog +* Tue Nov 13 2018 Lokesh Mandvekar (Bot) - 2:2.752.75-1.dev.git99e2cfd1 +- bump to 2.75 +- autobuilt 99e2cfd + * Mon Nov 12 2018 Dan Walsh - 2.76-1 - Allow containers to sendto dgram socket of container runtimes - Needed to run container runtimes in notify socket unit files. -* Tue Oct 30 2018 Dan Walsh - 2.75-1 +* Tue Oct 30 2018 Dan Walsh - 2.75-1.dev.git99e2cfd - Allow containers to use fuse file systems by default * Fri Oct 19 2018 Dan Walsh - 2.74-1 diff --git a/sources b/sources index 29f4f57..16a8920 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-87fae85.tar.gz) = 4ec03e76830fa2dc15602831cda3e9ca846b62d3f806049785bb94004f079314e6a2039987f02251ff54aa4a9ed890d558506861fe0986264cc610920a7f85df +SHA512 (container-selinux-99e2cfd.tar.gz) = 489f420cb14bf6049eab9f2939bb61a98cdae43bc2d78d3607760922158e519d3bf6781b8f652ce6ed74ce03d8f453ee621860471324c932fe723c645b9ef8cd From 6065af86d3a23c162110860a5eee5945fcebe81a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 17 Dec 2018 14:23:41 -0500 Subject: [PATCH 128/381] Allow container-runtime to setattr on fifo_file handed into container runtime. --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index f991c91..13b5e67 100644 --- a/.gitignore +++ b/.gitignore @@ -69,3 +69,4 @@ /container-selinux-a62c2db.tar.gz /container-selinux-99e2cfd.tar.gz /container-selinux-87fae85.tar.gz +/container-selinux-5133af6.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 2754ca2..feb3430 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 99e2cfd56536d1c2463ad7a68c29bb478eb67e8a +%global commit0 5133af638a0b746e1ff3bd6d452038fdad7e7e98 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.752.75 -Release: 1.dev.git%{shortcommit0}%{?dist}1%{?dist} +Version: 2.77 +Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Dec 17 2018 Dan Walsh - 2.77-1 +- Allow container-runtime to setattr on fifo_file handed into container runtime. + * Tue Nov 13 2018 Lokesh Mandvekar (Bot) - 2:2.752.75-1.dev.git99e2cfd1 - bump to 2.75 - autobuilt 99e2cfd diff --git a/sources b/sources index 16a8920..b350407 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-99e2cfd.tar.gz) = 489f420cb14bf6049eab9f2939bb61a98cdae43bc2d78d3607760922158e519d3bf6781b8f652ce6ed74ce03d8f453ee621860471324c932fe723c645b9ef8cd +SHA512 (container-selinux-5133af6.tar.gz) = e4e3c98ad0c8d9b3ed53c5753092505f8a65dfda13138cb238cc288b2d311fb755e900af93e7b7fa84b5824b2cd352eaf11ab1b90353f698b52235fc1af7d063 From 22b5b2899f99c6e608d610a674fbf88aa5228aca Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 17 Dec 2018 15:47:41 -0500 Subject: [PATCH 129/381] Allow container-runtime to setattr on fifo_file handed into container runtime. --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 13b5e67..633f42d 100644 --- a/.gitignore +++ b/.gitignore @@ -70,3 +70,4 @@ /container-selinux-99e2cfd.tar.gz /container-selinux-87fae85.tar.gz /container-selinux-5133af6.tar.gz +/container-selinux-2c57a17.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index feb3430..6424576 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 5133af638a0b746e1ff3bd6d452038fdad7e7e98 +%global commit0 2c57a17ab66c245a86dd00e03ec2b8e70ff76203 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) diff --git a/sources b/sources index b350407..a1acc87 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (container-selinux-5133af6.tar.gz) = e4e3c98ad0c8d9b3ed53c5753092505f8a65dfda13138cb238cc288b2d311fb755e900af93e7b7fa84b5824b2cd352eaf11ab1b90353f698b52235fc1af7d063 +SHA512 (container-selinux-2c57a17.tar.gz) = a136937d766f2727d4ca51dd2ca73b16c484bf7a6ccd09634ce2b29d46620a8152b7535e5b4663fe10d9ac502493c680e0d35b2b0eea7bbec8d54fb7de12eef2 From 5e8d437abaa346b89e82df5cab24afb1686f8b77 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 10 Jan 2019 15:17:44 -0500 Subject: [PATCH 130/381] Fix labeling for images in docker daemon user namespace --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 3 +-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 633f42d..9e4f3dc 100644 --- a/.gitignore +++ b/.gitignore @@ -71,3 +71,4 @@ /container-selinux-87fae85.tar.gz /container-selinux-5133af6.tar.gz /container-selinux-2c57a17.tar.gz +/container-selinux-1362777.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 6424576..0998d68 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 2c57a17ab66c245a86dd00e03ec2b8e70ff76203 +%global commit0 13627777f8398d68d7de180ee4c07d454dc2d69b %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.77 +Version: 2.78 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Jan 10 2019 Dan Walsh - 2.78-1 +- Fix labeling for images in docker daemon user namespace + * Mon Dec 17 2018 Dan Walsh - 2.77-1 - Allow container-runtime to setattr on fifo_file handed into container runtime. diff --git a/sources b/sources index a1acc87..c5af941 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (container-selinux-5133af6.tar.gz) = e4e3c98ad0c8d9b3ed53c5753092505f8a65dfda13138cb238cc288b2d311fb755e900af93e7b7fa84b5824b2cd352eaf11ab1b90353f698b52235fc1af7d063 -SHA512 (container-selinux-2c57a17.tar.gz) = a136937d766f2727d4ca51dd2ca73b16c484bf7a6ccd09634ce2b29d46620a8152b7535e5b4663fe10d9ac502493c680e0d35b2b0eea7bbec8d54fb7de12eef2 +SHA512 (container-selinux-1362777.tar.gz) = 2bbf208a2c0995ce5133e6846ad6f080efd6ca809bf21c3839214d6758f3c19bec0ee9d4f4cd03a4cf036300abd78502f7aeacdfc2dfcf09aa97893d6a86fbb1 From 3899d7202118d69767fff0778e4c5e885d497a47 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Fri, 11 Jan 2019 04:55:44 +0000 Subject: [PATCH 131/381] container-selinux-2:2.77-2.git2c57a17 - bump to 2.77 - autobuilt 2c57a17 Signed-off-by: Lokesh Mandvekar (Bot) --- container-selinux.spec | 12 ++++++++---- sources | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 0998d68..9aa20cd 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 13627777f8398d68d7de180ee4c07d454dc2d69b +%global commit0 2c57a17ab66c245a86dd00e03ec2b8e70ff76203 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.78 -Release: 1.git%{shortcommit0}%{?dist} +Version: 2.77 +Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,10 +109,14 @@ fi %{_datadir}/selinux/* %changelog +* Fri Jan 11 2019 Lokesh Mandvekar (Bot) - 2:2.77-2.git2c57a17 +- bump to 2.77 +- autobuilt 2c57a17 + * Thu Jan 10 2019 Dan Walsh - 2.78-1 - Fix labeling for images in docker daemon user namespace -* Mon Dec 17 2018 Dan Walsh - 2.77-1 +* Mon Dec 17 2018 Dan Walsh - 2.77-1.nightly.git2c57a17 - Allow container-runtime to setattr on fifo_file handed into container runtime. * Tue Nov 13 2018 Lokesh Mandvekar (Bot) - 2:2.752.75-1.dev.git99e2cfd1 diff --git a/sources b/sources index c5af941..4ba60f5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-1362777.tar.gz) = 2bbf208a2c0995ce5133e6846ad6f080efd6ca809bf21c3839214d6758f3c19bec0ee9d4f4cd03a4cf036300abd78502f7aeacdfc2dfcf09aa97893d6a86fbb1 +SHA512 (container-selinux-2c57a17.tar.gz) = a136937d766f2727d4ca51dd2ca73b16c484bf7a6ccd09634ce2b29d46620a8152b7535e5b4663fe10d9ac502493c680e0d35b2b0eea7bbec8d54fb7de12eef2 From d4eda46462581bf8969749f5595ff5d345afecc8 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 11 Jan 2019 11:05:46 -0500 Subject: [PATCH 132/381] Fix labeling on /var/lib/registries --- .gitignore | 4 +--- container-selinux.spec | 13 ++++++------- sources | 2 +- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index 9e4f3dc..a593471 100644 --- a/.gitignore +++ b/.gitignore @@ -56,11 +56,8 @@ /container-selinux-dfaf8fd.tar.gz /container-selinux-8ecc282.tar.gz /container-selinux-0407867.tar.gz -<<<<<<< Updated upstream /container-selinux-042f7cf.tar.gz -======= /container-selinux-25277c8.tar.gz ->>>>>>> Stashed changes /container-selinux-c139a3d.tar.gz /container-selinux-452b90d.tar.gz /container-selinux-4e73492.tar.gz @@ -72,3 +69,4 @@ /container-selinux-5133af6.tar.gz /container-selinux-2c57a17.tar.gz /container-selinux-1362777.tar.gz +/container-selinux-6f01752.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 9aa20cd..11005b1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 2c57a17ab66c245a86dd00e03ec2b8e70ff76203 +%global commit0 6f01752858c0ee79dddf0e4c1bf845fb35d9eaf6 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.77 -Release: 2.git%{shortcommit0}%{?dist} +Version: 2.79 +Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,14 +109,13 @@ fi %{_datadir}/selinux/* %changelog -* Fri Jan 11 2019 Lokesh Mandvekar (Bot) - 2:2.77-2.git2c57a17 -- bump to 2.77 -- autobuilt 2c57a17 +* Fri Jan 11 2019 Dan Walsh - 2.79-1 +- Fix labeling on /var/lib/registries * Thu Jan 10 2019 Dan Walsh - 2.78-1 - Fix labeling for images in docker daemon user namespace -* Mon Dec 17 2018 Dan Walsh - 2.77-1.nightly.git2c57a17 +* Mon Dec 17 2018 Dan Walsh - 2.77-1 - Allow container-runtime to setattr on fifo_file handed into container runtime. * Tue Nov 13 2018 Lokesh Mandvekar (Bot) - 2:2.752.75-1.dev.git99e2cfd1 diff --git a/sources b/sources index 4ba60f5..f70aa72 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-2c57a17.tar.gz) = a136937d766f2727d4ca51dd2ca73b16c484bf7a6ccd09634ce2b29d46620a8152b7535e5b4663fe10d9ac502493c680e0d35b2b0eea7bbec8d54fb7de12eef2 +SHA512 (container-selinux-6f01752.tar.gz) = eedd30e77a39667b0352279975858febe7f1eb9910a663de2ad7c12076ab5f345d2350c51c870778009047141dfbcfdd17fa11c105f6ea23f2dde0b6885d31c2 From a562ce586f148ffcf2f39a7a11d3b6bc0c35d3e2 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 22 Jan 2019 14:54:38 +0100 Subject: [PATCH 133/381] Don't allow containers to talk to contianer runtime sockets --- container-selinux.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 11005b1..4ee743d 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 6f01752858c0ee79dddf0e4c1bf845fb35d9eaf6 +%global commit0 1b655d9aae4ec9859101b87d693566531b3dc4ff %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.79 +Version: 2.80 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -73,7 +73,7 @@ rm -rf container-selinux.spec %post # Install all modules in a single transaction if [ $1 -eq 1 ]; then - %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 + %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Jan 22 2019 Dan Walsh - 2.80-1 +- Don't allow containers to talk to contianer runtime sockets + * Fri Jan 11 2019 Dan Walsh - 2.79-1 - Fix labeling on /var/lib/registries From f7bd24fd60d10eee4b53ba29ce7e6cf99638398e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 22 Jan 2019 15:04:58 +0100 Subject: [PATCH 134/381] Don't allow containers to talk to contianer runtime sockets --- container-selinux.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 4ee743d..03831dc 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -109,7 +109,7 @@ fi %{_datadir}/selinux/* %changelog -* Fri Jan 22 2019 Dan Walsh - 2.80-1 +* Tue Jan 22 2019 Dan Walsh - 2.80-1 - Don't allow containers to talk to contianer runtime sockets * Fri Jan 11 2019 Dan Walsh - 2.79-1 From ff7f91056439ca276ffceccfce37a04a2a2d436d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 22 Jan 2019 15:05:39 +0100 Subject: [PATCH 135/381] Don't allow containers to talk to contianer runtime sockets --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index a593471..01cef0a 100644 --- a/.gitignore +++ b/.gitignore @@ -70,3 +70,4 @@ /container-selinux-2c57a17.tar.gz /container-selinux-1362777.tar.gz /container-selinux-6f01752.tar.gz +/container-selinux-1b655d9.tar.gz diff --git a/sources b/sources index f70aa72..ed72e9c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-6f01752.tar.gz) = eedd30e77a39667b0352279975858febe7f1eb9910a663de2ad7c12076ab5f345d2350c51c870778009047141dfbcfdd17fa11c105f6ea23f2dde0b6885d31c2 +SHA512 (container-selinux-1b655d9.tar.gz) = a6b7747d7fa769e4e90898c8b6b465785d21cd22e9b30bfa874aff15091ea0c577e1f245242b3d25814190e6b00e0e54da5bb59ae26239e8aacb3da1f375e16e From 6355b5e7744d680a1d14c0a0d1b5b6c3ae0dcbe1 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 31 Jan 2019 16:13:35 +0000 Subject: [PATCH 136/381] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 03831dc..aecf0e4 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -27,7 +27,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.80 -Release: 1.git%{shortcommit0}%{?dist} +Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Jan 31 2019 Fedora Release Engineering - 2:2.80-2.git1b655d9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Tue Jan 22 2019 Dan Walsh - 2.80-1 - Don't allow containers to talk to contianer runtime sockets From 2ae0570400e542fc29edf684361daae718282332 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 7 Feb 2019 10:02:09 -0700 Subject: [PATCH 137/381] Add new labels for paths for containerd --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 1 + 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 01cef0a..3280214 100644 --- a/.gitignore +++ b/.gitignore @@ -71,3 +71,4 @@ /container-selinux-1362777.tar.gz /container-selinux-6f01752.tar.gz /container-selinux-1b655d9.tar.gz +/container-selinux-484806a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index aecf0e4..72c6fa8 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 1b655d9aae4ec9859101b87d693566531b3dc4ff +%global commit0 484806a3fb3235827dcad0ac65a2b87a1a964a48 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.80 +Version: 2.81 Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Feb 7 2019 Dan Walsh - 2.81-1 +- Add new labels for paths for containerd + * Thu Jan 31 2019 Fedora Release Engineering - 2:2.80-2.git1b655d9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild diff --git a/sources b/sources index ed72e9c..636ff3b 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (container-selinux-1b655d9.tar.gz) = a6b7747d7fa769e4e90898c8b6b465785d21cd22e9b30bfa874aff15091ea0c577e1f245242b3d25814190e6b00e0e54da5bb59ae26239e8aacb3da1f375e16e +SHA512 (container-selinux-484806a.tar.gz) = abda91a9690694fc4a862fd11a386887740c5ffba60bd69b436fd02cd9fc85392e959b88bcff4d7e15b3e5cd0e32f1489d6294180628a953e2738ae86fb127ea From e791d82a98e1325fca44b720962697323066c0c0 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Fri, 8 Feb 2019 05:02:18 +0000 Subject: [PATCH 138/381] container-selinux-2:2.80-3.git21c2be6 - bump to 2.80 - autobuilt 21c2be6 Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 12 ++++++++---- sources | 3 +-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 3280214..ee5c5ec 100644 --- a/.gitignore +++ b/.gitignore @@ -72,3 +72,4 @@ /container-selinux-6f01752.tar.gz /container-selinux-1b655d9.tar.gz /container-selinux-484806a.tar.gz +/container-selinux-21c2be6.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 72c6fa8..454ff39 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 484806a3fb3235827dcad0ac65a2b87a1a964a48 +%global commit0 21c2be6cdcf41fb6071a2915171c367ead17cd11 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.81 -Release: 2.git%{shortcommit0}%{?dist} +Version: 2.80 +Release: 3.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,13 +109,17 @@ fi %{_datadir}/selinux/* %changelog +* Fri Feb 08 2019 Lokesh Mandvekar (Bot) - 2:2.80-3.git21c2be6 +- bump to 2.80 +- autobuilt 21c2be6 + * Thu Feb 7 2019 Dan Walsh - 2.81-1 - Add new labels for paths for containerd * Thu Jan 31 2019 Fedora Release Engineering - 2:2.80-2.git1b655d9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -* Tue Jan 22 2019 Dan Walsh - 2.80-1 +* Tue Jan 22 2019 Dan Walsh - 2.80-1.nightly.git21c2be6 - Don't allow containers to talk to contianer runtime sockets * Fri Jan 11 2019 Dan Walsh - 2.79-1 diff --git a/sources b/sources index 636ff3b..58a4ceb 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (container-selinux-1b655d9.tar.gz) = a6b7747d7fa769e4e90898c8b6b465785d21cd22e9b30bfa874aff15091ea0c577e1f245242b3d25814190e6b00e0e54da5bb59ae26239e8aacb3da1f375e16e -SHA512 (container-selinux-484806a.tar.gz) = abda91a9690694fc4a862fd11a386887740c5ffba60bd69b436fd02cd9fc85392e959b88bcff4d7e15b3e5cd0e32f1489d6294180628a953e2738ae86fb127ea +SHA512 (container-selinux-21c2be6.tar.gz) = e48ab210056c4e33738649030d2bf8c2cf6580aaed9993a4781b0407a0e2a4e5607a732c391f88985d9c4eaadf73263794f356f7a86e16c69e7bf4c370d73387 From 9c1bcaed9ffa297dcb72bed6dc3936acc959e919 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 10 Feb 2019 07:36:32 -0700 Subject: [PATCH 139/381] Allow confined users to use containers --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index ee5c5ec..b8974bb 100644 --- a/.gitignore +++ b/.gitignore @@ -73,3 +73,4 @@ /container-selinux-1b655d9.tar.gz /container-selinux-484806a.tar.gz /container-selinux-21c2be6.tar.gz +/container-selinux-5e1f62f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 454ff39..5e01e51 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 21c2be6cdcf41fb6071a2915171c367ead17cd11 +%global commit0 5e1f62fe319ebbef46bcabc8cc5e22d209411dda %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.80 -Release: 3.git%{shortcommit0}%{?dist} +Version: 2.82 +Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Sun Feb 10 2019 Dan Walsh - 2.82-1 +- Allow confined users to use containers + * Fri Feb 08 2019 Lokesh Mandvekar (Bot) - 2:2.80-3.git21c2be6 - bump to 2.80 - autobuilt 21c2be6 diff --git a/sources b/sources index 58a4ceb..e46329b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-21c2be6.tar.gz) = e48ab210056c4e33738649030d2bf8c2cf6580aaed9993a4781b0407a0e2a4e5607a732c391f88985d9c4eaadf73263794f356f7a86e16c69e7bf4c370d73387 +SHA512 (container-selinux-5e1f62f.tar.gz) = 8184e4191cbce80e8ecf65f82e64f6b85eeda0b7b958be099b97100aaa78c71e3d0adec642eafb7e58037ba0a5b0452da7674d7e6c02a8f3c125f67629425ea7 From a2d2cf7715fb0b53c51710c53ed709c37be3fe33 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 25 Feb 2019 10:08:25 -0500 Subject: [PATCH 140/381] Allow containers to mounton cgroup and container_file_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index b8974bb..794e800 100644 --- a/.gitignore +++ b/.gitignore @@ -74,3 +74,4 @@ /container-selinux-484806a.tar.gz /container-selinux-21c2be6.tar.gz /container-selinux-5e1f62f.tar.gz +/container-selinux-ec6fcad.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 5e01e51..da57321 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 5e1f62fe319ebbef46bcabc8cc5e22d209411dda +%global commit0 ec6fcadf8820fefd8d231375a5648856323a3fba %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.82 +Version: 2.83 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Feb 25 2019 Dan Walsh - 2.83-1 +- Allow containers to mounton cgroup and container_file_t + * Sun Feb 10 2019 Dan Walsh - 2.82-1 - Allow confined users to use containers diff --git a/sources b/sources index e46329b..06e646f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5e1f62f.tar.gz) = 8184e4191cbce80e8ecf65f82e64f6b85eeda0b7b958be099b97100aaa78c71e3d0adec642eafb7e58037ba0a5b0452da7674d7e6c02a8f3c125f67629425ea7 +SHA512 (container-selinux-ec6fcad.tar.gz) = cd7308534a58d5bdf75431c64b8d5b0ea75fac4d032a171c156c5350805299d97afee7971fee9e51653081025027e6d4db31c78023a1f2420a34db151b536e42 From 0a83311798b6ef88453df819ef8ed4dbb911d1d8 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Tue, 26 Feb 2019 05:15:09 +0000 Subject: [PATCH 141/381] container-selinux-2:2.82-2.git5e1f62f - bump to 2.82 - autobuilt 5e1f62f Signed-off-by: Lokesh Mandvekar (Bot) --- container-selinux.spec | 12 ++++++++---- sources | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index da57321..9128f3e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 ec6fcadf8820fefd8d231375a5648856323a3fba +%global commit0 5e1f62fe319ebbef46bcabc8cc5e22d209411dda %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.83 -Release: 1.git%{shortcommit0}%{?dist} +Version: 2.82 +Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,10 +109,14 @@ fi %{_datadir}/selinux/* %changelog +* Tue Feb 26 2019 Lokesh Mandvekar (Bot) - 2:2.82-2.git5e1f62f +- bump to 2.82 +- autobuilt 5e1f62f + * Mon Feb 25 2019 Dan Walsh - 2.83-1 - Allow containers to mounton cgroup and container_file_t -* Sun Feb 10 2019 Dan Walsh - 2.82-1 +* Sun Feb 10 2019 Dan Walsh - 2.82-1.nightly.git5e1f62f - Allow confined users to use containers * Fri Feb 08 2019 Lokesh Mandvekar (Bot) - 2:2.80-3.git21c2be6 diff --git a/sources b/sources index 06e646f..e46329b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-ec6fcad.tar.gz) = cd7308534a58d5bdf75431c64b8d5b0ea75fac4d032a171c156c5350805299d97afee7971fee9e51653081025027e6d4db31c78023a1f2420a34db151b536e42 +SHA512 (container-selinux-5e1f62f.tar.gz) = 8184e4191cbce80e8ecf65f82e64f6b85eeda0b7b958be099b97100aaa78c71e3d0adec642eafb7e58037ba0a5b0452da7674d7e6c02a8f3c125f67629425ea7 From 9481eed87db6a41a09d2461594c5f714874fd8a1 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 28 Feb 2019 08:15:40 -0500 Subject: [PATCH 142/381] More allow rules to allow containers to run within containers --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 794e800..5a95dfc 100644 --- a/.gitignore +++ b/.gitignore @@ -75,3 +75,4 @@ /container-selinux-21c2be6.tar.gz /container-selinux-5e1f62f.tar.gz /container-selinux-ec6fcad.tar.gz +/container-selinux-eb60838.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 9128f3e..24f448c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 5e1f62fe319ebbef46bcabc8cc5e22d209411dda +%global commit0 eb60838b8e9b88aeb1c3a7f68c93ccfd8a67fbdd %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.82 -Release: 2.git%{shortcommit0}%{?dist} +Version: 2.84 +Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Feb 28 2019 Dan Walsh - 2.84-1 +- More allow rules to allow containers to run within containers + * Tue Feb 26 2019 Lokesh Mandvekar (Bot) - 2:2.82-2.git5e1f62f - bump to 2.82 - autobuilt 5e1f62f diff --git a/sources b/sources index e46329b..c285974 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5e1f62f.tar.gz) = 8184e4191cbce80e8ecf65f82e64f6b85eeda0b7b958be099b97100aaa78c71e3d0adec642eafb7e58037ba0a5b0452da7674d7e6c02a8f3c125f67629425ea7 +SHA512 (container-selinux-eb60838.tar.gz) = b4a4ae04d48de49dac9d588be5efc7abfaee7a8a82dd6186f51485e1e63a857fa84145a75aef265bbf66a089d818619b912f6a27bba064c45758dd15ae3fde44 From cdbdbb8ff6411116f229e25c8aa90213a2d210bb Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 28 Feb 2019 14:51:59 -0500 Subject: [PATCH 143/381] More allow rules to allow containers to run within containers --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 5a95dfc..d72e619 100644 --- a/.gitignore +++ b/.gitignore @@ -76,3 +76,4 @@ /container-selinux-5e1f62f.tar.gz /container-selinux-ec6fcad.tar.gz /container-selinux-eb60838.tar.gz +/container-selinux-92af7fd.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 24f448c..def291f 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 eb60838b8e9b88aeb1c3a7f68c93ccfd8a67fbdd +%global commit0 92af7fdb6d11c4c28c1b9bc2711766ef0acd031b %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.84 +Version: 2.85 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Feb 28 2019 Dan Walsh - 2.85-1 +- More allow rules to allow containers to run within containers + * Thu Feb 28 2019 Dan Walsh - 2.84-1 - More allow rules to allow containers to run within containers diff --git a/sources b/sources index c285974..aa7b869 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-eb60838.tar.gz) = b4a4ae04d48de49dac9d588be5efc7abfaee7a8a82dd6186f51485e1e63a857fa84145a75aef265bbf66a089d818619b912f6a27bba064c45758dd15ae3fde44 +SHA512 (container-selinux-92af7fd.tar.gz) = 2ac368ec88cb5ddd4d16db2d5d5f8bc45674aa797a30e5c92993ebc898a273592c2ef58662b45d44f2e42e9794151df6c62c01cc41f658bdeedbbdcb66f2bcc6 From 7ef0bf8d6fe217c547d871315ef949bc7fd29d8e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 1 Mar 2019 09:00:53 -0500 Subject: [PATCH 144/381] Allow unconfined user and services to dyntrans to container domains, needed for CRIU Allow containers exectue hugetlb files. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index d72e619..52b3488 100644 --- a/.gitignore +++ b/.gitignore @@ -77,3 +77,4 @@ /container-selinux-ec6fcad.tar.gz /container-selinux-eb60838.tar.gz /container-selinux-92af7fd.tar.gz +/container-selinux-c178849.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index def291f..4b74727 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 92af7fdb6d11c4c28c1b9bc2711766ef0acd031b +%global commit0 c1788491847627d39266b5b22e85c8b094f76d77 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.85 +Version: 2.86 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Fri Mar 1 2019 Dan Walsh - 2.86-1 +- Allow unconfined user and services to dyntrans to container domains, needed for CRIU +- Allow containers exectue hugetlb files. + * Thu Feb 28 2019 Dan Walsh - 2.85-1 - More allow rules to allow containers to run within containers diff --git a/sources b/sources index aa7b869..81063d9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-92af7fd.tar.gz) = 2ac368ec88cb5ddd4d16db2d5d5f8bc45674aa797a30e5c92993ebc898a273592c2ef58662b45d44f2e42e9794151df6c62c01cc41f658bdeedbbdcb66f2bcc6 +SHA512 (container-selinux-c178849.tar.gz) = cb5234b21c61236d81ea8532629633f5a635496c70c20d6969f303ab476adaec3e64d67f8eb56c3ae1672698486281679fe8b4c6dda3c3f80556df317c23ff48 From 17ada638531ff1531be9d8af7928898e31b60626 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Sat, 2 Mar 2019 05:05:56 +0000 Subject: [PATCH 145/381] container-selinux-2:2.87-2.git891a85f - bump to 2.87 - autobuilt 891a85f Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 52b3488..af84127 100644 --- a/.gitignore +++ b/.gitignore @@ -78,3 +78,4 @@ /container-selinux-eb60838.tar.gz /container-selinux-92af7fd.tar.gz /container-selinux-c178849.tar.gz +/container-selinux-891a85f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 4b74727..2bdae1d 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 c1788491847627d39266b5b22e85c8b094f76d77 +%global commit0 891a85fee0f55ea32100c3f47a273ea522f4f2fc %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.86 -Release: 1.git%{shortcommit0}%{?dist} +Version: 2.87 +Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Sat Mar 02 2019 Lokesh Mandvekar (Bot) - 2:2.87-2.git891a85f +- bump to 2.87 +- autobuilt 891a85f + * Fri Mar 1 2019 Dan Walsh - 2.86-1 - Allow unconfined user and services to dyntrans to container domains, needed for CRIU - Allow containers exectue hugetlb files. diff --git a/sources b/sources index 81063d9..c157f0b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-c178849.tar.gz) = cb5234b21c61236d81ea8532629633f5a635496c70c20d6969f303ab476adaec3e64d67f8eb56c3ae1672698486281679fe8b4c6dda3c3f80556df317c23ff48 +SHA512 (container-selinux-891a85f.tar.gz) = e5f0830be87495313658e7d18a6d7a2b11ed5d03dd6e57631b07e79c07baa7b100dbac675fb86e68ad1e95b2418e2f4bef378341d2df4ddd3e3ff35b92f92e21 From bee8aaf05125241526acae4fa984a4b763ffcb91 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Wed, 6 Mar 2019 05:18:39 +0000 Subject: [PATCH 146/381] container-selinux-2:2.87-3.git2c1a2ab - autobuilt 2c1a2ab Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index af84127..46e9746 100644 --- a/.gitignore +++ b/.gitignore @@ -79,3 +79,4 @@ /container-selinux-92af7fd.tar.gz /container-selinux-c178849.tar.gz /container-selinux-891a85f.tar.gz +/container-selinux-2c1a2ab.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 2bdae1d..98cc4f8 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 891a85fee0f55ea32100c3f47a273ea522f4f2fc +%global commit0 2c1a2ab7c5664312454e5278ccb86084a1c7a853 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,7 +27,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.87 -Release: 2.git%{shortcommit0}%{?dist} +Release: 3.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed Mar 06 2019 Lokesh Mandvekar (Bot) - 2:2.87-3.git2c1a2ab +- autobuilt 2c1a2ab + * Sat Mar 02 2019 Lokesh Mandvekar (Bot) - 2:2.87-2.git891a85f - bump to 2.87 - autobuilt 891a85f diff --git a/sources b/sources index c157f0b..ec019ea 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-891a85f.tar.gz) = e5f0830be87495313658e7d18a6d7a2b11ed5d03dd6e57631b07e79c07baa7b100dbac675fb86e68ad1e95b2418e2f4bef378341d2df4ddd3e3ff35b92f92e21 +SHA512 (container-selinux-2c1a2ab.tar.gz) = 57d5b6636b7b3febbac45565e9ea3740d7a3228da99a45b4ab143e132c10a4876b90f1ef71d0a28ae7c279ed52ecf396aeaab32826676f185e44f0497b143355 From 8200ea022e8b54c1abf407d2dd0c3363bf82817c Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Thu, 7 Mar 2019 05:22:18 +0000 Subject: [PATCH 147/381] container-selinux-2:2.88-4.git5c98b56 - bump to 2.88 - autobuilt 5c98b56 Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 46e9746..f94b7a6 100644 --- a/.gitignore +++ b/.gitignore @@ -80,3 +80,4 @@ /container-selinux-c178849.tar.gz /container-selinux-891a85f.tar.gz /container-selinux-2c1a2ab.tar.gz +/container-selinux-5c98b56.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 98cc4f8..726f6da 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 2c1a2ab7c5664312454e5278ccb86084a1c7a853 +%global commit0 5c98b566cbe887518204f1a7fd241d571c9f312e %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.87 -Release: 3.git%{shortcommit0}%{?dist} +Version: 2.88 +Release: 4.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Thu Mar 07 2019 Lokesh Mandvekar (Bot) - 2:2.88-4.git5c98b56 +- bump to 2.88 +- autobuilt 5c98b56 + * Wed Mar 06 2019 Lokesh Mandvekar (Bot) - 2:2.87-3.git2c1a2ab - autobuilt 2c1a2ab diff --git a/sources b/sources index ec019ea..91afdbf 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-2c1a2ab.tar.gz) = 57d5b6636b7b3febbac45565e9ea3740d7a3228da99a45b4ab143e132c10a4876b90f1ef71d0a28ae7c279ed52ecf396aeaab32826676f185e44f0497b143355 +SHA512 (container-selinux-5c98b56.tar.gz) = 78f59f3ccbf61193b802c0f443b3028be11cd3eaa5d2ad8c6bce7ee8f1ffd16384bd52bb1e2e321404b03179317462b624b377ff8a774838f3d6109210f72b6c From 8285069315e740de348964c83cfa49bb2586975f Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Sat, 9 Mar 2019 05:21:39 +0000 Subject: [PATCH 148/381] container-selinux-2:2.89-5.git2521d0d - bump to 2.89 - autobuilt 2521d0d Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index f94b7a6..a0987ff 100644 --- a/.gitignore +++ b/.gitignore @@ -81,3 +81,4 @@ /container-selinux-891a85f.tar.gz /container-selinux-2c1a2ab.tar.gz /container-selinux-5c98b56.tar.gz +/container-selinux-2521d0d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 726f6da..79f6577 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 5c98b566cbe887518204f1a7fd241d571c9f312e +%global commit0 2521d0d6082ea9057d827d257d27291bf6219aba %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.88 -Release: 4.git%{shortcommit0}%{?dist} +Version: 2.89 +Release: 5.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Sat Mar 09 2019 Lokesh Mandvekar (Bot) - 2:2.89-5.git2521d0d +- bump to 2.89 +- autobuilt 2521d0d + * Thu Mar 07 2019 Lokesh Mandvekar (Bot) - 2:2.88-4.git5c98b56 - bump to 2.88 - autobuilt 5c98b56 diff --git a/sources b/sources index 91afdbf..c9c3a02 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5c98b56.tar.gz) = 78f59f3ccbf61193b802c0f443b3028be11cd3eaa5d2ad8c6bce7ee8f1ffd16384bd52bb1e2e321404b03179317462b624b377ff8a774838f3d6109210f72b6c +SHA512 (container-selinux-2521d0d.tar.gz) = 316c85c5b7d061d7691047f09c721dd85fd65ed306991b8c49b2ba4aa88d25ed8ef68a8a8d8a38d331066beab79918253df93e7daf246d5de7bb76741e082115 From c650254748ca8bf7d7b267e0bd87823c8f895f65 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 9 Mar 2019 08:38:21 -0500 Subject: [PATCH 149/381] Allow all container domains to have container file types entrypoint Add new release to fix issues with udica Allow container_runtime_t to dyntransition to container domains --- .gitignore | 1 + container-selinux.spec | 9 +++++++-- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 52b3488..4d3f6eb 100644 --- a/.gitignore +++ b/.gitignore @@ -78,3 +78,4 @@ /container-selinux-eb60838.tar.gz /container-selinux-92af7fd.tar.gz /container-selinux-c178849.tar.gz +/container-selinux-2521d0d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 4b74727..850dc4c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 c1788491847627d39266b5b22e85c8b094f76d77 +%global commit0 2521d0d6082ea9057d827d257d27291bf6219aba %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.86 +Version: 2.89 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,11 @@ fi %{_datadir}/selinux/* %changelog +* Sat Mar 9 2019 Dan Walsh - 2.89-1 +- Allow all container domains to have container file types entrypoint +- Add new release to fix issues with udica +- Allow container_runtime_t to dyntransition to container domains + * Fri Mar 1 2019 Dan Walsh - 2.86-1 - Allow unconfined user and services to dyntrans to container domains, needed for CRIU - Allow containers exectue hugetlb files. diff --git a/sources b/sources index 81063d9..c9c3a02 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-c178849.tar.gz) = cb5234b21c61236d81ea8532629633f5a635496c70c20d6969f303ab476adaec3e64d67f8eb56c3ae1672698486281679fe8b4c6dda3c3f80556df317c23ff48 +SHA512 (container-selinux-2521d0d.tar.gz) = 316c85c5b7d061d7691047f09c721dd85fd65ed306991b8c49b2ba4aa88d25ed8ef68a8a8d8a38d331066beab79918253df93e7daf246d5de7bb76741e082115 From 4b3e8ccdf7fde71926d85cd0bf9894807228eb14 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 20 Mar 2019 15:41:00 -0400 Subject: [PATCH 150/381] Allow containers to mount and umount fuse file systems. This will allow us to use buidlah within a user namespace separated container. --- .gitignore | 4 +--- container-selinux.spec | 16 +++++++--------- sources | 2 +- 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index 8d78d12..5833226 100644 --- a/.gitignore +++ b/.gitignore @@ -78,10 +78,8 @@ /container-selinux-eb60838.tar.gz /container-selinux-92af7fd.tar.gz /container-selinux-c178849.tar.gz -<<<<<<< HEAD -======= /container-selinux-891a85f.tar.gz /container-selinux-2c1a2ab.tar.gz /container-selinux-5c98b56.tar.gz ->>>>>>> 8285069315e740de348964c83cfa49bb2586975f /container-selinux-2521d0d.tar.gz +/container-selinux-619db17.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index ab784ad..3b292fe 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 2521d0d6082ea9057d827d257d27291bf6219aba +%global commit0 619db17b743ec8c75dabb0b08563f9ddad899ff2 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,12 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.89 -<<<<<<< HEAD +Version: 2.90 Release: 1.git%{shortcommit0}%{?dist} -======= -Release: 5.git%{shortcommit0}%{?dist} ->>>>>>> 8285069315e740de348964c83cfa49bb2586975f License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -113,12 +109,15 @@ fi %{_datadir}/selinux/* %changelog -<<<<<<< HEAD +* Wed Mar 20 2019 Dan Walsh - 2.90-1 +- Allow containers to mount and umount fuse file systems. This will allow us +- to use buidlah within a user namespace separated container. + * Sat Mar 9 2019 Dan Walsh - 2.89-1 - Allow all container domains to have container file types entrypoint - Add new release to fix issues with udica - Allow container_runtime_t to dyntransition to container domains -======= + * Sat Mar 09 2019 Lokesh Mandvekar (Bot) - 2:2.89-5.git2521d0d - bump to 2.89 - autobuilt 2521d0d @@ -133,7 +132,6 @@ fi * Sat Mar 02 2019 Lokesh Mandvekar (Bot) - 2:2.87-2.git891a85f - bump to 2.87 - autobuilt 891a85f ->>>>>>> 8285069315e740de348964c83cfa49bb2586975f * Fri Mar 1 2019 Dan Walsh - 2.86-1 - Allow unconfined user and services to dyntrans to container domains, needed for CRIU diff --git a/sources b/sources index c9c3a02..fca6816 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-2521d0d.tar.gz) = 316c85c5b7d061d7691047f09c721dd85fd65ed306991b8c49b2ba4aa88d25ed8ef68a8a8d8a38d331066beab79918253df93e7daf246d5de7bb76741e082115 +SHA512 (container-selinux-619db17.tar.gz) = 958e7672a8a173b7b5d28c4a504d6c733292dfed7a850d81f8243c406eef497232dbaa7f6c6520054ef02e2d14a3a66b6e75035fa8177e145e94497f71ccaa40 From 81c6f71fc41233ccbe076015651e1baa7ee1d758 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 26 Mar 2019 08:15:18 -0400 Subject: [PATCH 151/381] Allow container runtimes to create unlabeled keyrings --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 5833226..603f304 100644 --- a/.gitignore +++ b/.gitignore @@ -83,3 +83,4 @@ /container-selinux-5c98b56.tar.gz /container-selinux-2521d0d.tar.gz /container-selinux-619db17.tar.gz +/container-selinux-acc6941.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 3b292fe..26ec77b 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 619db17b743ec8c75dabb0b08563f9ddad899ff2 +%global commit0 acc6941b2b35d7e44718bb986492d808906d9d8c %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.90 +Version: 2.91 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Mar 26 2019 Dan Walsh - 2.91-1 +- Allow container runtimes to create unlabeled keyrings + * Wed Mar 20 2019 Dan Walsh - 2.90-1 - Allow containers to mount and umount fuse file systems. This will allow us - to use buidlah within a user namespace separated container. diff --git a/sources b/sources index fca6816..05d5018 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-619db17.tar.gz) = 958e7672a8a173b7b5d28c4a504d6c733292dfed7a850d81f8243c406eef497232dbaa7f6c6520054ef02e2d14a3a66b6e75035fa8177e145e94497f71ccaa40 +SHA512 (container-selinux-acc6941.tar.gz) = 0086f8187095444deb8ed1b6b8396266aaf8f4f0f9d46b3bb82d89ba0208b174955fdf72e7c622e5f4d6f63ad6750318823f50f29ad73f72907b4da9b45ce39b From e0dcd250c0aab40dd93c96169b32e1ec0cbd100f Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 28 Mar 2019 08:00:26 -0400 Subject: [PATCH 152/381] Allow init_t to manage container content Allow container domains to create fifo_files on fusefs file systems Add boolean to allow containers to use ceph file systems --- .gitignore | 1 + container-selinux.spec | 9 +++++++-- sources | 1 + 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 603f304..7961c2f 100644 --- a/.gitignore +++ b/.gitignore @@ -84,3 +84,4 @@ /container-selinux-2521d0d.tar.gz /container-selinux-619db17.tar.gz /container-selinux-acc6941.tar.gz +/container-selinux-1e99f1d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 26ec77b..5c6a6ae 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 acc6941b2b35d7e44718bb986492d808906d9d8c +%global commit0 1e99f1d53ac4b311c6020971f580fceee0d8cbfa %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.91 +Version: 2.94 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,11 @@ fi %{_datadir}/selinux/* %changelog +* Thu Mar 28 2019 Dan Walsh - 2.94-1 +- Allow init_t to manage container content +- Allow container domains to create fifo_files on fusefs file systems +- Add boolean to allow containers to use ceph file systems + * Tue Mar 26 2019 Dan Walsh - 2.91-1 - Allow container runtimes to create unlabeled keyrings diff --git a/sources b/sources index 05d5018..438452a 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (container-selinux-acc6941.tar.gz) = 0086f8187095444deb8ed1b6b8396266aaf8f4f0f9d46b3bb82d89ba0208b174955fdf72e7c622e5f4d6f63ad6750318823f50f29ad73f72907b4da9b45ce39b +SHA512 (container-selinux-1e99f1d.tar.gz) = ff485831a1912e0bb51346f8bc02d1d6dff9f4b97406d1c770c5cbfb6982b77fd82f92db62039adc8933e87b9035ea40a910e12f7b0c884ff75b8cf8892be97b From 83c147430e985d4649eb039ef4a71571855ed0bd Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 1 Apr 2019 17:46:19 -0400 Subject: [PATCH 153/381] Allow containers to create fusefs sockets and named pipes --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 5c6a6ae..d183cce 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 1e99f1d53ac4b311c6020971f580fceee0d8cbfa +%global commit0 e3ebc6845ce8a5427b521e3f4087dab8e383a550 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.94 +Version: 2.95 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 1 2019 Dan Walsh - 2.95-1 +- Allow containers to create fusefs sockets and named pipes + * Thu Mar 28 2019 Dan Walsh - 2.94-1 - Allow init_t to manage container content - Allow container domains to create fifo_files on fusefs file systems From 9a2cedceeb6bf7ff089aceb3985f104e10d40014 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 1 Apr 2019 17:47:51 -0400 Subject: [PATCH 154/381] Allow containers to create fusefs sockets and named pipes --- .gitignore | 1 + sources | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 7961c2f..c4af282 100644 --- a/.gitignore +++ b/.gitignore @@ -85,3 +85,4 @@ /container-selinux-619db17.tar.gz /container-selinux-acc6941.tar.gz /container-selinux-1e99f1d.tar.gz +/container-selinux-e3ebc68.tar.gz diff --git a/sources b/sources index 438452a..52e8f73 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (container-selinux-acc6941.tar.gz) = 0086f8187095444deb8ed1b6b8396266aaf8f4f0f9d46b3bb82d89ba0208b174955fdf72e7c622e5f4d6f63ad6750318823f50f29ad73f72907b4da9b45ce39b -SHA512 (container-selinux-1e99f1d.tar.gz) = ff485831a1912e0bb51346f8bc02d1d6dff9f4b97406d1c770c5cbfb6982b77fd82f92db62039adc8933e87b9035ea40a910e12f7b0c884ff75b8cf8892be97b +SHA512 (container-selinux-e3ebc68.tar.gz) = 0487c6d1163c956c47cfc158ca3c41501c080428324d8dddc8cda31af282cd4cdc2f2eb9dcfd64e49dda59b26df6d9c9a253e00fcb91b36f1c8fa1a3ec272d2a From 7bfa450762e5546eff4d380921300b14df4a681f Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 12 Apr 2019 12:48:55 -0400 Subject: [PATCH 155/381] Allow containers to read/write sysctl_kernel_ns_last_pid_t Allow containers to manage fusefs sockets and named pipes --- .gitignore | 1 + container-selinux.spec | 11 +++++++++-- sources | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index c4af282..ff3c090 100644 --- a/.gitignore +++ b/.gitignore @@ -86,3 +86,4 @@ /container-selinux-acc6941.tar.gz /container-selinux-1e99f1d.tar.gz /container-selinux-e3ebc68.tar.gz +/container-selinux-a6c9822.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index d183cce..2256278 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 e3ebc6845ce8a5427b521e3f4087dab8e383a550 +%global commit0 a6c98225aa149b432c0b752c15da760d5559647d %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.95 +Version: 2.97 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,13 @@ fi %{_datadir}/selinux/* %changelog +* Fri Apr 12 2019 Dan Walsh - 2.97-1 +- Allow containers to read/write sysctl_kernel_ns_last_pid_t +- Allow containers to manage fusefs sockets and named pipes + +* Thu Apr 4 2019 Dan Walsh - 2.96-1 +- Allow containers to read/write sysctl_kernel_ns_last_pid_t + * Mon Apr 1 2019 Dan Walsh - 2.95-1 - Allow containers to create fusefs sockets and named pipes diff --git a/sources b/sources index 52e8f73..c467ad6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-e3ebc68.tar.gz) = 0487c6d1163c956c47cfc158ca3c41501c080428324d8dddc8cda31af282cd4cdc2f2eb9dcfd64e49dda59b26df6d9c9a253e00fcb91b36f1c8fa1a3ec272d2a +SHA512 (container-selinux-a6c9822.tar.gz) = 285c481a04ebc0697270d7f3c0f4e02c8f2da305e256fbebd1b8e9f689d27a0adb1129a50181e98036d87e20eb7440844ce30168649f6b19deacd844205a5a4e From e2b52d2d49239e7a0250c28023a49353d02aaa23 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 15 Apr 2019 09:14:34 -0400 Subject: [PATCH 156/381] Allow iptables to append to container_file_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index ff3c090..759e0ee 100644 --- a/.gitignore +++ b/.gitignore @@ -87,3 +87,4 @@ /container-selinux-1e99f1d.tar.gz /container-selinux-e3ebc68.tar.gz /container-selinux-a6c9822.tar.gz +/container-selinux-aa7b807.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 2256278..7066869 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 a6c98225aa149b432c0b752c15da760d5559647d +%global commit0 aa7b8073fc449efad54710b0325a0e5eaf7b3479 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.97 +Version: 2.98 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 15 2019 Dan Walsh - 2.98-1 +- Allow iptables to append to container_file_t + * Fri Apr 12 2019 Dan Walsh - 2.97-1 - Allow containers to read/write sysctl_kernel_ns_last_pid_t - Allow containers to manage fusefs sockets and named pipes diff --git a/sources b/sources index c467ad6..291237d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-a6c9822.tar.gz) = 285c481a04ebc0697270d7f3c0f4e02c8f2da305e256fbebd1b8e9f689d27a0adb1129a50181e98036d87e20eb7440844ce30168649f6b19deacd844205a5a4e +SHA512 (container-selinux-aa7b807.tar.gz) = 65e754254a81985f60fc54502e179c772d48d43a9fef007fbd85842df844e4d3ccaeb679edff332cd22583163e79d21c5bf062b04f960b833fc100c85fb0a169 From dfec1aa7256a0ebb78fb54e07fb836f68d663cf6 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 22 Apr 2019 16:51:35 -0400 Subject: [PATCH 157/381] Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 7066869..5971abc 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 aa7b8073fc449efad54710b0325a0e5eaf7b3479 +%global commit0 9a53d6c1b9b5bd2534d94204727e101c49f4fdc2 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.98 +Version: 2.99 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 22 2019 Dan Walsh - 2.99-1 +- Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. + * Mon Apr 15 2019 Dan Walsh - 2.98-1 - Allow iptables to append to container_file_t From e49a8125a0ff44e02e2d84c97cefbbfa2fbb4ecb Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 22 Apr 2019 16:51:58 -0400 Subject: [PATCH 158/381] Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 759e0ee..bdc68d7 100644 --- a/.gitignore +++ b/.gitignore @@ -88,3 +88,4 @@ /container-selinux-e3ebc68.tar.gz /container-selinux-a6c9822.tar.gz /container-selinux-aa7b807.tar.gz +/container-selinux-9a53d6c.tar.gz diff --git a/sources b/sources index 291237d..d991cf6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-aa7b807.tar.gz) = 65e754254a81985f60fc54502e179c772d48d43a9fef007fbd85842df844e4d3ccaeb679edff332cd22583163e79d21c5bf062b04f960b833fc100c85fb0a169 +SHA512 (container-selinux-9a53d6c.tar.gz) = 7b9a35cea07a7a5d2c0c6376b70a9b6bdbe62effee5a0ab5f26d700a23af5c4bbf70fa6c7ac59bbe9c15286bd031eab6f57e0ad0f4155c0df2be0da8c82d8dc1 From 920a724abf3b81e723e87965fd0944f0cbe4bc0f Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 22 Apr 2019 16:51:58 -0400 Subject: [PATCH 159/381] Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. Signed-off-by: Daniel J Walsh --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 759e0ee..bdc68d7 100644 --- a/.gitignore +++ b/.gitignore @@ -88,3 +88,4 @@ /container-selinux-e3ebc68.tar.gz /container-selinux-a6c9822.tar.gz /container-selinux-aa7b807.tar.gz +/container-selinux-9a53d6c.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 5971abc..da849c1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 9a53d6c1b9b5bd2534d94204727e101c49f4fdc2 +%global commit0 3b78187c6f61bd21db58fdd620ce9510515cd864 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.99 +Version: 2.100 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Apr 23 2019 Dan Walsh - 2.100-1 +- Allow containers running as spc_t to create unlabeled_t kernel keyrings + * Mon Apr 22 2019 Dan Walsh - 2.99-1 - Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. diff --git a/sources b/sources index 291237d..d991cf6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-aa7b807.tar.gz) = 65e754254a81985f60fc54502e179c772d48d43a9fef007fbd85842df844e4d3ccaeb679edff332cd22583163e79d21c5bf062b04f960b833fc100c85fb0a169 +SHA512 (container-selinux-9a53d6c.tar.gz) = 7b9a35cea07a7a5d2c0c6376b70a9b6bdbe62effee5a0ab5f26d700a23af5c4bbf70fa6c7ac59bbe9c15286bd031eab6f57e0ad0f4155c0df2be0da8c82d8dc1 From bd9b0f58533c1e532f579c6f14c392d15f03b545 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 23 Apr 2019 11:44:39 -0400 Subject: [PATCH 160/381] Allow containers running as spc_t to create unlabeled_t kernel keyrings --- .gitignore | 1 + sources | 1 + 2 files changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index bdc68d7..6f0c802 100644 --- a/.gitignore +++ b/.gitignore @@ -89,3 +89,4 @@ /container-selinux-a6c9822.tar.gz /container-selinux-aa7b807.tar.gz /container-selinux-9a53d6c.tar.gz +/container-selinux-3b78187.tar.gz diff --git a/sources b/sources index d991cf6..6a3fd44 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (container-selinux-9a53d6c.tar.gz) = 7b9a35cea07a7a5d2c0c6376b70a9b6bdbe62effee5a0ab5f26d700a23af5c4bbf70fa6c7ac59bbe9c15286bd031eab6f57e0ad0f4155c0df2be0da8c82d8dc1 +SHA512 (container-selinux-3b78187.tar.gz) = 259812b900cd91197da0df4537aee9885cf2412241f8a5d7d81c1b1ac7481b1e615a1a984e548e2540c8b8705e32c52c0f1ce9bc64161ba38ed873e45beb0fd0 From 3cdf9de46ffe4e7982bbcd53dd32a22d296af8b1 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 23 Apr 2019 11:44:55 -0400 Subject: [PATCH 161/381] Allow containers running as spc_t to create unlabeled_t kernel keyrings --- sources | 1 - 1 file changed, 1 deletion(-) diff --git a/sources b/sources index 6a3fd44..ba8d7ce 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (container-selinux-9a53d6c.tar.gz) = 7b9a35cea07a7a5d2c0c6376b70a9b6bdbe62effee5a0ab5f26d700a23af5c4bbf70fa6c7ac59bbe9c15286bd031eab6f57e0ad0f4155c0df2be0da8c82d8dc1 SHA512 (container-selinux-3b78187.tar.gz) = 259812b900cd91197da0df4537aee9885cf2412241f8a5d7d81c1b1ac7481b1e615a1a984e548e2540c8b8705e32c52c0f1ce9bc64161ba38ed873e45beb0fd0 From 5c4855c3138a001c08bb3891ed70d975eeca29de Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 3 May 2019 15:32:13 -0400 Subject: [PATCH 162/381] Allow containers to read rpm cache and rpm databse --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 6f0c802..dcca350 100644 --- a/.gitignore +++ b/.gitignore @@ -90,3 +90,4 @@ /container-selinux-aa7b807.tar.gz /container-selinux-9a53d6c.tar.gz /container-selinux-3b78187.tar.gz +/container-selinux-b0061dc.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index da849c1..326f5ac 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 3b78187c6f61bd21db58fdd620ce9510515cd864 +%global commit0 b0061dc4182fb90f335f37e8b62c7a3b7e64dd09 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.100 +Version: 2.101 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -94,7 +94,7 @@ matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedi %postun if [ $1 -eq 0 ]; then -%{_sbindir}/semodule -n -r %{modulenames} docker &> /dev/null || : +%{_sbindir}/semodule -n -r %{modulenames} &> /dev/null || : if %{_sbindir}/selinuxenabled ; then %{_sbindir}/load_policy %relabel_files @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri May 3 2019 Dan Walsh - 2.101-1 +- Allow containers to read rpm cache and rpm databse + * Tue Apr 23 2019 Dan Walsh - 2.100-1 - Allow containers running as spc_t to create unlabeled_t kernel keyrings diff --git a/sources b/sources index ba8d7ce..c727f46 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-3b78187.tar.gz) = 259812b900cd91197da0df4537aee9885cf2412241f8a5d7d81c1b1ac7481b1e615a1a984e548e2540c8b8705e32c52c0f1ce9bc64161ba38ed873e45beb0fd0 +SHA512 (container-selinux-b0061dc.tar.gz) = 74b8ce388cc6d8b2344f3f9652bba065308b6711f88e71fcb9556413c520be1a11af4fbf399dfd5c61dc608f7e6be5566683d64383cfb46789986bb9c24bb55d From 0ced217ba75c4bcc02684d65c8c9bd7e634b5dca Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 12 May 2019 06:50:58 -0400 Subject: [PATCH 163/381] Allow all container domains to be entered from container_file_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index dcca350..af438ef 100644 --- a/.gitignore +++ b/.gitignore @@ -91,3 +91,4 @@ /container-selinux-9a53d6c.tar.gz /container-selinux-3b78187.tar.gz /container-selinux-b0061dc.tar.gz +/container-selinux-1c24dcb.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 326f5ac..1537aef 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 b0061dc4182fb90f335f37e8b62c7a3b7e64dd09 +%global commit0 1c24dcb7f081102acb48e7b95788442ba7b6c57f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.101 +Version: 2.102 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Sun May 12 2019 Dan Walsh - 2.102-1 +- Allow all container domains to be entered from container_file_t + * Fri May 3 2019 Dan Walsh - 2.101-1 - Allow containers to read rpm cache and rpm databse diff --git a/sources b/sources index c727f46..8403962 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-b0061dc.tar.gz) = 74b8ce388cc6d8b2344f3f9652bba065308b6711f88e71fcb9556413c520be1a11af4fbf399dfd5c61dc608f7e6be5566683d64383cfb46789986bb9c24bb55d +SHA512 (container-selinux-1c24dcb.tar.gz) = 884272ffe45054019317a849c7a9b939d368c5dfb71f59d6cf123e4552f8a080dbcda071b85bff279058bad33d5c30a8dc5dca5f8c30d1cac45a03b03ac6bad9 From bd1fb39d87db3763c360499fc60e76b81cc5a8d9 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 17 May 2019 16:34:53 -0400 Subject: [PATCH 164/381] Set proper labeling for container volumes --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 1537aef..f62f8f6 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 1c24dcb7f081102acb48e7b95788442ba7b6c57f +%global commit0 b275a1f887c98ff545a22252c39085594cfffca4 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.102 +Version: 2.103 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri May 17 2019 Dan Walsh - 2.103-1 +- Set proper labeling for container volumes + * Sun May 12 2019 Dan Walsh - 2.102-1 - Allow all container domains to be entered from container_file_t From c4b1cdf7e5d7c31d163cc81deab0f67173768706 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 17 May 2019 16:35:24 -0400 Subject: [PATCH 165/381] Set proper labeling for container volumes --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index af438ef..6ae87bb 100644 --- a/.gitignore +++ b/.gitignore @@ -92,3 +92,4 @@ /container-selinux-3b78187.tar.gz /container-selinux-b0061dc.tar.gz /container-selinux-1c24dcb.tar.gz +/container-selinux-b275a1f.tar.gz diff --git a/sources b/sources index 8403962..d053aa8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-1c24dcb.tar.gz) = 884272ffe45054019317a849c7a9b939d368c5dfb71f59d6cf123e4552f8a080dbcda071b85bff279058bad33d5c30a8dc5dca5f8c30d1cac45a03b03ac6bad9 +SHA512 (container-selinux-b275a1f.tar.gz) = 7a7287cfb0b573bf9784a7c68f04f11c65169dcc6712e8dff567ece159a6c347c6c023043f364ae64ab02ac86288ee7a689b3b16ea0fd06a608138c34b91bee0 From 5a72894caf75ac6b30ac1e733e9dce0f92c161dc Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 3 Jun 2019 06:51:52 +0200 Subject: [PATCH 166/381] Set proper labeling for container volumes in SilverBlue --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 6ae87bb..19505f1 100644 --- a/.gitignore +++ b/.gitignore @@ -93,3 +93,4 @@ /container-selinux-b0061dc.tar.gz /container-selinux-1c24dcb.tar.gz /container-selinux-b275a1f.tar.gz +/container-selinux-7baad79.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index f62f8f6..e1875fe 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 b275a1f887c98ff545a22252c39085594cfffca4 +%global commit0 7baad79ed099c333465157a8c981d4393a381304 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.103 +Version: 2.104 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jun 3 2019 Dan Walsh - 2.104-1 +- Set proper labeling for container volumes in SilverBlue + * Fri May 17 2019 Dan Walsh - 2.103-1 - Set proper labeling for container volumes diff --git a/sources b/sources index d053aa8..bd36024 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-b275a1f.tar.gz) = 7a7287cfb0b573bf9784a7c68f04f11c65169dcc6712e8dff567ece159a6c347c6c023043f364ae64ab02ac86288ee7a689b3b16ea0fd06a608138c34b91bee0 +SHA512 (container-selinux-7baad79.tar.gz) = 9ac2e28bd0f435b24f1705c06875b94d6a4e4cebe7db4a2c3ad23b8dbda4f96e114acf963065f85327102ec7b179bd21d6b54d1c47b9ca04b06c811f714952da From 535b77ce650e3b7ab71a25834e3f25ccddd029b7 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 11 Jun 2019 15:04:40 -0400 Subject: [PATCH 167/381] Allow all unconfined domains to manage unlabeled keyrings Add labeling for kubernetes pods --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 19505f1..a747661 100644 --- a/.gitignore +++ b/.gitignore @@ -94,3 +94,4 @@ /container-selinux-1c24dcb.tar.gz /container-selinux-b275a1f.tar.gz /container-selinux-7baad79.tar.gz +/container-selinux-fc7111d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e1875fe..fc2a771 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 7baad79ed099c333465157a8c981d4393a381304 +%global commit0 fc7111d5a9649a3fd21972e190be505c1efdd8be %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.104 +Version: 2.106 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Tue Jun 11 2019 Dan Walsh - 2.106-1 +- Allow all unconfined domains to manage unlabeled keyrings +- Add labeling for kubernetes pods + * Mon Jun 3 2019 Dan Walsh - 2.104-1 - Set proper labeling for container volumes in SilverBlue diff --git a/sources b/sources index bd36024..27ec454 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-7baad79.tar.gz) = 9ac2e28bd0f435b24f1705c06875b94d6a4e4cebe7db4a2c3ad23b8dbda4f96e114acf963065f85327102ec7b179bd21d6b54d1c47b9ca04b06c811f714952da +SHA512 (container-selinux-fc7111d.tar.gz) = 4e72112d708d0c3693918aa4bbfb0a6362d393be31350195c18ef72ef2eef29e5b2ae0c91f3c882cd3c000cd03d475fb1443d52213ba20b6eb5add90b2ef1e54 From e642c7930b8e302c553eaf1253d6b1dba76dd9cf Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 14 Jun 2019 09:49:20 -0400 Subject: [PATCH 168/381] Allow containers to manipulate Onload files. --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index a747661..9548df9 100644 --- a/.gitignore +++ b/.gitignore @@ -95,3 +95,4 @@ /container-selinux-b275a1f.tar.gz /container-selinux-7baad79.tar.gz /container-selinux-fc7111d.tar.gz +/container-selinux-453b816.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index fc2a771..e1075fc 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 fc7111d5a9649a3fd21972e190be505c1efdd8be +%global commit0 453b816c74ca17ca891d44a4036a38ea8b3c6593 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.106 +Version: 2.107 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Jun 14 2019 Dan Walsh - 2.107-1 +- Allow containers to manipulate Onload files. + * Tue Jun 11 2019 Dan Walsh - 2.106-1 - Allow all unconfined domains to manage unlabeled keyrings - Add labeling for kubernetes pods diff --git a/sources b/sources index 27ec454..698dc99 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-fc7111d.tar.gz) = 4e72112d708d0c3693918aa4bbfb0a6362d393be31350195c18ef72ef2eef29e5b2ae0c91f3c882cd3c000cd03d475fb1443d52213ba20b6eb5add90b2ef1e54 +SHA512 (container-selinux-453b816.tar.gz) = 99c36aca1fd5ac71802892bcdfde74ae194dcb2b9b51cc99df86b5b7c80440478110d778e407b8a3dc167f3ad4b0aa8d753cd8878ef15bad2e6c0f8b4d98f2f6 From ff9d4132e3b2134c1410e6c109522c320a53f4e1 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 8 Jul 2019 13:40:06 -0400 Subject: [PATCH 169/381] Allow containers to accept connections on all socket types Allow containers to connect to gssproxy stream sockets if added to container --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 9548df9..16379be 100644 --- a/.gitignore +++ b/.gitignore @@ -96,3 +96,4 @@ /container-selinux-7baad79.tar.gz /container-selinux-fc7111d.tar.gz /container-selinux-453b816.tar.gz +/container-selinux-db771da.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e1075fc..5b20d9b 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 453b816c74ca17ca891d44a4036a38ea8b3c6593 +%global commit0 db771da27119098fe9aefb1c02033e496d5c8760 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.107 +Version: 2.109 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jul 8 2019 Dan Walsh - 2.109-1 +- Allow containers to accept connections on all socket types +- Allow containers to connect to gssproxy stream sockets if added to container + * Fri Jun 14 2019 Dan Walsh - 2.107-1 - Allow containers to manipulate Onload files. diff --git a/sources b/sources index 698dc99..2ad7730 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-453b816.tar.gz) = 99c36aca1fd5ac71802892bcdfde74ae194dcb2b9b51cc99df86b5b7c80440478110d778e407b8a3dc167f3ad4b0aa8d753cd8878ef15bad2e6c0f8b4d98f2f6 +SHA512 (container-selinux-db771da.tar.gz) = 880d656b56e94d4045073cfaf4738bbcf5bcd91f451bafa523ca4df6aed20f7fa2074f8b9bb2dc28bf33a3acd981e6fc349919bf6e7f3c946cc046dc66014a89 From 9db5509450af8cef6c1f9d1ee9f79b32771a5e5a Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 11 Jul 2019 00:16:25 +0530 Subject: [PATCH 170/381] container-selinux-2.110.0-1.1.dev.git544d71f - bump to v2.110.0 - hook up to autobuild Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 20 +++++++++++++------- sources | 2 +- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 16379be..0536b0f 100644 --- a/.gitignore +++ b/.gitignore @@ -97,3 +97,4 @@ /container-selinux-fc7111d.tar.gz /container-selinux-453b816.tar.gz /container-selinux-db771da.tar.gz +/container-selinux-544d71f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 5b20d9b..a368211 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -1,8 +1,8 @@ %global debug_package %{nil} # container-selinux -%global git0 https://github.com/projectatomic/container-selinux -%global commit0 db771da27119098fe9aefb1c02033e496d5c8760 +%global git0 https://github.com/containers/container-selinux +%global commit0 544d71ff87f427664ff65cfb94b6ad068af689a7 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -22,12 +22,13 @@ # Version of SELinux we were using %global selinux_policyver 3.13.1-220 +# Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.109 -Release: 1.git%{shortcommit0}%{?dist} +Version: 2.110.0 +Release: 1.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -73,7 +74,7 @@ rm -rf container-selinux.spec %post # Install all modules in a single transaction if [ $1 -eq 1 ]; then - %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 + %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null @@ -84,8 +85,8 @@ if %{_sbindir}/selinuxenabled ; then %{_sbindir}/load_policy %relabel_files if [ $1 -eq 1 ]; then - restorecon -R %{_sharedstatedir}/docker &> /dev/null || : - restorecon -R %{_sharedstatedir}/containers &> /dev/null || : + restorecon -R %{_sharedstatedir}/docker &> /dev/null || : + restorecon -R %{_sharedstatedir}/containers &> /dev/null || : fi fi . %{_sysconfdir}/selinux/config @@ -108,7 +109,12 @@ fi %doc README.md %{_datadir}/selinux/* +# Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Jul 10 2019 Lokesh Mandvekar - 2.110.0-1.1.dev.git544d71f +- bump to v2.110.0 +- hook up to autobuild + * Mon Jul 8 2019 Dan Walsh - 2.109-1 - Allow containers to accept connections on all socket types - Allow containers to connect to gssproxy stream sockets if added to container diff --git a/sources b/sources index 2ad7730..eb69337 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-db771da.tar.gz) = 880d656b56e94d4045073cfaf4738bbcf5bcd91f451bafa523ca4df6aed20f7fa2074f8b9bb2dc28bf33a3acd981e6fc349919bf6e7f3c946cc046dc66014a89 +SHA512 (container-selinux-544d71f.tar.gz) = ef4e58d33f095899c75a880cdb8e4fb2dc9523f717666af702e4d87a6ddccf7d9695b009872f42bd4dfae01944ee0335aa4688d6ffd6199efb38aaf29f997d73 From 20e3511f2b86412fad4d17ccb478f49250c89bbe Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Thu, 18 Jul 2019 03:24:01 +0000 Subject: [PATCH 171/381] container-selinux-2:2.111.0-2.1.dev.git9a75deb - bump to 2.111.0 - autobuilt 9a75deb Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 0536b0f..5d34d21 100644 --- a/.gitignore +++ b/.gitignore @@ -98,3 +98,4 @@ /container-selinux-453b816.tar.gz /container-selinux-db771da.tar.gz /container-selinux-544d71f.tar.gz +/container-selinux-9a75deb.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index a368211..90081e7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 544d71ff87f427664ff65cfb94b6ad068af689a7 +%global commit0 9a75deb315f10ca3cf1295e6cd56cec2e62dbf6e %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,8 +27,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.110.0 -Release: 1.1.dev.git%{shortcommit0}%{?dist} +Version: 2.111.0 +Release: 2.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Jul 18 2019 Lokesh Mandvekar (Bot) - 2:2.111.0-2.1.dev.git9a75deb +- bump to 2.111.0 +- autobuilt 9a75deb + * Wed Jul 10 2019 Lokesh Mandvekar - 2.110.0-1.1.dev.git544d71f - bump to v2.110.0 - hook up to autobuild diff --git a/sources b/sources index eb69337..622439c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-544d71f.tar.gz) = ef4e58d33f095899c75a880cdb8e4fb2dc9523f717666af702e4d87a6ddccf7d9695b009872f42bd4dfae01944ee0335aa4688d6ffd6199efb38aaf29f997d73 +SHA512 (container-selinux-9a75deb.tar.gz) = 0d6d69f49048a118e40fd6c06b8785e3eed5381ae4fe7d70e836fb61659df748b548deaaaff91eeb7ed466e70114b3c614b88218a58e286df091381706623dec From 1164ea7a24410fd1ef07ba06dc38cc5af6990183 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 24 Jul 2019 20:57:33 +0000 Subject: [PATCH 172/381] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 90081e7..065fd4a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -28,7 +28,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.111.0 -Release: 2.1.dev.git%{shortcommit0}%{?dist} +Release: 3.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Jul 24 2019 Fedora Release Engineering - 2:2.111.0-3.1.dev.git9a75deb +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Thu Jul 18 2019 Lokesh Mandvekar (Bot) - 2:2.111.0-2.1.dev.git9a75deb - bump to 2.111.0 - autobuilt 9a75deb From 7390ff8b0597960920986624e8e5dd19d6e8de84 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 8 Aug 2019 17:22:59 -0400 Subject: [PATCH 173/381] Allow containers to use fusefs_t entrypoint Dontaudit attempts to setattr on devicenodes. --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 5d34d21..99e890b 100644 --- a/.gitignore +++ b/.gitignore @@ -99,3 +99,4 @@ /container-selinux-db771da.tar.gz /container-selinux-544d71f.tar.gz /container-selinux-9a75deb.tar.gz +/container-selinux-b68cf19.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 065fd4a..37ac679 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 9a75deb315f10ca3cf1295e6cd56cec2e62dbf6e +%global commit0 b68cf19f1c6c920994becf8aa0dc141dec77de2a %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,8 +27,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.111.0 -Release: 3.1.dev.git%{shortcommit0}%{?dist} +Version: 2.112.0 +Release: 1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Aug 8 2019 Dan Walsh - 2.112-1 +- Allow containers to use fusefs_t entrypoint +- Dontaudit attempts to setattr on devicenodes. + * Wed Jul 24 2019 Fedora Release Engineering - 2:2.111.0-3.1.dev.git9a75deb - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild diff --git a/sources b/sources index 622439c..106cee4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-9a75deb.tar.gz) = 0d6d69f49048a118e40fd6c06b8785e3eed5381ae4fe7d70e836fb61659df748b548deaaaff91eeb7ed466e70114b3c614b88218a58e286df091381706623dec +SHA512 (container-selinux-b68cf19.tar.gz) = 25c3133277f55935ca19bdb1703079ba245def284d00c749464626d16d9ca2056dc7e9b6d806ccdf65825e3defc32540c7fbf6acdfc50c430c0da5a80a39e20f From 3125beb1b1d04a9a9d6a8b56a78cbea2a8567a61 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 9 Aug 2019 15:10:42 -0400 Subject: [PATCH 174/381] Allow containers to name_bind to rawip_sockets. --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 99e890b..d582e45 100644 --- a/.gitignore +++ b/.gitignore @@ -100,3 +100,4 @@ /container-selinux-544d71f.tar.gz /container-selinux-9a75deb.tar.gz /container-selinux-b68cf19.tar.gz +/container-selinux-4f7d6bb.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 37ac679..778934e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 b68cf19f1c6c920994becf8aa0dc141dec77de2a +%global commit0 4f7d6bb78724eb2fccd40bbaf96a668a94acc5ce %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,7 +27,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.112.0 +Version: 2.113.0 Release: 1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Aug 9 2019 Dan Walsh - 2.113-1 +- Allow containers to name_bind to rawip_sockets. + * Thu Aug 8 2019 Dan Walsh - 2.112-1 - Allow containers to use fusefs_t entrypoint - Dontaudit attempts to setattr on devicenodes. diff --git a/sources b/sources index 106cee4..36cc5ee 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-b68cf19.tar.gz) = 25c3133277f55935ca19bdb1703079ba245def284d00c749464626d16d9ca2056dc7e9b6d806ccdf65825e3defc32540c7fbf6acdfc50c430c0da5a80a39e20f +SHA512 (container-selinux-4f7d6bb.tar.gz) = 74c509d0bec92d693f6673610f09346cb8b82520f178a8713064d020f1428e28e23a36200e40fe8db2fff2d1d6117f6ea33cb823a5114ad3041b222066779061 From c42be5bbaab513266e30df3112c35a47ee3114b5 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Mon, 19 Aug 2019 12:25:19 +0000 Subject: [PATCH 175/381] container-selinux-2:2.114.0-0.1.dev.git028ab00 - bump to 2.114.0 - autobuilt 028ab00 Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index d582e45..ee0ea80 100644 --- a/.gitignore +++ b/.gitignore @@ -101,3 +101,4 @@ /container-selinux-9a75deb.tar.gz /container-selinux-b68cf19.tar.gz /container-selinux-4f7d6bb.tar.gz +/container-selinux-028ab00.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 778934e..49725af 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 4f7d6bb78724eb2fccd40bbaf96a668a94acc5ce +%global commit0 028ab0049681265664a3bbae7501bc5bddcd6cc0 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,8 +27,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.113.0 -Release: 1.dev.git%{shortcommit0}%{?dist} +Version: 2.114.0 +Release: 0.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Aug 19 2019 Lokesh Mandvekar (Bot) - 2:2.114.0-0.1.dev.git028ab00 +- bump to 2.114.0 +- autobuilt 028ab00 + * Fri Aug 9 2019 Dan Walsh - 2.113-1 - Allow containers to name_bind to rawip_sockets. diff --git a/sources b/sources index 36cc5ee..3be76ab 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-4f7d6bb.tar.gz) = 74c509d0bec92d693f6673610f09346cb8b82520f178a8713064d020f1428e28e23a36200e40fe8db2fff2d1d6117f6ea33cb823a5114ad3041b222066779061 +SHA512 (container-selinux-028ab00.tar.gz) = 96ec9a26a2ceb75431891d5b914921d190df0259443eb245b850d97d5cc8796df3ddc34443d9e144740e43a9540ba295b39f70c3224caf127fa95a532ebb24dc From 5e7899d66a49b72c44e9d166111fe942820426e0 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Wed, 21 Aug 2019 14:30:06 +0000 Subject: [PATCH 176/381] container-selinux-2:2.115.0-0.1.dev.gitfddfbbb - bump to 2.115.0 - autobuilt fddfbbb Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index ee0ea80..1d09d33 100644 --- a/.gitignore +++ b/.gitignore @@ -102,3 +102,4 @@ /container-selinux-b68cf19.tar.gz /container-selinux-4f7d6bb.tar.gz /container-selinux-028ab00.tar.gz +/container-selinux-fddfbbb.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 49725af..35a9cd8 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 028ab0049681265664a3bbae7501bc5bddcd6cc0 +%global commit0 fddfbbb7836cabeb28feffb4602f4a3ae5016cdb %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,7 +27,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.114.0 +Version: 2.115.0 Release: 0.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Aug 21 2019 Lokesh Mandvekar (Bot) - 2:2.115.0-0.1.dev.gitfddfbbb +- bump to 2.115.0 +- autobuilt fddfbbb + * Mon Aug 19 2019 Lokesh Mandvekar (Bot) - 2:2.114.0-0.1.dev.git028ab00 - bump to 2.114.0 - autobuilt 028ab00 diff --git a/sources b/sources index 3be76ab..6905754 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-028ab00.tar.gz) = 96ec9a26a2ceb75431891d5b914921d190df0259443eb245b850d97d5cc8796df3ddc34443d9e144740e43a9540ba295b39f70c3224caf127fa95a532ebb24dc +SHA512 (container-selinux-fddfbbb.tar.gz) = 54b17ee82861163633afd44ae6db65a91a6b9b2ebed86df55d0378611b571118c9ef24788d2ad67b730516454fd264e44333f9cb94ff63621ee54586bf5c6eb4 From 121490dc1d73ee9283ddbe386fd3093f7b84e03f Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Thu, 5 Sep 2019 14:35:01 +0000 Subject: [PATCH 177/381] container-selinux-2:2.116.0-0.1.dev.gitc5ef5ac - bump to 2.116.0 - autobuilt c5ef5ac Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 1d09d33..fd3ed0a 100644 --- a/.gitignore +++ b/.gitignore @@ -103,3 +103,4 @@ /container-selinux-4f7d6bb.tar.gz /container-selinux-028ab00.tar.gz /container-selinux-fddfbbb.tar.gz +/container-selinux-c5ef5ac.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 35a9cd8..29a7d84 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 fddfbbb7836cabeb28feffb4602f4a3ae5016cdb +%global commit0 c5ef5ac658a0d616d53b81272694e778a2115b29 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,7 +27,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.115.0 +Version: 2.116.0 Release: 0.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Sep 05 2019 Lokesh Mandvekar (Bot) - 2:2.116.0-0.1.dev.gitc5ef5ac +- bump to 2.116.0 +- autobuilt c5ef5ac + * Wed Aug 21 2019 Lokesh Mandvekar (Bot) - 2:2.115.0-0.1.dev.gitfddfbbb - bump to 2.115.0 - autobuilt fddfbbb diff --git a/sources b/sources index 6905754..17881d5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-fddfbbb.tar.gz) = 54b17ee82861163633afd44ae6db65a91a6b9b2ebed86df55d0378611b571118c9ef24788d2ad67b730516454fd264e44333f9cb94ff63621ee54586bf5c6eb4 +SHA512 (container-selinux-c5ef5ac.tar.gz) = cb31fb2aa891a21d47cb1f67caf51e39a14f3269155e9881499d8c325f2f9acfa9d49c5e283db99dcc3333eee0cc3798b33bf5bf7cc54701f450cf35762501fb From 603bad3c420203368a5c268c2881a8b6ca395fd2 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Fri, 20 Sep 2019 08:27:36 +0000 Subject: [PATCH 178/381] container-selinux-2:2.117.0-0.1.dev.gitbfde70a - bump to 2.117.0 - autobuilt bfde70a Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index fd3ed0a..1e866b9 100644 --- a/.gitignore +++ b/.gitignore @@ -104,3 +104,4 @@ /container-selinux-028ab00.tar.gz /container-selinux-fddfbbb.tar.gz /container-selinux-c5ef5ac.tar.gz +/container-selinux-bfde70a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 29a7d84..2c94019 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 c5ef5ac658a0d616d53b81272694e778a2115b29 +%global commit0 bfde70abeab100e944dcfd439859fbae967d8b39 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,7 +27,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.116.0 +Version: 2.117.0 Release: 0.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Sep 20 2019 Lokesh Mandvekar (Bot) - 2:2.117.0-0.1.dev.gitbfde70a +- bump to 2.117.0 +- autobuilt bfde70a + * Thu Sep 05 2019 Lokesh Mandvekar (Bot) - 2:2.116.0-0.1.dev.gitc5ef5ac - bump to 2.116.0 - autobuilt c5ef5ac diff --git a/sources b/sources index 17881d5..e25d105 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-c5ef5ac.tar.gz) = cb31fb2aa891a21d47cb1f67caf51e39a14f3269155e9881499d8c325f2f9acfa9d49c5e283db99dcc3333eee0cc3798b33bf5bf7cc54701f450cf35762501fb +SHA512 (container-selinux-bfde70a.tar.gz) = f8e963b9688f65b768e6b0dcb427fe9f47397e70f4889166d8c6eeccbeb9dd393acfa19586870e367ce5eea1d1d2d15ec9acb6fdb7e108c772be137a76ff4b45 From 7605f739351c641b7e53656a8cf3a92e832b6d78 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 11 Oct 2019 14:19:30 +0000 Subject: [PATCH 179/381] container-selinux-2:2.118.0-0.1.dev.git79bdcb5 - bump to 2.118.0 - autobuilt 79bdcb5 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 1e866b9..e1a3501 100644 --- a/.gitignore +++ b/.gitignore @@ -105,3 +105,4 @@ /container-selinux-fddfbbb.tar.gz /container-selinux-c5ef5ac.tar.gz /container-selinux-bfde70a.tar.gz +/container-selinux-79bdcb5.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 2c94019..34d5ff4 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 bfde70abeab100e944dcfd439859fbae967d8b39 +%global commit0 79bdcb5e74af7036479b61160e4dadf670f1097e %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,7 +27,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.117.0 +Version: 2.118.0 Release: 0.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Oct 11 2019 RH Container Bot - 2:2.118.0-0.1.dev.git79bdcb5 +- bump to 2.118.0 +- autobuilt 79bdcb5 + * Fri Sep 20 2019 Lokesh Mandvekar (Bot) - 2:2.117.0-0.1.dev.gitbfde70a - bump to 2.117.0 - autobuilt bfde70a diff --git a/sources b/sources index e25d105..5927510 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-bfde70a.tar.gz) = f8e963b9688f65b768e6b0dcb427fe9f47397e70f4889166d8c6eeccbeb9dd393acfa19586870e367ce5eea1d1d2d15ec9acb6fdb7e108c772be137a76ff4b45 +SHA512 (container-selinux-79bdcb5.tar.gz) = 2c0cf0c2996acb156899d543f4139e2530eb07499765f3bd777e29250f726a7affa894e35408d619b557dff368af643184953cf7b8e3c873cf699fda8c38daae From c9e415f48d047eaccd5ed052c1411f127c876eb0 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 24 Oct 2019 16:26:13 +0000 Subject: [PATCH 180/381] container-selinux-2:2.119.0-0.1.dev.gitb383f07 - bump to 2.119.0 - autobuilt b383f07 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index e1a3501..6c0344f 100644 --- a/.gitignore +++ b/.gitignore @@ -106,3 +106,4 @@ /container-selinux-c5ef5ac.tar.gz /container-selinux-bfde70a.tar.gz /container-selinux-79bdcb5.tar.gz +/container-selinux-b383f07.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 34d5ff4..68a0540 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 79bdcb5e74af7036479b61160e4dadf670f1097e +%global commit0 b383f07f547c3ae491edcd116133f79d6f50a6e7 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,7 +27,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.118.0 +Version: 2.119.0 Release: 0.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Oct 24 2019 RH Container Bot - 2:2.119.0-0.1.dev.gitb383f07 +- bump to 2.119.0 +- autobuilt b383f07 + * Fri Oct 11 2019 RH Container Bot - 2:2.118.0-0.1.dev.git79bdcb5 - bump to 2.118.0 - autobuilt 79bdcb5 diff --git a/sources b/sources index 5927510..e1ba5f8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-79bdcb5.tar.gz) = 2c0cf0c2996acb156899d543f4139e2530eb07499765f3bd777e29250f726a7affa894e35408d619b557dff368af643184953cf7b8e3c873cf699fda8c38daae +SHA512 (container-selinux-b383f07.tar.gz) = 01c47d12460611229654b5ef9961b7815dfa749241d422e83ec548cd029d1113aea1f7a55e8277f5ebceea4528575efe1e09d853eec09adac15efe88c5394eb7 From 244a2cbe3c11f3da86009aa6054ac0d6850d1eff Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Sun, 27 Oct 2019 09:21:18 +0000 Subject: [PATCH 181/381] container-selinux-2:2.119.1-0.1.dev.git2ecb2a8 - bump to 2.119.1 - autobuilt 2ecb2a8 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 6c0344f..4f845af 100644 --- a/.gitignore +++ b/.gitignore @@ -107,3 +107,4 @@ /container-selinux-bfde70a.tar.gz /container-selinux-79bdcb5.tar.gz /container-selinux-b383f07.tar.gz +/container-selinux-2ecb2a8.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 68a0540..e416edd 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 b383f07f547c3ae491edcd116133f79d6f50a6e7 +%global commit0 2ecb2a86fb873956344d2dab7334d97bfb0711fc %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,7 +27,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.119.0 +Version: 2.119.1 Release: 0.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Sun Oct 27 2019 RH Container Bot - 2:2.119.1-0.1.dev.git2ecb2a8 +- bump to 2.119.1 +- autobuilt 2ecb2a8 + * Thu Oct 24 2019 RH Container Bot - 2:2.119.0-0.1.dev.gitb383f07 - bump to 2.119.0 - autobuilt b383f07 diff --git a/sources b/sources index e1ba5f8..19820f3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-b383f07.tar.gz) = 01c47d12460611229654b5ef9961b7815dfa749241d422e83ec548cd029d1113aea1f7a55e8277f5ebceea4528575efe1e09d853eec09adac15efe88c5394eb7 +SHA512 (container-selinux-2ecb2a8.tar.gz) = a4c81a08e2510a9f8db5d203bc038d230e2d114f56bfc1338cade01d4dd9945a2156c227e189cd4975d558675af82e2ecb389c90c368202303860c49b3359540 From 445a455adfd0c507196c69c41569e4f703a56911 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 6 Nov 2019 20:15:33 +0000 Subject: [PATCH 182/381] container-selinux-2:2.120.1-0.1.dev.git6fb6dcf - bump to 2.120.1 - autobuilt 6fb6dcf Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 4f845af..b038457 100644 --- a/.gitignore +++ b/.gitignore @@ -108,3 +108,4 @@ /container-selinux-79bdcb5.tar.gz /container-selinux-b383f07.tar.gz /container-selinux-2ecb2a8.tar.gz +/container-selinux-6fb6dcf.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e416edd..a968168 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 2ecb2a86fb873956344d2dab7334d97bfb0711fc +%global commit0 6fb6dcf0e4fe56f70f0c7d496e3d81d18aba38b9 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,7 +27,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.119.1 +Version: 2.120.1 Release: 0.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Nov 06 2019 RH Container Bot - 2:2.120.1-0.1.dev.git6fb6dcf +- bump to 2.120.1 +- autobuilt 6fb6dcf + * Sun Oct 27 2019 RH Container Bot - 2:2.119.1-0.1.dev.git2ecb2a8 - bump to 2.119.1 - autobuilt 2ecb2a8 diff --git a/sources b/sources index 19820f3..f39cedd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-2ecb2a8.tar.gz) = a4c81a08e2510a9f8db5d203bc038d230e2d114f56bfc1338cade01d4dd9945a2156c227e189cd4975d558675af82e2ecb389c90c368202303860c49b3359540 +SHA512 (container-selinux-6fb6dcf.tar.gz) = f713101cb86be9e85a5e6a2d3d815f70a10f3c23b9209a2768860e4fd56f4f7187db55da19cd5114387ea1e02c16c29afe1c10ea0a54d473c6b2f9a58359580a From 8afcfa88a8367d4849c9474e676bc7ebd7df7d41 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 19 Nov 2019 14:15:26 +0000 Subject: [PATCH 183/381] container-selinux-2:2.120.1-0.2.dev.gita233788 - autobuilt a233788 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index b038457..8c8f63f 100644 --- a/.gitignore +++ b/.gitignore @@ -109,3 +109,4 @@ /container-selinux-b383f07.tar.gz /container-selinux-2ecb2a8.tar.gz /container-selinux-6fb6dcf.tar.gz +/container-selinux-a233788.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index a968168..615db08 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 6fb6dcf0e4fe56f70f0c7d496e3d81d18aba38b9 +%global commit0 a233788873fd110965990219c9e53d94c165dd7c %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -28,7 +28,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.120.1 -Release: 0.1.dev.git%{shortcommit0}%{?dist} +Release: 0.2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Nov 19 2019 RH Container Bot - 2:2.120.1-0.2.dev.gita233788 +- autobuilt a233788 + * Wed Nov 06 2019 RH Container Bot - 2:2.120.1-0.1.dev.git6fb6dcf - bump to 2.120.1 - autobuilt 6fb6dcf diff --git a/sources b/sources index f39cedd..f13a51b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-6fb6dcf.tar.gz) = f713101cb86be9e85a5e6a2d3d815f70a10f3c23b9209a2768860e4fd56f4f7187db55da19cd5114387ea1e02c16c29afe1c10ea0a54d473c6b2f9a58359580a +SHA512 (container-selinux-a233788.tar.gz) = 10f6f610ecc15d456b5c487a5a4428cdc04c18043f91f9e58f556f00f7e2e246d9273bb6db1dde3dae8d56172df1423216d0542a9fc894dac40705ec6f641a35 From 7d86365609aa8b8a2c41bc4521b9d125747b8874 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 22 Nov 2019 21:10:14 +0000 Subject: [PATCH 184/381] container-selinux-2:2.122.0-0.1.dev.git4560dd4 - bump to 2.122.0 - autobuilt 4560dd4 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 8c8f63f..be5aa1b 100644 --- a/.gitignore +++ b/.gitignore @@ -110,3 +110,4 @@ /container-selinux-2ecb2a8.tar.gz /container-selinux-6fb6dcf.tar.gz /container-selinux-a233788.tar.gz +/container-selinux-4560dd4.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 615db08..3215d9f 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 a233788873fd110965990219c9e53d94c165dd7c +%global commit0 4560dd4dbb52ba5daf0cdc11140d0722fbbdb186 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,8 +27,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.120.1 -Release: 0.2.dev.git%{shortcommit0}%{?dist} +Version: 2.122.0 +Release: 0.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Nov 22 2019 RH Container Bot - 2:2.122.0-0.1.dev.git4560dd4 +- bump to 2.122.0 +- autobuilt 4560dd4 + * Tue Nov 19 2019 RH Container Bot - 2:2.120.1-0.2.dev.gita233788 - autobuilt a233788 diff --git a/sources b/sources index f13a51b..56b2aa3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-a233788.tar.gz) = 10f6f610ecc15d456b5c487a5a4428cdc04c18043f91f9e58f556f00f7e2e246d9273bb6db1dde3dae8d56172df1423216d0542a9fc894dac40705ec6f641a35 +SHA512 (container-selinux-4560dd4.tar.gz) = d62f4eb27f9956b178777b5a23d64b67ee7370af6eacf3f71c2b5b1737b9e3b1249d98d33f9978e9037ba6cca4002eb108bc7d1dadb9ab3ae4a912ad36f4ac68 From c10fcb7be38d9beeb5d076eeb489095ffeb1b65c Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 25 Nov 2019 16:10:35 +0000 Subject: [PATCH 185/381] container-selinux-2:2.123.0-0.1.dev.git661a904 - bump to 2.123.0 - autobuilt 661a904 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index be5aa1b..1edb258 100644 --- a/.gitignore +++ b/.gitignore @@ -111,3 +111,4 @@ /container-selinux-6fb6dcf.tar.gz /container-selinux-a233788.tar.gz /container-selinux-4560dd4.tar.gz +/container-selinux-661a904.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 3215d9f..560c6eb 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 4560dd4dbb52ba5daf0cdc11140d0722fbbdb186 +%global commit0 661a9045800eb200bfbf8d6dd345b941ed0897f8 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -27,7 +27,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.122.0 +Version: 2.123.0 Release: 0.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Nov 25 2019 RH Container Bot - 2:2.123.0-0.1.dev.git661a904 +- bump to 2.123.0 +- autobuilt 661a904 + * Fri Nov 22 2019 RH Container Bot - 2:2.122.0-0.1.dev.git4560dd4 - bump to 2.122.0 - autobuilt 4560dd4 diff --git a/sources b/sources index 56b2aa3..995b9d3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-4560dd4.tar.gz) = d62f4eb27f9956b178777b5a23d64b67ee7370af6eacf3f71c2b5b1737b9e3b1249d98d33f9978e9037ba6cca4002eb108bc7d1dadb9ab3ae4a912ad36f4ac68 +SHA512 (container-selinux-661a904.tar.gz) = e2ce4d9a17a44fffef0e5868bbb8b470b3665f6cc2a36365525151f1b6940e58a894ba1eaafa35e15971533ed8ea1a5d3b07144fe8f7c91d194dffa35f699e00 From c36566c4aeabb6e48c3cfbdefc71bd1414758925 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 29 Nov 2019 06:53:56 -0500 Subject: [PATCH 186/381] Use selinux macros in post install scripts --- container-selinux.spec | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 560c6eb..6715450 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -16,9 +16,6 @@ # Format must contain '$x' somewhere to do anything useful %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; -# Relabel files -%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*podman* %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : - # Version of SELinux we were using %global selinux_policyver 3.13.1-220 @@ -28,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.123.0 -Release: 0.1.dev.git%{shortcommit0}%{?dist} +Release: 0.2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -80,28 +77,19 @@ fi %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null %{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null -%{_sbindir}/semodule -n -X 200 -s %{selinuxtype} -i $MODULES > /dev/null -if %{_sbindir}/selinuxenabled ; then - %{_sbindir}/load_policy - %relabel_files - if [ $1 -eq 1 ]; then - restorecon -R %{_sharedstatedir}/docker &> /dev/null || : - restorecon -R %{_sharedstatedir}/containers &> /dev/null || : - fi -fi +%selinux_modules_install -s %{selinuxtype} $MODULES . %{_sysconfdir}/selinux/config sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || : %postun if [ $1 -eq 0 ]; then -%{_sbindir}/semodule -n -r %{modulenames} &> /dev/null || : -if %{_sbindir}/selinuxenabled ; then -%{_sbindir}/load_policy -%relabel_files -fi + %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker fi +%posttrans +%selinux_relabel_post -s %{selinuxtype} + #define license tag if not already defined %{!?_licensedir:%global license %doc} @@ -111,6 +99,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Nov 29 2019 Dan Walsh - 2:2.123.0-0.2.dev.git661a904 +- Use selinux macros in post install scripts + * Mon Nov 25 2019 RH Container Bot - 2:2.123.0-0.1.dev.git661a904 - bump to 2.123.0 - autobuilt 661a904 From fda115ab94f9b9d49e2edaed636431b405c542e1 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 29 Nov 2019 12:10:21 +0000 Subject: [PATCH 187/381] container-selinux-2:2.123.0-0.3.dev.git0b25a4a - autobuilt 0b25a4a Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 1edb258..7a65fe8 100644 --- a/.gitignore +++ b/.gitignore @@ -112,3 +112,4 @@ /container-selinux-a233788.tar.gz /container-selinux-4560dd4.tar.gz /container-selinux-661a904.tar.gz +/container-selinux-0b25a4a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 6715450..3e8c5a3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 661a9045800eb200bfbf8d6dd345b941ed0897f8 +%global commit0 0b25a4a5f05e1810f6bbeffcc40d89c3db5d2a30 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.123.0 -Release: 0.2.dev.git%{shortcommit0}%{?dist} +Release: 0.3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -99,6 +99,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Nov 29 2019 RH Container Bot - 2:2.123.0-0.3.dev.git0b25a4a +- autobuilt 0b25a4a + * Fri Nov 29 2019 Dan Walsh - 2:2.123.0-0.2.dev.git661a904 - Use selinux macros in post install scripts diff --git a/sources b/sources index 995b9d3..6bce357 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-661a904.tar.gz) = e2ce4d9a17a44fffef0e5868bbb8b470b3665f6cc2a36365525151f1b6940e58a894ba1eaafa35e15971533ed8ea1a5d3b07144fe8f7c91d194dffa35f699e00 +SHA512 (container-selinux-0b25a4a.tar.gz) = 50c1f23670a3beb36afd7689c937da26a9ffeb1a75e6e1a73632201193df7f5ec118b8a0cfe8296eb175ac98440a70270353897933d42d7bbea5b1f90f36e770 From cf0837dcdd5313643d505cdd411439a46ec9abd3 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 9 Dec 2019 11:27:54 -0500 Subject: [PATCH 188/381] container-selinux-2:2.123.0-0.4.dev.git0b25a4a - run selinux_relabel_pre Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 3e8c5a3..ab66aaa 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.123.0 -Release: 0.3.dev.git%{shortcommit0}%{?dist} +Release: 0.4.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -68,6 +68,9 @@ rm -rf container-selinux.spec %check +%pre +%selinux_relabel_pre -s %{selinuxtype} + %post # Install all modules in a single transaction if [ $1 -eq 1 ]; then @@ -99,6 +102,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Dec 09 2019 Lokesh Mandvekar - 2:2.123.0-0.4.dev.git0b25a4a +- run selinux_relabel_pre + * Fri Nov 29 2019 RH Container Bot - 2:2.123.0-0.3.dev.git0b25a4a - autobuilt 0b25a4a From 9f271533a06b8e438dd26fdd89af473fa71262c6 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 11 Dec 2019 18:13:36 +0000 Subject: [PATCH 189/381] container-selinux-2:2.124.0-0.1.dev.gitf958d0c - bump to 2.124.0 - autobuilt f958d0c Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 7a65fe8..0715527 100644 --- a/.gitignore +++ b/.gitignore @@ -113,3 +113,4 @@ /container-selinux-4560dd4.tar.gz /container-selinux-661a904.tar.gz /container-selinux-0b25a4a.tar.gz +/container-selinux-f958d0c.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index ab66aaa..4cf7b11 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 0b25a4a5f05e1810f6bbeffcc40d89c3db5d2a30 +%global commit0 f958d0cee4099f79890247ec64b57502b3acdb9f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,8 +24,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.123.0 -Release: 0.4.dev.git%{shortcommit0}%{?dist} +Version: 2.124.0 +Release: 0.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -102,6 +102,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Dec 11 2019 RH Container Bot - 2:2.124.0-0.1.dev.gitf958d0c +- bump to 2.124.0 +- autobuilt f958d0c + * Mon Dec 09 2019 Lokesh Mandvekar - 2:2.123.0-0.4.dev.git0b25a4a - run selinux_relabel_pre diff --git a/sources b/sources index 6bce357..e81c4ec 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-0b25a4a.tar.gz) = 50c1f23670a3beb36afd7689c937da26a9ffeb1a75e6e1a73632201193df7f5ec118b8a0cfe8296eb175ac98440a70270353897933d42d7bbea5b1f90f36e770 +SHA512 (container-selinux-f958d0c.tar.gz) = 88a4ccf596233f293118e516bafee8d758e669f292c80e8b25b1a8df956ef0e14e36cb61b53f83b20fc68e9cffe8b100d792197ea311418f11169a437c5893d2 From 7ba0084bf501c0348f9944b5e7c6ae84b71ab391 Mon Sep 17 00:00:00 2001 From: Jindrich Novy Date: Fri, 3 Jan 2020 16:17:26 +0100 Subject: [PATCH 190/381] container-selinux-2.124.0-0.2.dev.gitf958d0c.fc32 - use more current selinux policy version Signed-off-by: Jindrich Novy --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 4cf7b11..bddb406 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -17,7 +17,7 @@ %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; # Version of SELinux we were using -%global selinux_policyver 3.13.1-220 +%global selinux_policyver 3.14.4-43 # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.124.0 -Release: 0.1.dev.git%{shortcommit0}%{?dist} +Release: 0.2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -102,6 +102,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Jan 03 2020 Jindrich Novy - 2:2.124.0-0.2.dev.gitf958d0c +- use more current selinux policy version + * Wed Dec 11 2019 RH Container Bot - 2:2.124.0-0.1.dev.gitf958d0c - bump to 2.124.0 - autobuilt f958d0c From 66ff78ffabf799a0afee4577defa1588867f33dc Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jan 2020 14:44:54 +0000 Subject: [PATCH 191/381] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index bddb406..6455581 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.124.0 -Release: 0.2.dev.git%{shortcommit0}%{?dist} +Release: 0.3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -102,6 +102,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Jan 28 2020 Fedora Release Engineering - 2:2.124.0-0.3.dev.gitf958d0c +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Fri Jan 03 2020 Jindrich Novy - 2:2.124.0-0.2.dev.gitf958d0c - use more current selinux policy version From a4a98d05cc3788a6ca84d14982e5834b8065ace4 Mon Sep 17 00:00:00 2001 From: Ondrej Mosnacek Date: Wed, 27 Nov 2019 09:15:54 +0100 Subject: [PATCH 192/381] Add smoke tests and enable gating Add very basic smoke tests that check if the container module installed successfully and that it is still possible to rebuild the policy after installing the package. This, along with enabling rawhide gating [1], should help catch issues like [2] and prevent a broken build from getting into Rawhide composes. [1] https://docs.fedoraproject.org/en-US/rawhide-gating/ [2] https://github.com/containers/container-selinux/pull/84 Signed-off-by: Ondrej Mosnacek --- gating.yaml | 6 ++++++ tests/tests.yml | 13 +++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 gating.yaml create mode 100644 tests/tests.yml diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..92d738a --- /dev/null +++ b/gating.yaml @@ -0,0 +1,6 @@ +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_stable +rules: + - !PassingTestCaseRule {test_case_name: org.centos.prod.ci.pipeline.allpackages-build.complete} diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..a5b5b1f --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,13 @@ +- hosts: localhost + tags: + - classic + roles: + - role: standard-test-basic + required_packages: + - policycoreutils + - container-selinux + tests: + - is-module-installed: + run: semodule --list=full | grep container + - can-rebuild-policy: + run: semodule -B From a7a27f390989d44c6fcae7c188488b6c661c3058 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 11 Feb 2020 04:12:21 +0000 Subject: [PATCH 193/381] container-selinux-2:2.124.0-0.4.dev.git5624558 - autobuilt 5624558 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 0715527..095c46e 100644 --- a/.gitignore +++ b/.gitignore @@ -114,3 +114,4 @@ /container-selinux-661a904.tar.gz /container-selinux-0b25a4a.tar.gz /container-selinux-f958d0c.tar.gz +/container-selinux-5624558.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 6455581..7d5a725 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 f958d0cee4099f79890247ec64b57502b3acdb9f +%global commit0 562455891442021c87f1e191b74775b9975f587a %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.124.0 -Release: 0.3.dev.git%{shortcommit0}%{?dist} +Release: 0.4.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -102,6 +102,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Feb 11 2020 RH Container Bot - 2:2.124.0-0.4.dev.git5624558 +- autobuilt 5624558 + * Tue Jan 28 2020 Fedora Release Engineering - 2:2.124.0-0.3.dev.gitf958d0c - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/sources b/sources index e81c4ec..6e647c9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-f958d0c.tar.gz) = 88a4ccf596233f293118e516bafee8d758e669f292c80e8b25b1a8df956ef0e14e36cb61b53f83b20fc68e9cffe8b100d792197ea311418f11169a437c5893d2 +SHA512 (container-selinux-5624558.tar.gz) = 9e43c2b2e9b2ff254bf00370bdef2b300ab926270468326a5270b9414fcc9c607c3683ebba428a368516c2a890200fd2ff717deb942333f5f39dbe4cda0c4ba0 From ad6b6a78c67aae935805b80ffbc0ba54a74550ee Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 11 Feb 2020 10:21:59 -0500 Subject: [PATCH 194/381] keep functional upgrade path Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 7d5a725..4b9966a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.124.0 -Release: 0.4.dev.git%{shortcommit0}%{?dist} +Release: 4.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -102,6 +102,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Feb 11 2020 Lokesh Mandvekar - 2:2.124.0-4.dev.git5624558 +- keep functional upgrade path from f31 + * Tue Feb 11 2020 RH Container Bot - 2:2.124.0-0.4.dev.git5624558 - autobuilt 5624558 From 5629e18d7867acd7619f183e7702d7d3ed583004 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 20 Mar 2020 18:11:34 +0000 Subject: [PATCH 195/381] container-selinux-2:2.125.0-0.1.dev.gitb321ea4 - bump to 2.125.0 - autobuilt b321ea4 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 095c46e..64cf8f2 100644 --- a/.gitignore +++ b/.gitignore @@ -115,3 +115,4 @@ /container-selinux-0b25a4a.tar.gz /container-selinux-f958d0c.tar.gz /container-selinux-5624558.tar.gz +/container-selinux-b321ea4.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 4b9966a..b710289 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 562455891442021c87f1e191b74775b9975f587a +%global commit0 b321ea4107bae3eb73859031467f2416ddc0b28f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,8 +24,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.124.0 -Release: 4.dev.git%{shortcommit0}%{?dist} +Version: 2.125.0 +Release: 0.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -102,6 +102,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Mar 20 2020 RH Container Bot - 2:2.125.0-0.1.dev.gitb321ea4 +- bump to 2.125.0 +- autobuilt b321ea4 + * Tue Feb 11 2020 Lokesh Mandvekar - 2:2.124.0-4.dev.git5624558 - keep functional upgrade path from f31 diff --git a/sources b/sources index 6e647c9..b189fd3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5624558.tar.gz) = 9e43c2b2e9b2ff254bf00370bdef2b300ab926270468326a5270b9414fcc9c607c3683ebba428a368516c2a890200fd2ff717deb942333f5f39dbe4cda0c4ba0 +SHA512 (container-selinux-b321ea4.tar.gz) = a0b09e33b4470c9c1715d845ce512c92e209c6c4530aeedc15858968a8cb3cfe0d87b20ee28507c3ec1d250aeb52bdd92e8390d912036866430e479f5be66f8c From e913b2a98dd1db055056ab690767c78dc24dd0c3 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 23 Mar 2020 09:03:58 -0400 Subject: [PATCH 196/381] container-selinux-2:2.125.0-2.1.dev.gitb321ea4 - bump release tag for smooth upgrade path Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index b710289..55104cb 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.125.0 -Release: 0.1.dev.git%{shortcommit0}%{?dist} +Release: 2.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -102,6 +102,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Mar 23 2020 Lokesh Mandvekar - 2:2.125.0-2.1.dev.gitb321ea4 +- bump release tag for smooth upgrade path + * Fri Mar 20 2020 RH Container Bot - 2:2.125.0-0.1.dev.gitb321ea4 - bump to 2.125.0 - autobuilt b321ea4 From be3fb2313caa4661229cf3859c6195106005dfa4 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 23 Mar 2020 19:07:23 +0000 Subject: [PATCH 197/381] container-selinux-2:2.125.0-3.1.dev.gitfde876b - autobuilt fde876b Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 64cf8f2..621fae5 100644 --- a/.gitignore +++ b/.gitignore @@ -116,3 +116,4 @@ /container-selinux-f958d0c.tar.gz /container-selinux-5624558.tar.gz /container-selinux-b321ea4.tar.gz +/container-selinux-fde876b.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 55104cb..47ea97b 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 b321ea4107bae3eb73859031467f2416ddc0b28f +%global commit0 fde876b2d81bfc0c943c99260d1a976f15ba7781 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.125.0 -Release: 2.1.dev.git%{shortcommit0}%{?dist} +Release: 3.1.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -102,6 +102,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Mar 23 2020 RH Container Bot - 2:2.125.0-3.1.dev.gitfde876b +- autobuilt fde876b + * Mon Mar 23 2020 Lokesh Mandvekar - 2:2.125.0-2.1.dev.gitb321ea4 - bump release tag for smooth upgrade path diff --git a/sources b/sources index b189fd3..027f473 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-b321ea4.tar.gz) = a0b09e33b4470c9c1715d845ce512c92e209c6c4530aeedc15858968a8cb3cfe0d87b20ee28507c3ec1d250aeb52bdd92e8390d912036866430e479f5be66f8c +SHA512 (container-selinux-fde876b.tar.gz) = 35f27d423e0026b0d6db981536094a3fdc512f8b41a2e75ba21dcbb86bd21afdb66e5a34d39abde65f6ade1bf233a4e175fbe7e19033c387461c5212ce91bd33 From 230c717ecff90fd2b9ed455a879b051e9ed19f3b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 23 Mar 2020 15:44:02 -0400 Subject: [PATCH 198/381] Install container_contexts file Signed-off-by: Daniel J Walsh --- .gitignore | 1 + container-selinux.spec | 18 +++++++++++++++--- sources | 2 +- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 621fae5..2b3693a 100644 --- a/.gitignore +++ b/.gitignore @@ -117,3 +117,4 @@ /container-selinux-5624558.tar.gz /container-selinux-b321ea4.tar.gz /container-selinux-fde876b.tar.gz +/container-selinux-ae0720d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 47ea97b..acba48c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 fde876b2d81bfc0c943c99260d1a976f15ba7781 +%global commit0 ae0720d6ac32866b023babeff75e766870951f8f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,8 +24,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.125.0 -Release: 3.1.dev.git%{shortcommit0}%{?dist} +Version: 2.125.2 +Release: 0.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -62,6 +62,11 @@ install -d %{buildroot}%{_datadir}/selinux/packages install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages +install -d %{buildroot}/%{_datadir}/containers +install -m 644 container_contexts %{buildroot}/%{_datadir}/containers +# Currently shipped as part of selinux-policy package +#install -d %{buildroot}/%{_datadir}/man/man8 +#install -m 644 container_selinux.8 %{buildroot}/%{_datadir}/man/man8 # remove spec file rm -rf container-selinux.spec @@ -99,9 +104,16 @@ fi %files %doc README.md %{_datadir}/selinux/* +%dir %{_datadir}/containers +%{_datadir}/containers/container_contexts +# Currently shipped in selinux-policy-doc +#%{_datadir}/man/man8/container_selinux.8.gz # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Mar 23 2020 Dan Walsh - 2:2.125.2-1.dev.gitae0720d +- Install container_contexts file + * Mon Mar 23 2020 RH Container Bot - 2:2.125.0-3.1.dev.gitfde876b - autobuilt fde876b diff --git a/sources b/sources index 027f473..842907b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-fde876b.tar.gz) = 35f27d423e0026b0d6db981536094a3fdc512f8b41a2e75ba21dcbb86bd21afdb66e5a34d39abde65f6ade1bf233a4e175fbe7e19033c387461c5212ce91bd33 +SHA512 (container-selinux-ae0720d.tar.gz) = dc2c2a7b1b3d7107d932bd5ba6e406ea038dc9b56062a0b5abb6282b08aec5219b72ee067e5d6c1abfcdb39755a21bf4f298547fd89cfc8216494913a5be37dd From f8d59d5712822923e32b6409505caaa1d7b14541 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 23 Mar 2020 17:00:44 -0400 Subject: [PATCH 199/381] container-selinux-2:2.125.2-2.dev.gitae0720d - bump release tag Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index acba48c..d9c3d8b 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.125.2 -Release: 0.dev.git%{shortcommit0}%{?dist} +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -107,10 +107,13 @@ fi %dir %{_datadir}/containers %{_datadir}/containers/container_contexts # Currently shipped in selinux-policy-doc -#%{_datadir}/man/man8/container_selinux.8.gz +#%%{_datadir}/man/man8/container_selinux.8.gz # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Mar 23 2020 Lokesh Mandvekar - 2:2.125.2-2.dev.gitae0720d +- bump release tag + * Mon Mar 23 2020 Dan Walsh - 2:2.125.2-1.dev.gitae0720d - Install container_contexts file From 3c31e55f4e219ab321309880c9f87ed5437b5ca4 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 26 Mar 2020 14:07:29 +0000 Subject: [PATCH 200/381] container-selinux-2:2.126.0-2.dev.git867a377 - bump to 2.126.0 - autobuilt 867a377 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 2b3693a..55705fd 100644 --- a/.gitignore +++ b/.gitignore @@ -118,3 +118,4 @@ /container-selinux-b321ea4.tar.gz /container-selinux-fde876b.tar.gz /container-selinux-ae0720d.tar.gz +/container-selinux-867a377.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index d9c3d8b..a8a9113 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 ae0720d6ac32866b023babeff75e766870951f8f +%global commit0 867a37749b7b8b7e341dd1fc6be2536bd01f7349 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.125.2 +Version: 2.126.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Mar 26 2020 RH Container Bot - 2:2.126.0-2.dev.git867a377 +- bump to 2.126.0 +- autobuilt 867a377 + * Mon Mar 23 2020 Lokesh Mandvekar - 2:2.125.2-2.dev.gitae0720d - bump release tag diff --git a/sources b/sources index 842907b..65bb07f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-ae0720d.tar.gz) = dc2c2a7b1b3d7107d932bd5ba6e406ea038dc9b56062a0b5abb6282b08aec5219b72ee067e5d6c1abfcdb39755a21bf4f298547fd89cfc8216494913a5be37dd +SHA512 (container-selinux-867a377.tar.gz) = 8bcf14b5200a0974741de1ed750c71f311f8943277ffeafbfe4aac00d1957f94242d47400ac5cff21d135d14fcad6c4a66d1c23979eb7a6f50296a204bae2f25 From 218d40242f5bb0b18622f48a36719f66deb1e1a6 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 26 Mar 2020 10:13:41 -0400 Subject: [PATCH 201/381] Install selinux contexts file into /usr/share/containers/selinux/contexts --- container-selinux.spec | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index a8a9113..e4e6a7d 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.126.0 -Release: 2.dev.git%{shortcommit0}%{?dist} +Release: 3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -62,8 +62,8 @@ install -d %{buildroot}%{_datadir}/selinux/packages install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages -install -d %{buildroot}/%{_datadir}/containers -install -m 644 container_contexts %{buildroot}/%{_datadir}/containers +install -d %{buildroot}/%{_datadir}/containers/selinux +install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts # Currently shipped as part of selinux-policy package #install -d %{buildroot}/%{_datadir}/man/man8 #install -m 644 container_selinux.8 %{buildroot}/%{_datadir}/man/man8 @@ -104,13 +104,16 @@ fi %files %doc README.md %{_datadir}/selinux/* -%dir %{_datadir}/containers -%{_datadir}/containers/container_contexts +%dir %{_datadir}/containers/selinux +%{_datadir}/containers/selinux/contexts # Currently shipped in selinux-policy-doc #%%{_datadir}/man/man8/container_selinux.8.gz # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Mar 26 2020 Dan Walsh - 2:2.126.0-2.dev.git867a377 +- Install selinux contexts file into /usr/share/containers/selinux/contexts + * Thu Mar 26 2020 RH Container Bot - 2:2.126.0-2.dev.git867a377 - bump to 2.126.0 - autobuilt 867a377 From a762720d651e793d46114952d5c4f050152485dc Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 27 Mar 2020 15:07:51 +0000 Subject: [PATCH 202/381] container-selinux-2:2.127.0-2.dev.git6caf15d - bump to 2.127.0 - autobuilt 6caf15d Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 55705fd..cd49e76 100644 --- a/.gitignore +++ b/.gitignore @@ -119,3 +119,4 @@ /container-selinux-fde876b.tar.gz /container-selinux-ae0720d.tar.gz /container-selinux-867a377.tar.gz +/container-selinux-6caf15d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e4e6a7d..66e4995 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 867a37749b7b8b7e341dd1fc6be2536bd01f7349 +%global commit0 6caf15d8540f3f4bb4f6f1251e28bcfa3123896d %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,8 +24,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.126.0 -Release: 3.dev.git%{shortcommit0}%{?dist} +Version: 2.127.0 +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Mar 27 2020 RH Container Bot - 2:2.127.0-2.dev.git6caf15d +- bump to 2.127.0 +- autobuilt 6caf15d + * Thu Mar 26 2020 Dan Walsh - 2:2.126.0-2.dev.git867a377 - Install selinux contexts file into /usr/share/containers/selinux/contexts diff --git a/sources b/sources index 65bb07f..37e7139 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-867a377.tar.gz) = 8bcf14b5200a0974741de1ed750c71f311f8943277ffeafbfe4aac00d1957f94242d47400ac5cff21d135d14fcad6c4a66d1c23979eb7a6f50296a204bae2f25 +SHA512 (container-selinux-6caf15d.tar.gz) = 015d6e309a3f00f5661f1348265d0084bb292729ff547f291ba9c1ee18d351c66f7d65a5db6f990edd66a0a87958461088cbc24659c488c91be480a7fffde456 From c060c61582456c19d8530f55218fffc8100a9a0e Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Sun, 29 Mar 2020 11:09:26 +0000 Subject: [PATCH 203/381] container-selinux-2:2.128.0-2.dev.git363646f - bump to 2.128.0 - autobuilt 363646f Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index cd49e76..607be0f 100644 --- a/.gitignore +++ b/.gitignore @@ -120,3 +120,4 @@ /container-selinux-ae0720d.tar.gz /container-selinux-867a377.tar.gz /container-selinux-6caf15d.tar.gz +/container-selinux-363646f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 66e4995..37fafa9 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 6caf15d8540f3f4bb4f6f1251e28bcfa3123896d +%global commit0 363646ff75240fc5482f9b80b1b0b16aa1ce610b %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.127.0 +Version: 2.128.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Sun Mar 29 2020 RH Container Bot - 2:2.128.0-2.dev.git363646f +- bump to 2.128.0 +- autobuilt 363646f + * Fri Mar 27 2020 RH Container Bot - 2:2.127.0-2.dev.git6caf15d - bump to 2.127.0 - autobuilt 6caf15d diff --git a/sources b/sources index 37e7139..3c0c095 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-6caf15d.tar.gz) = 015d6e309a3f00f5661f1348265d0084bb292729ff547f291ba9c1ee18d351c66f7d65a5db6f990edd66a0a87958461088cbc24659c488c91be480a7fffde456 +SHA512 (container-selinux-363646f.tar.gz) = 44bfd40f7babd298cc8f17b560274ad68bc03300991f77491dd67476bffd787862f780402bb1a79cb2fa027deab8add4880513a42eed8830735e324ef11e151c From 55657d1adf54ccd5d66067f97ecf91d4ee62c40f Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Sun, 29 Mar 2020 12:09:29 +0000 Subject: [PATCH 204/381] container-selinux-2:2.129.0-2.dev.gitf00d1f4 - bump to 2.129.0 - autobuilt f00d1f4 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 607be0f..9637a25 100644 --- a/.gitignore +++ b/.gitignore @@ -121,3 +121,4 @@ /container-selinux-867a377.tar.gz /container-selinux-6caf15d.tar.gz /container-selinux-363646f.tar.gz +/container-selinux-f00d1f4.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 37fafa9..87c2f43 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 363646ff75240fc5482f9b80b1b0b16aa1ce610b +%global commit0 f00d1f4ec867be2aeb51b3b32c12a5a9a8015201 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.128.0 +Version: 2.129.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Sun Mar 29 2020 RH Container Bot - 2:2.129.0-2.dev.gitf00d1f4 +- bump to 2.129.0 +- autobuilt f00d1f4 + * Sun Mar 29 2020 RH Container Bot - 2:2.128.0-2.dev.git363646f - bump to 2.128.0 - autobuilt 363646f diff --git a/sources b/sources index 3c0c095..fa03e5c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-363646f.tar.gz) = 44bfd40f7babd298cc8f17b560274ad68bc03300991f77491dd67476bffd787862f780402bb1a79cb2fa027deab8add4880513a42eed8830735e324ef11e151c +SHA512 (container-selinux-f00d1f4.tar.gz) = ea07bb742f7805a06e3a825e9e0816e256963bd37486041ffb6d05af6c13aebbf44aa3e493e7952a8d37d4562ccd1fd0095dfe3fb8c3adb1685fce9df040e39c From a260f6569b67e5913924242780e35014456fe07e Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 6 Apr 2020 19:08:06 +0000 Subject: [PATCH 205/381] container-selinux-2:2.130.0-2.dev.gitfd55ae0 - bump to 2.130.0 - autobuilt fd55ae0 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 9637a25..2089ba2 100644 --- a/.gitignore +++ b/.gitignore @@ -122,3 +122,4 @@ /container-selinux-6caf15d.tar.gz /container-selinux-363646f.tar.gz /container-selinux-f00d1f4.tar.gz +/container-selinux-fd55ae0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 87c2f43..394471f 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 f00d1f4ec867be2aeb51b3b32c12a5a9a8015201 +%global commit0 fd55ae0a6a4e879573f9251de2dd6113e842ac0c %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.129.0 +Version: 2.130.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Apr 06 2020 RH Container Bot - 2:2.130.0-2.dev.gitfd55ae0 +- bump to 2.130.0 +- autobuilt fd55ae0 + * Sun Mar 29 2020 RH Container Bot - 2:2.129.0-2.dev.gitf00d1f4 - bump to 2.129.0 - autobuilt f00d1f4 diff --git a/sources b/sources index fa03e5c..7d87673 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-f00d1f4.tar.gz) = ea07bb742f7805a06e3a825e9e0816e256963bd37486041ffb6d05af6c13aebbf44aa3e493e7952a8d37d4562ccd1fd0095dfe3fb8c3adb1685fce9df040e39c +SHA512 (container-selinux-fd55ae0.tar.gz) = 4b9127fb0ea0f2423be6f96d4e3a787e2366bccc7260801913dbdb792055f32eed6254759a685c326a43ea64072961ea99767ec9c6ecf7a776027a5bdf03728d From 03c15b46a64487bd794b7e1ef20e2886431739b5 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 9 Apr 2020 20:08:09 +0000 Subject: [PATCH 206/381] container-selinux-2:2.131.0-2.dev.git9ce0dac - bump to 2.131.0 - autobuilt 9ce0dac Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 2089ba2..319b937 100644 --- a/.gitignore +++ b/.gitignore @@ -123,3 +123,4 @@ /container-selinux-363646f.tar.gz /container-selinux-f00d1f4.tar.gz /container-selinux-fd55ae0.tar.gz +/container-selinux-9ce0dac.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 394471f..0b81de1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 fd55ae0a6a4e879573f9251de2dd6113e842ac0c +%global commit0 9ce0dac065b3eae886263afa6688bafe323d21c8 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.130.0 +Version: 2.131.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Apr 09 2020 RH Container Bot - 2:2.131.0-2.dev.git9ce0dac +- bump to 2.131.0 +- autobuilt 9ce0dac + * Mon Apr 06 2020 RH Container Bot - 2:2.130.0-2.dev.gitfd55ae0 - bump to 2.130.0 - autobuilt fd55ae0 diff --git a/sources b/sources index 7d87673..d7f74ff 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-fd55ae0.tar.gz) = 4b9127fb0ea0f2423be6f96d4e3a787e2366bccc7260801913dbdb792055f32eed6254759a685c326a43ea64072961ea99767ec9c6ecf7a776027a5bdf03728d +SHA512 (container-selinux-9ce0dac.tar.gz) = 619347e55f2380d61757859a384041a2258cafb3b52265bd4ee6a076d16b159e981287bf26fe12b64ebaeeefd881bf653818aea1d352f25d1eca9ec9dc5538ad From fe867eee693e073d9ac4534884e5aecf697ee8ef Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 15 Apr 2020 14:07:54 +0000 Subject: [PATCH 207/381] container-selinux-2:2.132.0-2.dev.git448dfbf - bump to 2.132.0 - autobuilt 448dfbf Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 319b937..19e26e8 100644 --- a/.gitignore +++ b/.gitignore @@ -124,3 +124,4 @@ /container-selinux-f00d1f4.tar.gz /container-selinux-fd55ae0.tar.gz /container-selinux-9ce0dac.tar.gz +/container-selinux-448dfbf.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 0b81de1..ea570cd 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 9ce0dac065b3eae886263afa6688bafe323d21c8 +%global commit0 448dfbf2a832bd518cdff5556218b0fa7b786941 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.131.0 +Version: 2.132.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Apr 15 2020 RH Container Bot - 2:2.132.0-2.dev.git448dfbf +- bump to 2.132.0 +- autobuilt 448dfbf + * Thu Apr 09 2020 RH Container Bot - 2:2.131.0-2.dev.git9ce0dac - bump to 2.131.0 - autobuilt 9ce0dac diff --git a/sources b/sources index d7f74ff..81fe1b3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-9ce0dac.tar.gz) = 619347e55f2380d61757859a384041a2258cafb3b52265bd4ee6a076d16b159e981287bf26fe12b64ebaeeefd881bf653818aea1d352f25d1eca9ec9dc5538ad +SHA512 (container-selinux-448dfbf.tar.gz) = bdb1f08f9a28273896c0c28412ae7e025012fed7666cc66ae151e788270bfdbc7bce4968354d72ccceea165d84d9e0aafc23c852e378b966023fab07148556da From 9e927847d1555a293061bdfc9c7b8537bd88162c Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 11 May 2020 18:08:15 +0000 Subject: [PATCH 208/381] container-selinux-2:2.132.0-3.dev.git0a878bd - autobuilt 0a878bd Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 19e26e8..44640a8 100644 --- a/.gitignore +++ b/.gitignore @@ -125,3 +125,4 @@ /container-selinux-fd55ae0.tar.gz /container-selinux-9ce0dac.tar.gz /container-selinux-448dfbf.tar.gz +/container-selinux-0a878bd.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index ea570cd..a44a1e9 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 448dfbf2a832bd518cdff5556218b0fa7b786941 +%global commit0 0a878bdda221b9848ed5d562a5ee8da5f760634f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.132.0 -Release: 2.dev.git%{shortcommit0}%{?dist} +Release: 3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon May 11 2020 RH Container Bot - 2:2.132.0-3.dev.git0a878bd +- autobuilt 0a878bd + * Wed Apr 15 2020 RH Container Bot - 2:2.132.0-2.dev.git448dfbf - bump to 2.132.0 - autobuilt 448dfbf diff --git a/sources b/sources index 81fe1b3..a2764b2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-448dfbf.tar.gz) = bdb1f08f9a28273896c0c28412ae7e025012fed7666cc66ae151e788270bfdbc7bce4968354d72ccceea165d84d9e0aafc23c852e378b966023fab07148556da +SHA512 (container-selinux-0a878bd.tar.gz) = 7acade06f55ea6acf7006f7ca54ac76c28fa15ee37fbbde3837dd602f722b305a9be5f67b2fc5de17ea9110adbda2a32e07e78bc134ea9721f5a41b4ad3aa8ed From 92fc7eb0900a18b297818a6ef00083011c11a513 Mon Sep 17 00:00:00 2001 From: Aleksandra Fedorova Date: Thu, 21 May 2020 10:44:27 +0200 Subject: [PATCH 209/381] Update gating test name Messaging scheme has changed and old centos-related test names are now deprecated. See https://pagure.io/fedora-ci/general/issue/110 --- gating.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gating.yaml b/gating.yaml index 92d738a..c2182c7 100644 --- a/gating.yaml +++ b/gating.yaml @@ -3,4 +3,4 @@ product_versions: - fedora-* decision_context: bodhi_update_push_stable rules: - - !PassingTestCaseRule {test_case_name: org.centos.prod.ci.pipeline.allpackages-build.complete} + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} From 3e718a963f3c64ffc84ba39b1ba23d46cd06d53e Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 28 May 2020 21:09:36 +0000 Subject: [PATCH 210/381] container-selinux-2:2.134.0-2.dev.gitff26015 - bump to 2.134.0 - autobuilt ff26015 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 44640a8..7c90de1 100644 --- a/.gitignore +++ b/.gitignore @@ -126,3 +126,4 @@ /container-selinux-9ce0dac.tar.gz /container-selinux-448dfbf.tar.gz /container-selinux-0a878bd.tar.gz +/container-selinux-ff26015.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index a44a1e9..551d2bc 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 0a878bdda221b9848ed5d562a5ee8da5f760634f +%global commit0 ff26015e5131d10bc7320be5d8aa178d0fdbfb75 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,8 +24,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.132.0 -Release: 3.dev.git%{shortcommit0}%{?dist} +Version: 2.134.0 +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu May 28 2020 RH Container Bot - 2:2.134.0-2.dev.gitff26015 +- bump to 2.134.0 +- autobuilt ff26015 + * Mon May 11 2020 RH Container Bot - 2:2.132.0-3.dev.git0a878bd - autobuilt 0a878bd diff --git a/sources b/sources index a2764b2..5f6052a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-0a878bd.tar.gz) = 7acade06f55ea6acf7006f7ca54ac76c28fa15ee37fbbde3837dd602f722b305a9be5f67b2fc5de17ea9110adbda2a32e07e78bc134ea9721f5a41b4ad3aa8ed +SHA512 (container-selinux-ff26015.tar.gz) = 796d2fdcef4a57839a52f89f80d7ea6598617f54861a23a77cfddf16e36af25732e0cf57f17a74c0a6d4bae462b0fe2b4ebf4faa9219fc51aae35e392c9aa067 From 724d3722ea08b65a7dd7451e84d90b5de8d52668 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 29 May 2020 18:08:38 +0000 Subject: [PATCH 211/381] container-selinux-2:2.135.0-2.dev.git0d99e89 - bump to 2.135.0 - autobuilt 0d99e89 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 7c90de1..564410c 100644 --- a/.gitignore +++ b/.gitignore @@ -127,3 +127,4 @@ /container-selinux-448dfbf.tar.gz /container-selinux-0a878bd.tar.gz /container-selinux-ff26015.tar.gz +/container-selinux-0d99e89.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 551d2bc..8b40cd2 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 ff26015e5131d10bc7320be5d8aa178d0fdbfb75 +%global commit0 0d99e89271775f8f716a1d8c8b65549c527227f4 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.134.0 +Version: 2.135.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri May 29 2020 RH Container Bot - 2:2.135.0-2.dev.git0d99e89 +- bump to 2.135.0 +- autobuilt 0d99e89 + * Thu May 28 2020 RH Container Bot - 2:2.134.0-2.dev.gitff26015 - bump to 2.134.0 - autobuilt ff26015 diff --git a/sources b/sources index 5f6052a..20f8773 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-ff26015.tar.gz) = 796d2fdcef4a57839a52f89f80d7ea6598617f54861a23a77cfddf16e36af25732e0cf57f17a74c0a6d4bae462b0fe2b4ebf4faa9219fc51aae35e392c9aa067 +SHA512 (container-selinux-0d99e89.tar.gz) = 87fca9f8a741874646e2311e91bfe88e0a18bf3b4f71f47273665933edbe368d96cda2b4f3f4af848b5b6b539837fe3877bdd11528b5a01814cea8edfaa798e8 From 3ed1e8a57689913b4dc0f51f6a700ac264150f7d Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 11 Jun 2020 18:09:25 +0000 Subject: [PATCH 212/381] container-selinux-2:2.136.0-2.dev.git441172a - bump to 2.136.0 - autobuilt 441172a Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 564410c..392b130 100644 --- a/.gitignore +++ b/.gitignore @@ -128,3 +128,4 @@ /container-selinux-0a878bd.tar.gz /container-selinux-ff26015.tar.gz /container-selinux-0d99e89.tar.gz +/container-selinux-441172a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 8b40cd2..f7b6a86 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 0d99e89271775f8f716a1d8c8b65549c527227f4 +%global commit0 441172a2323401913a052bd0b2fe68e0e9ad251d %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.135.0 +Version: 2.136.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Jun 11 2020 RH Container Bot - 2:2.136.0-2.dev.git441172a +- bump to 2.136.0 +- autobuilt 441172a + * Fri May 29 2020 RH Container Bot - 2:2.135.0-2.dev.git0d99e89 - bump to 2.135.0 - autobuilt 0d99e89 diff --git a/sources b/sources index 20f8773..8c7c90b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-0d99e89.tar.gz) = 87fca9f8a741874646e2311e91bfe88e0a18bf3b4f71f47273665933edbe368d96cda2b4f3f4af848b5b6b539837fe3877bdd11528b5a01814cea8edfaa798e8 +SHA512 (container-selinux-441172a.tar.gz) = 5891dff2218b47bbff2a810c7e437745ead10b6c4583c7d0ed413b35da5a12f5230206b3ec79a1c592fe6a8be04efcae7e5032cd1ac00f9a8ccbe80a32af7f58 From 7fd33b9d65dce23e775e83e62b368623c109f933 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 11 Jun 2020 20:09:25 +0000 Subject: [PATCH 213/381] container-selinux-2:2.137.0-2.dev.git6b721da - bump to 2.137.0 - autobuilt 6b721da Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 392b130..51d0c76 100644 --- a/.gitignore +++ b/.gitignore @@ -129,3 +129,4 @@ /container-selinux-ff26015.tar.gz /container-selinux-0d99e89.tar.gz /container-selinux-441172a.tar.gz +/container-selinux-6b721da.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index f7b6a86..3867c46 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 441172a2323401913a052bd0b2fe68e0e9ad251d +%global commit0 6b721daa0b9ff46a444e174995e5ac6600604db5 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.136.0 +Version: 2.137.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Jun 11 2020 RH Container Bot - 2:2.137.0-2.dev.git6b721da +- bump to 2.137.0 +- autobuilt 6b721da + * Thu Jun 11 2020 RH Container Bot - 2:2.136.0-2.dev.git441172a - bump to 2.136.0 - autobuilt 441172a diff --git a/sources b/sources index 8c7c90b..f2d1356 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-441172a.tar.gz) = 5891dff2218b47bbff2a810c7e437745ead10b6c4583c7d0ed413b35da5a12f5230206b3ec79a1c592fe6a8be04efcae7e5032cd1ac00f9a8ccbe80a32af7f58 +SHA512 (container-selinux-6b721da.tar.gz) = c3e8b3253d8913ea63faf4942bb86dd84650764dd985cac27149718ab2167eddd2fa0380dc5fe67297ce5d7387c4d4296f5bb027835bd40535e6abdd51910f0b From d96aa6d4ecf85147ff7f99d126c76b93207666b7 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 9 Jul 2020 16:10:49 +0000 Subject: [PATCH 214/381] container-selinux-2:2.138.0-2.dev.git9884317 - bump to 2.138.0 - autobuilt 9884317 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 51d0c76..217b14d 100644 --- a/.gitignore +++ b/.gitignore @@ -130,3 +130,4 @@ /container-selinux-0d99e89.tar.gz /container-selinux-441172a.tar.gz /container-selinux-6b721da.tar.gz +/container-selinux-9884317.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 3867c46..2467862 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 6b721daa0b9ff46a444e174995e5ac6600604db5 +%global commit0 988431700370bf7f554ab6507c836a9aa19e47ff %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.137.0 +Version: 2.138.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Jul 09 2020 RH Container Bot - 2:2.138.0-2.dev.git9884317 +- bump to 2.138.0 +- autobuilt 9884317 + * Thu Jun 11 2020 RH Container Bot - 2:2.137.0-2.dev.git6b721da - bump to 2.137.0 - autobuilt 6b721da diff --git a/sources b/sources index f2d1356..3e47204 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-6b721da.tar.gz) = c3e8b3253d8913ea63faf4942bb86dd84650764dd985cac27149718ab2167eddd2fa0380dc5fe67297ce5d7387c4d4296f5bb027835bd40535e6abdd51910f0b +SHA512 (container-selinux-9884317.tar.gz) = 3dfceccac24d6fc05f64f9efa9246d780fd4149ceae080832a4c538a5b434d364f489669e8cf9af161d1bb595eb7eddfa872a87eb5a5ef78a55b188f607cd880 From dd65c71401bce2d8bba450e2b0557aa357243b96 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Sat, 18 Jul 2020 11:10:11 +0000 Subject: [PATCH 215/381] container-selinux-2:2.139.0-2.dev.git8c26927 - bump to 2.139.0 - autobuilt 8c26927 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 217b14d..cbe7540 100644 --- a/.gitignore +++ b/.gitignore @@ -131,3 +131,4 @@ /container-selinux-441172a.tar.gz /container-selinux-6b721da.tar.gz /container-selinux-9884317.tar.gz +/container-selinux-8c26927.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 2467862..efe1e33 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 988431700370bf7f554ab6507c836a9aa19e47ff +%global commit0 8c26927bc43112dce4088a453a1c446c3a15c21f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.138.0 +Version: 2.139.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Sat Jul 18 11:10:04 GMT 2020 RH Container Bot - 2:2.139.0-2.dev.git8c26927 +- bump to 2.139.0 +- autobuilt 8c26927 + * Thu Jul 09 2020 RH Container Bot - 2:2.138.0-2.dev.git9884317 - bump to 2.138.0 - autobuilt 9884317 diff --git a/sources b/sources index 3e47204..9ed45b7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-9884317.tar.gz) = 3dfceccac24d6fc05f64f9efa9246d780fd4149ceae080832a4c538a5b434d364f489669e8cf9af161d1bb595eb7eddfa872a87eb5a5ef78a55b188f607cd880 +SHA512 (container-selinux-8c26927.tar.gz) = 002432bc7b786a35f43ab7bc91f4581beaac2cb617f78630684989ad1ceb25ca0b83ae04cfb7976477a6e88f7653561d23c6e4eb1d30e011eae0618b3cd32def From 78aaeb708bedfce66938564a1beeec04ba6b9a95 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 23 Jul 2020 19:10:43 +0000 Subject: [PATCH 216/381] container-selinux-2:2.140.0-2.dev.git965c7fb - bump to 2.140.0 - autobuilt 965c7fb Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index cbe7540..594b7dd 100644 --- a/.gitignore +++ b/.gitignore @@ -132,3 +132,4 @@ /container-selinux-6b721da.tar.gz /container-selinux-9884317.tar.gz /container-selinux-8c26927.tar.gz +/container-selinux-965c7fb.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index efe1e33..d217d5e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 8c26927bc43112dce4088a453a1c446c3a15c21f +%global commit0 965c7fb488ccec2c623d1b71e665f70c8ef3db11 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.139.0 +Version: 2.140.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Jul 23 19:10:26 GMT 2020 RH Container Bot - 2:2.140.0-2.dev.git965c7fb +- bump to 2.140.0 +- autobuilt 965c7fb + * Sat Jul 18 11:10:04 GMT 2020 RH Container Bot - 2:2.139.0-2.dev.git8c26927 - bump to 2.139.0 - autobuilt 8c26927 diff --git a/sources b/sources index 9ed45b7..842896a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-8c26927.tar.gz) = 002432bc7b786a35f43ab7bc91f4581beaac2cb617f78630684989ad1ceb25ca0b83ae04cfb7976477a6e88f7653561d23c6e4eb1d30e011eae0618b3cd32def +SHA512 (container-selinux-965c7fb.tar.gz) = 7bea12dd48f831b433113f7fe9d798b67d8024c10114fc10f97ab313bdb66665635e79b439f97f0dc5a8cee80a56299678efb6187644b8b0e43a3d4f6aaf208c From 5b189dfd345e7b07c5c6b4002d438ee1b8013030 Mon Sep 17 00:00:00 2001 From: Merlin Mathesius Date: Thu, 23 Jul 2020 15:53:06 -0500 Subject: [PATCH 217/381] Clean up usage of %{epoch} macro to allow building for ELN Signed-off-by: Merlin Mathesius --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index d217d5e..f6da479 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -44,7 +44,7 @@ Requires(post): libselinux-utils Requires(post): sed Obsoletes: %{name} <= 2:1.12.5-13 Obsoletes: docker-selinux <= 2:1.12.4-28 -Provides: docker-selinux = %{epoch}:%{version}-%{release} +Provides: docker-selinux = %{?epoch:%{epoch}:}%{version}-%{release} %description SELinux policy modules for use with container runtimes. @@ -111,6 +111,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Jul 23 2020 Merlin Mathesius - 2:2.140.0-2.dev.git965c7fb +- Cleanup usage of %%{epoch} macro to allow building for ELN + * Thu Jul 23 19:10:26 GMT 2020 RH Container Bot - 2:2.140.0-2.dev.git965c7fb - bump to 2.140.0 - autobuilt 965c7fb From 6901df102ee45fa1426c2a31ac7e01904112550e Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 24 Jul 2020 10:09:56 +0000 Subject: [PATCH 218/381] container-selinux-2:2.141.0-2.dev.git2750e78 - bump to 2.141.0 - autobuilt 2750e78 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 594b7dd..73d1146 100644 --- a/.gitignore +++ b/.gitignore @@ -133,3 +133,4 @@ /container-selinux-9884317.tar.gz /container-selinux-8c26927.tar.gz /container-selinux-965c7fb.tar.gz +/container-selinux-2750e78.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index f6da479..467bde5 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 965c7fb488ccec2c623d1b71e665f70c8ef3db11 +%global commit0 2750e78542a36bfffc97701183b839c8417e77aa %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.140.0 +Version: 2.141.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Jul 24 10:09:44 GMT 2020 RH Container Bot - 2:2.141.0-2.dev.git2750e78 +- bump to 2.141.0 +- autobuilt 2750e78 + * Thu Jul 23 2020 Merlin Mathesius - 2:2.140.0-2.dev.git965c7fb - Cleanup usage of %%{epoch} macro to allow building for ELN diff --git a/sources b/sources index 842896a..564fbcb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-965c7fb.tar.gz) = 7bea12dd48f831b433113f7fe9d798b67d8024c10114fc10f97ab313bdb66665635e79b439f97f0dc5a8cee80a56299678efb6187644b8b0e43a3d4f6aaf208c +SHA512 (container-selinux-2750e78.tar.gz) = 04aed6e5d06ea2867a8f17f7d684247e40161b0a9debea4a07e7d49ad4569c254c1af3672322f21c73c886114210b8f682c779ae82e0b0e553aa880e2819a6a1 From 1cfd08260caa5217f2c1540ea65bbc6a9261a34a Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 24 Jul 2020 11:09:57 +0000 Subject: [PATCH 219/381] container-selinux-2:2.142.0-2.dev.gitfe6a25c - bump to 2.142.0 - autobuilt fe6a25c Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 73d1146..b6a8d38 100644 --- a/.gitignore +++ b/.gitignore @@ -134,3 +134,4 @@ /container-selinux-8c26927.tar.gz /container-selinux-965c7fb.tar.gz /container-selinux-2750e78.tar.gz +/container-selinux-fe6a25c.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 467bde5..c59f970 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 2750e78542a36bfffc97701183b839c8417e77aa +%global commit0 fe6a25c0c888e9d8e1a20b431776a0e0419d0423 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.141.0 +Version: 2.142.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Jul 24 11:09:45 GMT 2020 RH Container Bot - 2:2.142.0-2.dev.gitfe6a25c +- bump to 2.142.0 +- autobuilt fe6a25c + * Fri Jul 24 10:09:44 GMT 2020 RH Container Bot - 2:2.141.0-2.dev.git2750e78 - bump to 2.141.0 - autobuilt 2750e78 diff --git a/sources b/sources index 564fbcb..03ce4a1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-2750e78.tar.gz) = 04aed6e5d06ea2867a8f17f7d684247e40161b0a9debea4a07e7d49ad4569c254c1af3672322f21c73c886114210b8f682c779ae82e0b0e553aa880e2819a6a1 +SHA512 (container-selinux-fe6a25c.tar.gz) = 502c3d7262b6319c99a07f85680d92c24b01f04714b938a536758e0635db33a19a93ff4434ae72f7eb811444ea9501a8c8cd25a5e5cad02656c65feec36810a8 From e73166af7b827cad6fccc92e3c274b84a9548dd3 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 27 Jul 2020 14:31:25 +0000 Subject: [PATCH 220/381] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index c59f970..03553df 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.142.0 -Release: 2.dev.git%{shortcommit0}%{?dist} +Release: 3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Jul 27 2020 Fedora Release Engineering - 2:2.142.0-3.dev.gitfe6a25c +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Fri Jul 24 11:09:45 GMT 2020 RH Container Bot - 2:2.142.0-2.dev.gitfe6a25c - bump to 2.142.0 - autobuilt fe6a25c From 23e726843bd6666c703ea108071657073dbf6dfc Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 5 Aug 2020 22:10:42 +0000 Subject: [PATCH 221/381] container-selinux-2:2.143.0-2.dev.gite2d5a9e - bump to 2.143.0 - autobuilt e2d5a9e Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index b6a8d38..1cb4754 100644 --- a/.gitignore +++ b/.gitignore @@ -135,3 +135,4 @@ /container-selinux-965c7fb.tar.gz /container-selinux-2750e78.tar.gz /container-selinux-fe6a25c.tar.gz +/container-selinux-e2d5a9e.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 03553df..be5eb52 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 fe6a25c0c888e9d8e1a20b431776a0e0419d0423 +%global commit0 e2d5a9eadb72a9aa90c4f5ba793011865620f367 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,8 +24,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.142.0 -Release: 3.dev.git%{shortcommit0}%{?dist} +Version: 2.143.0 +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Aug 05 22:10:34 GMT 2020 RH Container Bot - 2:2.143.0-2.dev.gite2d5a9e +- bump to 2.143.0 +- autobuilt e2d5a9e + * Mon Jul 27 2020 Fedora Release Engineering - 2:2.142.0-3.dev.gitfe6a25c - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild diff --git a/sources b/sources index 03ce4a1..4a623bf 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-fe6a25c.tar.gz) = 502c3d7262b6319c99a07f85680d92c24b01f04714b938a536758e0635db33a19a93ff4434ae72f7eb811444ea9501a8c8cd25a5e5cad02656c65feec36810a8 +SHA512 (container-selinux-e2d5a9e.tar.gz) = 397524b618159d498b5a64946a8f1acc0bf54a611723336aae61165322c6ee2963aec18f9c84de039755ea1ef1e0a51fbec9b49e5969043536fa382a7c9ea233 From 147e7d72634667ce7219b99ad51081efe1d5ef26 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 12 Aug 2020 15:10:13 +0000 Subject: [PATCH 222/381] container-selinux-2:2.144.0-2.dev.git746ea7a - bump to 2.144.0 - autobuilt 746ea7a Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 1cb4754..bdee02d 100644 --- a/.gitignore +++ b/.gitignore @@ -136,3 +136,4 @@ /container-selinux-2750e78.tar.gz /container-selinux-fe6a25c.tar.gz /container-selinux-e2d5a9e.tar.gz +/container-selinux-746ea7a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index be5eb52..49a406e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 e2d5a9eadb72a9aa90c4f5ba793011865620f367 +%global commit0 746ea7a2072a281106c5e0e2f9148ff0442e4d6e %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -24,7 +24,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.143.0 +Version: 2.144.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Aug 12 15:10:04 GMT 2020 RH Container Bot - 2:2.144.0-2.dev.git746ea7a +- bump to 2.144.0 +- autobuilt 746ea7a + * Wed Aug 05 22:10:34 GMT 2020 RH Container Bot - 2:2.143.0-2.dev.gite2d5a9e - bump to 2.143.0 - autobuilt e2d5a9e diff --git a/sources b/sources index 4a623bf..733a39f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-e2d5a9e.tar.gz) = 397524b618159d498b5a64946a8f1acc0bf54a611723336aae61165322c6ee2963aec18f9c84de039755ea1ef1e0a51fbec9b49e5969043536fa382a7c9ea233 +SHA512 (container-selinux-746ea7a.tar.gz) = 436eb407bc9fb104a8c13f5cdded90a3a71ddbe6faed521663d89f9f25883f36c2b707327b1b5ab5e390eeed8f5d1c8a8c429b8b42e03d4efb0981cf3b85e195 From bd03f1a9adb5e91cf34499a724f5cabee1f513ad Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 13 Aug 2020 14:10:52 +0000 Subject: [PATCH 223/381] container-selinux-2:2.144.0-3.dev.git5d929d4 - autobuilt 5d929d4 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index bdee02d..f1787aa 100644 --- a/.gitignore +++ b/.gitignore @@ -137,3 +137,4 @@ /container-selinux-fe6a25c.tar.gz /container-selinux-e2d5a9e.tar.gz /container-selinux-746ea7a.tar.gz +/container-selinux-5d929d4.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 49a406e..f0eac89 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 746ea7a2072a281106c5e0e2f9148ff0442e4d6e +%global commit0 5d929d4fa9d5703fbbf7ef05de0b2a79964b833f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.144.0 -Release: 2.dev.git%{shortcommit0}%{?dist} +Release: 3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Aug 13 14:10:45 GMT 2020 RH Container Bot - 2:2.144.0-3.dev.git5d929d4 +- autobuilt 5d929d4 + * Wed Aug 12 15:10:04 GMT 2020 RH Container Bot - 2:2.144.0-2.dev.git746ea7a - bump to 2.144.0 - autobuilt 746ea7a diff --git a/sources b/sources index 733a39f..1c3e7be 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-746ea7a.tar.gz) = 436eb407bc9fb104a8c13f5cdded90a3a71ddbe6faed521663d89f9f25883f36c2b707327b1b5ab5e390eeed8f5d1c8a8c429b8b42e03d4efb0981cf3b85e195 +SHA512 (container-selinux-5d929d4.tar.gz) = 9078bb06cda4f652bc103a8ed5cf2a631de496ba14ca928dcaf6e0ce435fdf8a906b87acd88c765096ee1ebd11de5d10ddbad2c8167649fcfd8b05965cd624ee From 72fda385c2812de550e05ddccfb4f1eb53a36a64 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 28 Aug 2020 11:11:37 -0400 Subject: [PATCH 224/381] container-selinux-2:2.144.0-4.dev.git5d929d4 - Resolves: #1780129 - bump min selinux-policy Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index f0eac89..00eb2e6 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -17,7 +17,7 @@ %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; # Version of SELinux we were using -%global selinux_policyver 3.14.4-43 +%global selinux_policyver 3.14.5-18 # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux @@ -25,7 +25,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.144.0 -Release: 3.dev.git%{shortcommit0}%{?dist} +Release: 4.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Aug 28 2020 Lokesh Mandvekar - 2:2.144.0-4.dev.git5d929d4 +- Resolves: #1780129 - bump min selinux-policy + * Thu Aug 13 14:10:45 GMT 2020 RH Container Bot - 2:2.144.0-3.dev.git5d929d4 - autobuilt 5d929d4 From b69eeb1c7ceaf73c2ebd9d3bde553ae44295f8b1 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 31 Aug 2020 10:10:47 -0400 Subject: [PATCH 225/381] Resolves: #1797554 - use _selinux_policy_version macro Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 00eb2e6..d56e8ba 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -16,16 +16,13 @@ # Format must contain '$x' somewhere to do anything useful %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; -# Version of SELinux we were using -%global selinux_policyver 3.14.5-18 - # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif Version: 2.144.0 -Release: 4.dev.git%{shortcommit0}%{?dist} +Release: 5.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -33,12 +30,12 @@ Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) -BuildRequires: selinux-policy >= %{selinux_policyver} -BuildRequires: selinux-policy-devel >= %{selinux_policyver} +BuildRequires: selinux-policy >= %_selinux_policy_version +BuildRequires: selinux-policy-devel >= %_selinux_policy_version # RE: rhbz#1195804 - ensure min NVR for selinux-policy -Requires: selinux-policy >= %{selinux_policyver} -Requires(post): selinux-policy-base >= %{selinux_policyver} -Requires(post): selinux-policy-targeted >= %{selinux_policyver} +Requires: selinux-policy >= %_selinux_policy_version +Requires(post): selinux-policy-base >= %_selinux_policy_version +Requires(post): selinux-policy-targeted >= %_selinux_policy_version Requires(post): policycoreutils Requires(post): libselinux-utils Requires(post): sed @@ -64,12 +61,6 @@ install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/ser install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages install -d %{buildroot}/%{_datadir}/containers/selinux install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts -# Currently shipped as part of selinux-policy package -#install -d %{buildroot}/%{_datadir}/man/man8 -#install -m 644 container_selinux.8 %{buildroot}/%{_datadir}/man/man8 - -# remove spec file -rm -rf container-selinux.spec %check @@ -111,6 +102,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Aug 31 2020 Lokesh Mandvekar - 2:2.144.0-5.dev.git5d929d4 +- Resolves: #1797554 - use _selinux_policy_version macro + * Fri Aug 28 2020 Lokesh Mandvekar - 2:2.144.0-4.dev.git5d929d4 - Resolves: #1780129 - bump min selinux-policy From 9633f45f8abf889867999be5305cbc434410dad0 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 10 Sep 2020 18:12:50 +0000 Subject: [PATCH 226/381] container-selinux-2:2.145.0-2.dev.git464e922 - bump to 2.145.0 - autobuilt 464e922 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index f1787aa..f13c094 100644 --- a/.gitignore +++ b/.gitignore @@ -138,3 +138,4 @@ /container-selinux-e2d5a9e.tar.gz /container-selinux-746ea7a.tar.gz /container-selinux-5d929d4.tar.gz +/container-selinux-464e922.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index d56e8ba..729c81a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 5d929d4fa9d5703fbbf7ef05de0b2a79964b833f +%global commit0 464e92247f470165accc16e11529ab0a27515ca8 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -21,8 +21,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.144.0 -Release: 5.dev.git%{shortcommit0}%{?dist} +Version: 2.145.0 +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -102,6 +102,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Sep 10 18:12:36 UTC 2020 RH Container Bot - 2:2.145.0-2.dev.git464e922 +- bump to 2.145.0 +- autobuilt 464e922 + * Mon Aug 31 2020 Lokesh Mandvekar - 2:2.144.0-5.dev.git5d929d4 - Resolves: #1797554 - use _selinux_policy_version macro diff --git a/sources b/sources index 1c3e7be..cb06b6f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5d929d4.tar.gz) = 9078bb06cda4f652bc103a8ed5cf2a631de496ba14ca928dcaf6e0ce435fdf8a906b87acd88c765096ee1ebd11de5d10ddbad2c8167649fcfd8b05965cd624ee +SHA512 (container-selinux-464e922.tar.gz) = 45374c29bf1aa2e5bdbd62a9531f48139dee96b97d762e0f0d64b464187a337c0cda41f7f320dca56af5c02f493af31c7fb02859dc09a26907cda2115f30c00b From 56ad893019401c9aaac30630caf3d0eb4bf8f381 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 8 Oct 2020 14:32:21 +0000 Subject: [PATCH 227/381] container-selinux-2:2.146.0-2.dev.git2908536 - bump to 2.146.0 - autobuilt 2908536 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index f13c094..34e7d36 100644 --- a/.gitignore +++ b/.gitignore @@ -139,3 +139,4 @@ /container-selinux-746ea7a.tar.gz /container-selinux-5d929d4.tar.gz /container-selinux-464e922.tar.gz +/container-selinux-2908536.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 729c81a..121273e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 464e92247f470165accc16e11529ab0a27515ca8 +%global commit0 29085364dbb29671240fd7910438d5cdf6dec7be %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -21,7 +21,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.145.0 +Version: 2.146.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -102,6 +102,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Oct 8 2020 RH Container Bot - 2:2.146.0-2.dev.git2908536 +- bump to 2.146.0 +- autobuilt 2908536 + * Thu Sep 10 18:12:36 UTC 2020 RH Container Bot - 2:2.145.0-2.dev.git464e922 - bump to 2.145.0 - autobuilt 464e922 diff --git a/sources b/sources index cb06b6f..d1a54d8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-464e922.tar.gz) = 45374c29bf1aa2e5bdbd62a9531f48139dee96b97d762e0f0d64b464187a337c0cda41f7f320dca56af5c02f493af31c7fb02859dc09a26907cda2115f30c00b +SHA512 (container-selinux-2908536.tar.gz) = 7bca1943f255c44b142d7cc5ba8cc23258fd2f74f16744564572f461d482a50b96752686db3c22a01ca1bbd19e0275980e632897e6513d8175a428f15ad4415a From f78c91f8fa5b4681b8918bdc6747b8dca998bcb3 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 12 Oct 2020 14:31:58 +0000 Subject: [PATCH 228/381] container-selinux-2:2.147.0-2.dev.git9fb1698 - bump to 2.147.0 - autobuilt 9fb1698 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 34e7d36..3f065f7 100644 --- a/.gitignore +++ b/.gitignore @@ -140,3 +140,4 @@ /container-selinux-5d929d4.tar.gz /container-selinux-464e922.tar.gz /container-selinux-2908536.tar.gz +/container-selinux-9fb1698.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 121273e..918a67f 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 29085364dbb29671240fd7910438d5cdf6dec7be +%global commit0 9fb1698cbb2ca24a746181a79492eb003b1ffae8 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -21,7 +21,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.146.0 +Version: 2.147.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -102,6 +102,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Oct 12 2020 RH Container Bot - 2:2.147.0-2.dev.git9fb1698 +- bump to 2.147.0 +- autobuilt 9fb1698 + * Thu Oct 8 2020 RH Container Bot - 2:2.146.0-2.dev.git2908536 - bump to 2.146.0 - autobuilt 2908536 diff --git a/sources b/sources index d1a54d8..9104800 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-2908536.tar.gz) = 7bca1943f255c44b142d7cc5ba8cc23258fd2f74f16744564572f461d482a50b96752686db3c22a01ca1bbd19e0275980e632897e6513d8175a428f15ad4415a +SHA512 (container-selinux-9fb1698.tar.gz) = 8fe625ddab2b3d836ff0e8dac1609545bff16e6b9c8b637f6eae59999473bc57b0839debb5cd2ef4e70d2b24e628d9651d7865b5d065f3b204eb05f25f063f34 From b2e55a00f67951a22ae26c70d35e76dca4377f5c Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 14 Oct 2020 14:31:51 +0000 Subject: [PATCH 229/381] container-selinux-2:2.148.0-2.dev.git3c361a2 - bump to 2.148.0 - autobuilt 3c361a2 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 3f065f7..c15dd23 100644 --- a/.gitignore +++ b/.gitignore @@ -141,3 +141,4 @@ /container-selinux-464e922.tar.gz /container-selinux-2908536.tar.gz /container-selinux-9fb1698.tar.gz +/container-selinux-3c361a2.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 918a67f..f5f2150 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 9fb1698cbb2ca24a746181a79492eb003b1ffae8 +%global commit0 3c361a2787b4f3739409a86e1cf8b6efe13f7d39 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -21,7 +21,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.147.0 +Version: 2.148.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -102,6 +102,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Oct 14 2020 RH Container Bot - 2:2.148.0-2.dev.git3c361a2 +- bump to 2.148.0 +- autobuilt 3c361a2 + * Mon Oct 12 2020 RH Container Bot - 2:2.147.0-2.dev.git9fb1698 - bump to 2.147.0 - autobuilt 9fb1698 diff --git a/sources b/sources index 9104800..f010911 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-9fb1698.tar.gz) = 8fe625ddab2b3d836ff0e8dac1609545bff16e6b9c8b637f6eae59999473bc57b0839debb5cd2ef4e70d2b24e628d9651d7865b5d065f3b204eb05f25f063f34 +SHA512 (container-selinux-3c361a2.tar.gz) = f635ba5367eaa97ae894bf759ce3dae913e5a032e9c990bc445465bc4d810fd65d0d346d3ef13ba6cc1fc31fb449989d34c5a482026b99da9e4ad85ea032c722 From 9fdf5e4f15cab8aa72669f7911c5a5de99b964f7 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 15 Oct 2020 14:32:32 +0000 Subject: [PATCH 230/381] container-selinux-2:2.148.0-3.dev.git9b3b66f - autobuilt 9b3b66f Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index c15dd23..3ca0bff 100644 --- a/.gitignore +++ b/.gitignore @@ -142,3 +142,4 @@ /container-selinux-2908536.tar.gz /container-selinux-9fb1698.tar.gz /container-selinux-3c361a2.tar.gz +/container-selinux-9b3b66f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index f5f2150..e4614db 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 3c361a2787b4f3739409a86e1cf8b6efe13f7d39 +%global commit0 9b3b66f400ed2f2bee76559fb200cf1c1f92d29c %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -22,7 +22,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.148.0 -Release: 2.dev.git%{shortcommit0}%{?dist} +Release: 3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -102,6 +102,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Oct 15 2020 RH Container Bot - 2:2.148.0-3.dev.git9b3b66f +- autobuilt 9b3b66f + * Wed Oct 14 2020 RH Container Bot - 2:2.148.0-2.dev.git3c361a2 - bump to 2.148.0 - autobuilt 3c361a2 diff --git a/sources b/sources index f010911..b5282f0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-3c361a2.tar.gz) = f635ba5367eaa97ae894bf759ce3dae913e5a032e9c990bc445465bc4d810fd65d0d346d3ef13ba6cc1fc31fb449989d34c5a482026b99da9e4ad85ea032c722 +SHA512 (container-selinux-9b3b66f.tar.gz) = 5dbc86925d3bab33e1dba9e07a12353b9879a08c4c373d5a12ae87abcf70f5aa715f6d7a53fdf719d12619d936216e734c762d3180ee4b1f9a8ab048df0c9601 From d362045995eba6ee93d769a581962a1668bb6bf9 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 23 Oct 2020 17:25:20 +0000 Subject: [PATCH 231/381] container-selinux-2:2.150.0-2.dev.git0ef4703 - bump to 2.150.0 - autobuilt 0ef4703 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 3ca0bff..e557aad 100644 --- a/.gitignore +++ b/.gitignore @@ -143,3 +143,4 @@ /container-selinux-9fb1698.tar.gz /container-selinux-3c361a2.tar.gz /container-selinux-9b3b66f.tar.gz +/container-selinux-0ef4703.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e4614db..543bf95 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 9b3b66f400ed2f2bee76559fb200cf1c1f92d29c +%global commit0 0ef47032047b6f93b1c113aafc40cbcb4e0cac3b %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -21,8 +21,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.148.0 -Release: 3.dev.git%{shortcommit0}%{?dist} +Version: 2.150.0 +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -102,6 +102,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Oct 23 2020 RH Container Bot - 2:2.150.0-2.dev.git0ef4703 +- bump to 2.150.0 +- autobuilt 0ef4703 + * Thu Oct 15 2020 RH Container Bot - 2:2.148.0-3.dev.git9b3b66f - autobuilt 9b3b66f diff --git a/sources b/sources index b5282f0..1961024 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-9b3b66f.tar.gz) = 5dbc86925d3bab33e1dba9e07a12353b9879a08c4c373d5a12ae87abcf70f5aa715f6d7a53fdf719d12619d936216e734c762d3180ee4b1f9a8ab048df0c9601 +SHA512 (container-selinux-0ef4703.tar.gz) = 5c1a769be37821cc590885a81e80c0112b598500cf4ab32a34a6f14a133f41c323c5629bb6ac22e33bc20c52e5d8be5820358b0094f77430992f792275dd26ee From 2a5fd9fae871ae915b5248b6b700af3c9d39eb54 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 5 Nov 2020 18:27:45 +0000 Subject: [PATCH 232/381] container-selinux-2:2.151.0-2.dev.git5d3c461 - bump to 2.151.0 - autobuilt 5d3c461 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index e557aad..d15d71a 100644 --- a/.gitignore +++ b/.gitignore @@ -144,3 +144,4 @@ /container-selinux-3c361a2.tar.gz /container-selinux-9b3b66f.tar.gz /container-selinux-0ef4703.tar.gz +/container-selinux-5d3c461.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 543bf95..22c9894 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 0ef47032047b6f93b1c113aafc40cbcb4e0cac3b +%global commit0 5d3c4619490947240f648330ce0c51a1a1830911 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -21,7 +21,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.150.0 +Version: 2.151.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -102,6 +102,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Nov 5 2020 RH Container Bot - 2:2.151.0-2.dev.git5d3c461 +- bump to 2.151.0 +- autobuilt 5d3c461 + * Fri Oct 23 2020 RH Container Bot - 2:2.150.0-2.dev.git0ef4703 - bump to 2.150.0 - autobuilt 0ef4703 diff --git a/sources b/sources index 1961024..11f958f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-0ef4703.tar.gz) = 5c1a769be37821cc590885a81e80c0112b598500cf4ab32a34a6f14a133f41c323c5629bb6ac22e33bc20c52e5d8be5820358b0094f77430992f792275dd26ee +SHA512 (container-selinux-5d3c461.tar.gz) = ce19061ddfed5f84ecb386ce6885a7fe2ae7f93a742dddca5ad940d0716206bc1b21b6161591b5e24f9738711975d79d777ec35233c02d807e8cefb3aa26fa23 From 9830a7eb5bdbcf72775595d300e605ce2d602981 Mon Sep 17 00:00:00 2001 From: Jindrich Novy Date: Wed, 2 Dec 2020 12:52:20 +0100 Subject: [PATCH 233/381] container-selinux-2.151.0-3.dev.git5d3c461.fc34 - remove %%fedora Epoch conditional - Related: #1899626 Signed-off-by: Jindrich Novy --- container-selinux.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 22c9894..94c48ac 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -18,11 +18,9 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux -%if 0%{?fedora} Epoch: 2 -%endif Version: 2.151.0 -Release: 2.dev.git%{shortcommit0}%{?dist} +Release: 3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -102,6 +100,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Dec 02 2020 Jindrich Novy - 2:2.151.0-3.dev.git5d3c461 +- remove %%fedora Epoch conditional +- Related: #1899626 + * Thu Nov 5 2020 RH Container Bot - 2:2.151.0-2.dev.git5d3c461 - bump to 2.151.0 - autobuilt 5d3c461 From 5c9197e29deb47e3284cd91e5c6bb91de08dc9b4 Mon Sep 17 00:00:00 2001 From: Jindrich Novy Date: Wed, 2 Dec 2020 13:17:20 +0100 Subject: [PATCH 234/381] container-selinux-2.151.0-4.dev.git5d3c461.fc34 - remove bogus changelog dates emitted by build bot leading to build failure - Related: #1715412 Signed-off-by: Jindrich Novy --- container-selinux.spec | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 94c48ac..06bc22e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -20,7 +20,7 @@ Name: container-selinux Epoch: 2 Version: 2.151.0 -Release: 3.dev.git%{shortcommit0}%{?dist} +Release: 4.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -100,6 +100,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Dec 02 2020 Jindrich Novy - 2:2.151.0-4.dev.git5d3c461 +- remove bogus changelog dates emitted by build bot leading to build failure +- Related: #1715412 + * Wed Dec 02 2020 Jindrich Novy - 2:2.151.0-3.dev.git5d3c461 - remove %%fedora Epoch conditional - Related: #1899626 @@ -127,7 +131,7 @@ fi - bump to 2.146.0 - autobuilt 2908536 -* Thu Sep 10 18:12:36 UTC 2020 RH Container Bot - 2:2.145.0-2.dev.git464e922 +* Thu Sep 10 2020 RH Container Bot - 2:2.145.0-2.dev.git464e922 - bump to 2.145.0 - autobuilt 464e922 @@ -137,36 +141,36 @@ fi * Fri Aug 28 2020 Lokesh Mandvekar - 2:2.144.0-4.dev.git5d929d4 - Resolves: #1780129 - bump min selinux-policy -* Thu Aug 13 14:10:45 GMT 2020 RH Container Bot - 2:2.144.0-3.dev.git5d929d4 +* Thu Aug 13 2020 RH Container Bot - 2:2.144.0-3.dev.git5d929d4 - autobuilt 5d929d4 -* Wed Aug 12 15:10:04 GMT 2020 RH Container Bot - 2:2.144.0-2.dev.git746ea7a +* Wed Aug 12 2020 RH Container Bot - 2:2.144.0-2.dev.git746ea7a - bump to 2.144.0 - autobuilt 746ea7a -* Wed Aug 05 22:10:34 GMT 2020 RH Container Bot - 2:2.143.0-2.dev.gite2d5a9e +* Wed Aug 05 2020 RH Container Bot - 2:2.143.0-2.dev.gite2d5a9e - bump to 2.143.0 - autobuilt e2d5a9e * Mon Jul 27 2020 Fedora Release Engineering - 2:2.142.0-3.dev.gitfe6a25c - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -* Fri Jul 24 11:09:45 GMT 2020 RH Container Bot - 2:2.142.0-2.dev.gitfe6a25c +* Fri Jul 24 2020 RH Container Bot - 2:2.142.0-2.dev.gitfe6a25c - bump to 2.142.0 - autobuilt fe6a25c -* Fri Jul 24 10:09:44 GMT 2020 RH Container Bot - 2:2.141.0-2.dev.git2750e78 +* Fri Jul 24 2020 RH Container Bot - 2:2.141.0-2.dev.git2750e78 - bump to 2.141.0 - autobuilt 2750e78 * Thu Jul 23 2020 Merlin Mathesius - 2:2.140.0-2.dev.git965c7fb - Cleanup usage of %%{epoch} macro to allow building for ELN -* Thu Jul 23 19:10:26 GMT 2020 RH Container Bot - 2:2.140.0-2.dev.git965c7fb +* Thu Jul 23 2020 RH Container Bot - 2:2.140.0-2.dev.git965c7fb - bump to 2.140.0 - autobuilt 965c7fb -* Sat Jul 18 11:10:04 GMT 2020 RH Container Bot - 2:2.139.0-2.dev.git8c26927 +* Sat Jul 18 2020 RH Container Bot - 2:2.139.0-2.dev.git8c26927 - bump to 2.139.0 - autobuilt 8c26927 From 6d70d472bf6151caa7ed48d189ab315416243163 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 22 Dec 2020 14:02:31 +0000 Subject: [PATCH 235/381] container-selinux-2:2.152.0-2.dev.git1677bc4 - bump to 2.152.0 - autobuilt 1677bc4 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index d15d71a..581e158 100644 --- a/.gitignore +++ b/.gitignore @@ -145,3 +145,4 @@ /container-selinux-9b3b66f.tar.gz /container-selinux-0ef4703.tar.gz /container-selinux-5d3c461.tar.gz +/container-selinux-1677bc4.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 06bc22e..3585440 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 5d3c4619490947240f648330ce0c51a1a1830911 +%global commit0 1677bc42a369cf9a00b24f69dcaf1ededbd2ffdf %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -19,8 +19,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.151.0 -Release: 4.dev.git%{shortcommit0}%{?dist} +Version: 2.152.0 +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -100,6 +100,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Dec 22 2020 RH Container Bot - 2:2.152.0-2.dev.git1677bc4 +- bump to 2.152.0 +- autobuilt 1677bc4 + * Wed Dec 02 2020 Jindrich Novy - 2:2.151.0-4.dev.git5d3c461 - remove bogus changelog dates emitted by build bot leading to build failure - Related: #1715412 diff --git a/sources b/sources index 11f958f..565bbcf 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5d3c461.tar.gz) = ce19061ddfed5f84ecb386ce6885a7fe2ae7f93a742dddca5ad940d0716206bc1b21b6161591b5e24f9738711975d79d777ec35233c02d807e8cefb3aa26fa23 +SHA512 (container-selinux-1677bc4.tar.gz) = b6b25a179664a5259def704013de130ce18f9a9c468d98d0fc1cce38a6199ebbd8c0ff51401838a0f7983bcea932cff87d731646af051b4349fde8340d7483c8 From 79772309b01579c2437640ed5cf8a4e84994f998 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Sat, 26 Dec 2020 11:32:22 +0000 Subject: [PATCH 236/381] container-selinux-2:2.153.0-2.dev.git8573f8d - bump to 2.153.0 - autobuilt 8573f8d Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 581e158..c6ff94d 100644 --- a/.gitignore +++ b/.gitignore @@ -146,3 +146,4 @@ /container-selinux-0ef4703.tar.gz /container-selinux-5d3c461.tar.gz /container-selinux-1677bc4.tar.gz +/container-selinux-8573f8d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 3585440..07fda2d 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 1677bc42a369cf9a00b24f69dcaf1ededbd2ffdf +%global commit0 8573f8d3d0309eb47ebca051448f7279544a2694 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -19,7 +19,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.152.0 +Version: 2.153.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -100,6 +100,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Sat Dec 26 2020 RH Container Bot - 2:2.153.0-2.dev.git8573f8d +- bump to 2.153.0 +- autobuilt 8573f8d + * Tue Dec 22 2020 RH Container Bot - 2:2.152.0-2.dev.git1677bc4 - bump to 2.152.0 - autobuilt 1677bc4 diff --git a/sources b/sources index 565bbcf..2816bfe 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-1677bc4.tar.gz) = b6b25a179664a5259def704013de130ce18f9a9c468d98d0fc1cce38a6199ebbd8c0ff51401838a0f7983bcea932cff87d731646af051b4349fde8340d7483c8 +SHA512 (container-selinux-8573f8d.tar.gz) = 0150a4d72c5a51dc50596f6bc267e30866ac43b8aa19414b72e4fdf09f641da47bbfb5e0d520413962d03583622173d1e66f4d04e69973bee1fca1e9a88a2ac8 From 9ddc5ee99669f01ecdb1fb3a61d6094084174171 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 30 Dec 2020 17:32:20 +0000 Subject: [PATCH 237/381] container-selinux-2:2.154.0-2.dev.git54e2ac5 - bump to 2.154.0 - autobuilt 54e2ac5 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index c6ff94d..b0a5b26 100644 --- a/.gitignore +++ b/.gitignore @@ -147,3 +147,4 @@ /container-selinux-5d3c461.tar.gz /container-selinux-1677bc4.tar.gz /container-selinux-8573f8d.tar.gz +/container-selinux-54e2ac5.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 07fda2d..3745958 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 8573f8d3d0309eb47ebca051448f7279544a2694 +%global commit0 54e2ac50a9987badaf4430c50eb9ba24f220b4da %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -19,7 +19,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.153.0 +Version: 2.154.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -100,6 +100,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Dec 30 2020 RH Container Bot - 2:2.154.0-2.dev.git54e2ac5 +- bump to 2.154.0 +- autobuilt 54e2ac5 + * Sat Dec 26 2020 RH Container Bot - 2:2.153.0-2.dev.git8573f8d - bump to 2.153.0 - autobuilt 8573f8d diff --git a/sources b/sources index 2816bfe..4f0c301 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-8573f8d.tar.gz) = 0150a4d72c5a51dc50596f6bc267e30866ac43b8aa19414b72e4fdf09f641da47bbfb5e0d520413962d03583622173d1e66f4d04e69973bee1fca1e9a88a2ac8 +SHA512 (container-selinux-54e2ac5.tar.gz) = be3412deefb17ade107509a7038e579e455f30067387758dbb6d13e5b247a1e321ed51c525973dfe252bc243e8fde7956591a69b6879aac129fd1a03a369e801 From 11e4b9b12aefc911d335ed9c0037c40a31a211f9 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 5 Jan 2021 17:33:12 +0000 Subject: [PATCH 238/381] container-selinux-2:2.155.0-2.dev.git667f0f3 - bump to 2.155.0 - autobuilt 667f0f3 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index b0a5b26..b827907 100644 --- a/.gitignore +++ b/.gitignore @@ -148,3 +148,4 @@ /container-selinux-1677bc4.tar.gz /container-selinux-8573f8d.tar.gz /container-selinux-54e2ac5.tar.gz +/container-selinux-667f0f3.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 3745958..d6dd0dc 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 54e2ac50a9987badaf4430c50eb9ba24f220b4da +%global commit0 667f0f36f5328223b397e7f679e59f4a92c4f188 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -19,7 +19,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.154.0 +Version: 2.155.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -100,6 +100,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Jan 5 2021 RH Container Bot - 2:2.155.0-2.dev.git667f0f3 +- bump to 2.155.0 +- autobuilt 667f0f3 + * Wed Dec 30 2020 RH Container Bot - 2:2.154.0-2.dev.git54e2ac5 - bump to 2.154.0 - autobuilt 54e2ac5 diff --git a/sources b/sources index 4f0c301..3bcf0a9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-54e2ac5.tar.gz) = be3412deefb17ade107509a7038e579e455f30067387758dbb6d13e5b247a1e321ed51c525973dfe252bc243e8fde7956591a69b6879aac129fd1a03a369e801 +SHA512 (container-selinux-667f0f3.tar.gz) = 4203da7b8ea6b3edfed77b46e7b74e97024abb9974a5e531b4f6d95c966d7da18fb689761e8a21de5f59f08360a62e4759b5a4f5009c2217edb98eb9d09878f8 From e50e815a3fd4e020b2c1ed5eacdf126061f6a5ec Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 11 Jan 2021 14:01:44 -0500 Subject: [PATCH 239/381] use built_tag macro to record latest tag Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/container-selinux.spec b/container-selinux.spec index d6dd0dc..87ad5dd 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,6 +5,10 @@ %global commit0 667f0f36f5328223b397e7f679e59f4a92c4f188 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) +# Used for comparing with latest upstream tag +# to decide whether to autobuild (non-rawhide only) +%define built_tag v2.155.0 + # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package %global selinuxtype targeted From b449d2caab111e31c9ae86225bd67c9528337326 Mon Sep 17 00:00:00 2001 From: Ondrej Mosnacek Date: Tue, 3 Nov 2020 17:06:10 +0100 Subject: [PATCH 240/381] Depend on git-core instead of full git See: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/GS7GOUITUEASRELL7SKGLVJLGS3ZVJ45/ Signed-off-by: Ondrej Mosnacek --- container-selinux.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 87ad5dd..e2f98cc 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -30,7 +30,7 @@ URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz BuildArch: noarch -BuildRequires: git +BuildRequires: git-core BuildRequires: pkgconfig(systemd) BuildRequires: selinux-policy >= %_selinux_policy_version BuildRequires: selinux-policy-devel >= %_selinux_policy_version From 45f7c52422e613853508e56635c7c1e9dd91b841 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Wed, 13 Jan 2021 01:03:05 +0000 Subject: [PATCH 241/381] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- container-selinux.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/container-selinux.spec b/container-selinux.spec index e2f98cc..5ab39a3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -30,6 +30,7 @@ URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz BuildArch: noarch +BuildRequires: make BuildRequires: git-core BuildRequires: pkgconfig(systemd) BuildRequires: selinux-policy >= %_selinux_policy_version From 0d6f91e1a0c9bd97e5728e94d4cce74b40ece9e2 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 15 Jan 2021 17:32:57 +0000 Subject: [PATCH 242/381] container-selinux-2:2.156.0-2.dev.git75f193a - bump to 2.156.0 - autobuilt 75f193a Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index b827907..99dc5e5 100644 --- a/.gitignore +++ b/.gitignore @@ -149,3 +149,4 @@ /container-selinux-8573f8d.tar.gz /container-selinux-54e2ac5.tar.gz /container-selinux-667f0f3.tar.gz +/container-selinux-75f193a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 5ab39a3..a4f4c00 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,12 +2,12 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 667f0f36f5328223b397e7f679e59f4a92c4f188 +%global commit0 75f193a0bfade31ecd1836bf28c588ccf461ae52 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v2.155.0 +%define built_tag v2.156.0 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -23,7 +23,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.155.0 +Version: 2.156.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -105,6 +105,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Jan 15 2021 RH Container Bot - 2:2.156.0-2.dev.git75f193a +- bump to 2.156.0 +- autobuilt 75f193a + * Tue Jan 5 2021 RH Container Bot - 2:2.155.0-2.dev.git667f0f3 - bump to 2.155.0 - autobuilt 667f0f3 diff --git a/sources b/sources index 3bcf0a9..af61176 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-667f0f3.tar.gz) = 4203da7b8ea6b3edfed77b46e7b74e97024abb9974a5e531b4f6d95c966d7da18fb689761e8a21de5f59f08360a62e4759b5a4f5009c2217edb98eb9d09878f8 +SHA512 (container-selinux-75f193a.tar.gz) = bae1807a776701fe25522d5966beb2dee0ef867ea4c64aef44050a1609c63c46c368e84f7d277eedef41b09159796dd5d6e65971c73003e9591668f5877daacf From 77cba8c62b8a7d95a45b38759abefc2283ae34bd Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 26 Jan 2021 02:30:27 +0000 Subject: [PATCH 243/381] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index a4f4c00..9bec3b5 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -24,7 +24,7 @@ Name: container-selinux Epoch: 2 Version: 2.156.0 -Release: 2.dev.git%{shortcommit0}%{?dist} +Release: 3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -105,6 +105,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Jan 26 2021 Fedora Release Engineering - 2:2.156.0-3.dev.git75f193a +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Fri Jan 15 2021 RH Container Bot - 2:2.156.0-2.dev.git75f193a - bump to 2.156.0 - autobuilt 75f193a From 75547d8ddf60a0561ee041e8f3856f54940ff26c Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 2 Feb 2021 19:33:00 +0000 Subject: [PATCH 244/381] container-selinux-2:2.157.0-2.dev.gitf330e81 - bump to 2.157.0 - autobuilt f330e81 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 99dc5e5..0b88070 100644 --- a/.gitignore +++ b/.gitignore @@ -150,3 +150,4 @@ /container-selinux-54e2ac5.tar.gz /container-selinux-667f0f3.tar.gz /container-selinux-75f193a.tar.gz +/container-selinux-f330e81.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 9bec3b5..831e6d7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 75f193a0bfade31ecd1836bf28c588ccf461ae52 +%global commit0 f330e81c7e1fb9b2bde8618ada304565aab59038 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag @@ -23,8 +23,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.156.0 -Release: 3.dev.git%{shortcommit0}%{?dist} +Version: 2.157.0 +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -105,6 +105,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Feb 02 2021 RH Container Bot - 2:2.157.0-2.dev.gitf330e81 +- bump to 2.157.0 +- autobuilt f330e81 + * Tue Jan 26 2021 Fedora Release Engineering - 2:2.156.0-3.dev.git75f193a - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild diff --git a/sources b/sources index af61176..e28924c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-75f193a.tar.gz) = bae1807a776701fe25522d5966beb2dee0ef867ea4c64aef44050a1609c63c46c368e84f7d277eedef41b09159796dd5d6e65971c73003e9591668f5877daacf +SHA512 (container-selinux-f330e81.tar.gz) = 463a3eb9f428c600894f2c59f03ffa4b941218613152f367b2ccb6cfc7a76ffb87b39cd9b2acf39bba18b82192604dc5bcb349f97bd0c4aab7a7d8023da21488 From 13d8074bca5ae33f899feea63435d7cc81256d82 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 8 Feb 2021 19:25:49 +0000 Subject: [PATCH 245/381] container-selinux-2:2.157.0-3.dev.git6d13bf9 - autobuilt 6d13bf9 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 0b88070..f19b7fe 100644 --- a/.gitignore +++ b/.gitignore @@ -151,3 +151,4 @@ /container-selinux-667f0f3.tar.gz /container-selinux-75f193a.tar.gz /container-selinux-f330e81.tar.gz +/container-selinux-6d13bf9.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 831e6d7..9c6abbb 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 f330e81c7e1fb9b2bde8618ada304565aab59038 +%global commit0 6d13bf9ff9f45431f064ba63794fa97d565641d9 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag @@ -24,7 +24,7 @@ Name: container-selinux Epoch: 2 Version: 2.157.0 -Release: 2.dev.git%{shortcommit0}%{?dist} +Release: 3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -105,6 +105,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Feb 08 2021 RH Container Bot - 2:2.157.0-3.dev.git6d13bf9 +- autobuilt 6d13bf9 + * Tue Feb 02 2021 RH Container Bot - 2:2.157.0-2.dev.gitf330e81 - bump to 2.157.0 - autobuilt f330e81 diff --git a/sources b/sources index e28924c..1bb3aa7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-f330e81.tar.gz) = 463a3eb9f428c600894f2c59f03ffa4b941218613152f367b2ccb6cfc7a76ffb87b39cd9b2acf39bba18b82192604dc5bcb349f97bd0c4aab7a7d8023da21488 +SHA512 (container-selinux-6d13bf9.tar.gz) = c48b94bb8ec965b8b1222d87d335840649b7b62a8a8e626283f0b2c439da75dcd2119e9f39fdfcf72f36f3fbfe9609bea094e43d901be81b4302791dff454526 From e85faff4485234c18e04d143df406a1649f53375 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 11 Feb 2021 22:32:55 +0000 Subject: [PATCH 246/381] container-selinux-2:2.158.0-2.dev.giteb6dad0 - bump to 2.158.0 - autobuilt eb6dad0 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 12 ++++++++---- sources | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index f19b7fe..363bdba 100644 --- a/.gitignore +++ b/.gitignore @@ -152,3 +152,4 @@ /container-selinux-75f193a.tar.gz /container-selinux-f330e81.tar.gz /container-selinux-6d13bf9.tar.gz +/container-selinux-eb6dad0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 9c6abbb..11848f8 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,12 +2,12 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 6d13bf9ff9f45431f064ba63794fa97d565641d9 +%global commit0 eb6dad035270c30edf211275f705f4f364c0c08e %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v2.156.0 +%define built_tag v2.158.0 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -23,8 +23,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.157.0 -Release: 3.dev.git%{shortcommit0}%{?dist} +Version: 2.158.0 +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -105,6 +105,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Feb 11 2021 RH Container Bot - 2:2.158.0-2.dev.giteb6dad0 +- bump to 2.158.0 +- autobuilt eb6dad0 + * Mon Feb 08 2021 RH Container Bot - 2:2.157.0-3.dev.git6d13bf9 - autobuilt 6d13bf9 diff --git a/sources b/sources index 1bb3aa7..b313f5c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-6d13bf9.tar.gz) = c48b94bb8ec965b8b1222d87d335840649b7b62a8a8e626283f0b2c439da75dcd2119e9f39fdfcf72f36f3fbfe9609bea094e43d901be81b4302791dff454526 +SHA512 (container-selinux-eb6dad0.tar.gz) = b6b63ee817eaff0c045d25ab9b6b5ff8898fd09291b2f7e51ff93bb01de808c749ffd8d41dd22f296a323d6a57cd6817696f00c9459f08b5fd652665402e3a09 From ce7f9dfa88038d2fd6c290d859378797ebff4aa8 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 12 Feb 2021 12:32:56 +0000 Subject: [PATCH 247/381] container-selinux-2:2.158.0-3.dev.gitaeb85c4 - autobuilt aeb85c4 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 363bdba..4bd29d2 100644 --- a/.gitignore +++ b/.gitignore @@ -153,3 +153,4 @@ /container-selinux-f330e81.tar.gz /container-selinux-6d13bf9.tar.gz /container-selinux-eb6dad0.tar.gz +/container-selinux-aeb85c4.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 11848f8..9158c38 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 eb6dad035270c30edf211275f705f4f364c0c08e +%global commit0 aeb85c4fb9535cdc806df2058a4508f8d63be418 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag @@ -24,7 +24,7 @@ Name: container-selinux Epoch: 2 Version: 2.158.0 -Release: 2.dev.git%{shortcommit0}%{?dist} +Release: 3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -105,6 +105,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Feb 12 2021 RH Container Bot - 2:2.158.0-3.dev.gitaeb85c4 +- autobuilt aeb85c4 + * Thu Feb 11 2021 RH Container Bot - 2:2.158.0-2.dev.giteb6dad0 - bump to 2.158.0 - autobuilt eb6dad0 diff --git a/sources b/sources index b313f5c..6bd6ca2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-eb6dad0.tar.gz) = b6b63ee817eaff0c045d25ab9b6b5ff8898fd09291b2f7e51ff93bb01de808c749ffd8d41dd22f296a323d6a57cd6817696f00c9459f08b5fd652665402e3a09 +SHA512 (container-selinux-aeb85c4.tar.gz) = 8370fb470b008575d73d14bde52cf6a7bc790f7d407d8c23f23ce20cd1cf78c010d4698d294f393f70b4d211e88290d2affadbd08511a124abfd5f24a6b59ca2 From c3b175e6d97c7a102aa22a43ce10793600e2213e Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 16 Feb 2021 23:02:11 +0000 Subject: [PATCH 248/381] container-selinux-2:2.158.0-4.dev.gite78ac4f - autobuilt e78ac4f Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 4bd29d2..d82ed83 100644 --- a/.gitignore +++ b/.gitignore @@ -154,3 +154,4 @@ /container-selinux-6d13bf9.tar.gz /container-selinux-eb6dad0.tar.gz /container-selinux-aeb85c4.tar.gz +/container-selinux-e78ac4f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 9158c38..42b3b14 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 aeb85c4fb9535cdc806df2058a4508f8d63be418 +%global commit0 e78ac4f5b982112a1f018fb5964c3a8b27f0b65d %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag @@ -24,7 +24,7 @@ Name: container-selinux Epoch: 2 Version: 2.158.0 -Release: 3.dev.git%{shortcommit0}%{?dist} +Release: 4.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -105,6 +105,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Feb 16 2021 RH Container Bot - 2:2.158.0-4.dev.gite78ac4f +- autobuilt e78ac4f + * Fri Feb 12 2021 RH Container Bot - 2:2.158.0-3.dev.gitaeb85c4 - autobuilt aeb85c4 diff --git a/sources b/sources index 6bd6ca2..62b5cae 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-aeb85c4.tar.gz) = 8370fb470b008575d73d14bde52cf6a7bc790f7d407d8c23f23ce20cd1cf78c010d4698d294f393f70b4d211e88290d2affadbd08511a124abfd5f24a6b59ca2 +SHA512 (container-selinux-e78ac4f.tar.gz) = 82417b07ade92711563ece1a7b0df0c33d035507bf28e93f9d613e7e3b92a288960929ed00063fcc77fd09acddf504f8a04a3fadc61d35d4287a7569bec84116 From dca5282acc295b5a00dbadc68cfa51d8f975b7bc Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 17 Feb 2021 15:01:39 -0500 Subject: [PATCH 249/381] Rebuilt to use latest selinux-policy interfaces --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 42b3b14..c19a7d0 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -24,7 +24,7 @@ Name: container-selinux Epoch: 2 Version: 2.158.0 -Release: 4.dev.git%{shortcommit0}%{?dist} +Release: 5.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -105,6 +105,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Feb 17 2021 Dan Walsh - 2:2.158.0-5.dev.gite78ac4f +- Rebuilt to use latest selinux-policy interfaces + * Tue Feb 16 2021 RH Container Bot - 2:2.158.0-4.dev.gite78ac4f - autobuilt e78ac4f From 9cb5b10e56aa2220178acbc571d50e28a45b1bd1 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 29 Mar 2021 13:18:04 +0000 Subject: [PATCH 250/381] container-selinux-2:2.159.0-2.dev.gitd89a599 - bump to 2.159.0 - autobuilt d89a599 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 12 ++++++++---- sources | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index d82ed83..8699d67 100644 --- a/.gitignore +++ b/.gitignore @@ -155,3 +155,4 @@ /container-selinux-eb6dad0.tar.gz /container-selinux-aeb85c4.tar.gz /container-selinux-e78ac4f.tar.gz +/container-selinux-d89a599.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index c19a7d0..18b65d3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,12 +2,12 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 e78ac4f5b982112a1f018fb5964c3a8b27f0b65d +%global commit0 d89a599e3d3c362ec178600ed04c72f337c10d28 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v2.158.0 +%define built_tag v2.159.0 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -23,8 +23,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.158.0 -Release: 5.dev.git%{shortcommit0}%{?dist} +Version: 2.159.0 +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -105,6 +105,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Mar 29 2021 RH Container Bot - 2:2.159.0-2.dev.gitd89a599 +- bump to 2.159.0 +- autobuilt d89a599 + * Wed Feb 17 2021 Dan Walsh - 2:2.158.0-5.dev.gite78ac4f - Rebuilt to use latest selinux-policy interfaces diff --git a/sources b/sources index 62b5cae..4ed4415 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-e78ac4f.tar.gz) = 82417b07ade92711563ece1a7b0df0c33d035507bf28e93f9d613e7e3b92a288960929ed00063fcc77fd09acddf504f8a04a3fadc61d35d4287a7569bec84116 +SHA512 (container-selinux-d89a599.tar.gz) = 63e2b788446df0cea024cb21249fd7368517a9bfe8a55eb1afce429208f50b47c458dd3dff807be517d20ca5413116a924f284f886ec4f5f81295e1360984827 From a0073075174d138039858277ae029345b94748eb Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 31 Mar 2021 14:39:05 -0400 Subject: [PATCH 251/381] container-selinux-2:2.160.0-2.dev.gitc9f0cb6 - bump to v2.160.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 2 ++ container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 8699d67..5dcdd5a 100644 --- a/.gitignore +++ b/.gitignore @@ -156,3 +156,5 @@ /container-selinux-aeb85c4.tar.gz /container-selinux-e78ac4f.tar.gz /container-selinux-d89a599.tar.gz +/container-selinux-c9f0cb6.tar.gz +/v2.155.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 18b65d3..a3fc706 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,12 +2,12 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 d89a599e3d3c362ec178600ed04c72f337c10d28 +%global commit0 c9f0cb6172a1d37820157d04d4bee7dfa656fcc3 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v2.159.0 +%define built_tag v2.160.0 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -23,7 +23,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.159.0 +Version: 2.160.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -105,6 +105,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Mar 31 2021 Lokesh Mandvekar - 2:2.160.0-2.dev.gitc9f0cb6 +- bump to v2.160.0 + * Mon Mar 29 2021 RH Container Bot - 2:2.159.0-2.dev.gitd89a599 - bump to 2.159.0 - autobuilt d89a599 diff --git a/sources b/sources index 4ed4415..51c9eea 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-d89a599.tar.gz) = 63e2b788446df0cea024cb21249fd7368517a9bfe8a55eb1afce429208f50b47c458dd3dff807be517d20ca5413116a924f284f886ec4f5f81295e1360984827 +SHA512 (container-selinux-c9f0cb6.tar.gz) = d41478411ed9363cf952580461e6cf793dff21254ecff6ff8e0a655b94c0d6365faf16917413852d339014ffff6c9a70991bed8a71aee71e36ca9beaa3bf0f47 From 5b38b93dd25f61a0000e02a30bbe4ba946065c6e Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 20 Apr 2021 14:53:17 +0000 Subject: [PATCH 252/381] container-selinux-2:2.160.0-3.dev.git5a60716 - autobuilt 5a60716 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 5dcdd5a..86cc6c6 100644 --- a/.gitignore +++ b/.gitignore @@ -158,3 +158,4 @@ /container-selinux-d89a599.tar.gz /container-selinux-c9f0cb6.tar.gz /v2.155.0.tar.gz +/container-selinux-5a60716.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index a3fc706..0b9ffc2 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 c9f0cb6172a1d37820157d04d4bee7dfa656fcc3 +%global commit0 5a6071656f75cc7794ea8edbe9487716b361ce7e %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag @@ -24,7 +24,7 @@ Name: container-selinux Epoch: 2 Version: 2.160.0 -Release: 2.dev.git%{shortcommit0}%{?dist} +Release: 3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -105,6 +105,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Apr 20 2021 RH Container Bot - 2:2.160.0-3.dev.git5a60716 +- autobuilt 5a60716 + * Wed Mar 31 2021 Lokesh Mandvekar - 2:2.160.0-2.dev.gitc9f0cb6 - bump to v2.160.0 diff --git a/sources b/sources index 51c9eea..108b481 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-c9f0cb6.tar.gz) = d41478411ed9363cf952580461e6cf793dff21254ecff6ff8e0a655b94c0d6365faf16917413852d339014ffff6c9a70991bed8a71aee71e36ca9beaa3bf0f47 +SHA512 (container-selinux-5a60716.tar.gz) = e90d5e91511ff3662bc9f9c70065fccc3b2fd2087df87ad56f377f65eaa7e3d7c51c5a0661ee72490c574f26d0e653bbff9dd7ef1585f21f2ef566edc7ed3b09 From 1b9e9a7937b3b93bc5ab076afab2d50b30c966ec Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 28 Apr 2021 13:42:16 +0000 Subject: [PATCH 253/381] container-selinux-2:2.117.0-2.dev.gitbfde70a - bump to 2.117.0 - autobuilt bfde70a Signed-off-by: RH Container Bot --- container-selinux.spec | 12 ++++++++---- sources | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 0b9ffc2..3ca186b 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,12 +2,12 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 5a6071656f75cc7794ea8edbe9487716b361ce7e +%global commit0 bfde70abeab100e944dcfd439859fbae967d8b39 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v2.160.0 +%define built_tag v2.160.2 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -23,8 +23,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.160.0 -Release: 3.dev.git%{shortcommit0}%{?dist} +Version: 2.117.0 +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -105,6 +105,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Apr 28 2021 RH Container Bot - 2:2.117.0-2.dev.gitbfde70a +- bump to 2.117.0 +- autobuilt bfde70a + * Tue Apr 20 2021 RH Container Bot - 2:2.160.0-3.dev.git5a60716 - autobuilt 5a60716 diff --git a/sources b/sources index 108b481..e25d105 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5a60716.tar.gz) = e90d5e91511ff3662bc9f9c70065fccc3b2fd2087df87ad56f377f65eaa7e3d7c51c5a0661ee72490c574f26d0e653bbff9dd7ef1585f21f2ef566edc7ed3b09 +SHA512 (container-selinux-bfde70a.tar.gz) = f8e963b9688f65b768e6b0dcb427fe9f47397e70f4889166d8c6eeccbeb9dd393acfa19586870e367ce5eea1d1d2d15ec9acb6fdb7e108c772be137a76ff4b45 From fad696781c016aa1b49cbf12d2fe701426fcecd1 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 6 May 2021 08:24:08 -0400 Subject: [PATCH 254/381] Revert "container-selinux-2:2.117.0-2.dev.gitbfde70a" This reverts commit 1b9e9a7937b3b93bc5ab076afab2d50b30c966ec. Bad commit --- container-selinux.spec | 12 ++++-------- sources | 2 +- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 3ca186b..0b9ffc2 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,12 +2,12 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 bfde70abeab100e944dcfd439859fbae967d8b39 +%global commit0 5a6071656f75cc7794ea8edbe9487716b361ce7e %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v2.160.2 +%define built_tag v2.160.0 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -23,8 +23,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.117.0 -Release: 2.dev.git%{shortcommit0}%{?dist} +Version: 2.160.0 +Release: 3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -105,10 +105,6 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog -* Wed Apr 28 2021 RH Container Bot - 2:2.117.0-2.dev.gitbfde70a -- bump to 2.117.0 -- autobuilt bfde70a - * Tue Apr 20 2021 RH Container Bot - 2:2.160.0-3.dev.git5a60716 - autobuilt 5a60716 diff --git a/sources b/sources index e25d105..108b481 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-bfde70a.tar.gz) = f8e963b9688f65b768e6b0dcb427fe9f47397e70f4889166d8c6eeccbeb9dd393acfa19586870e367ce5eea1d1d2d15ec9acb6fdb7e108c772be137a76ff4b45 +SHA512 (container-selinux-5a60716.tar.gz) = e90d5e91511ff3662bc9f9c70065fccc3b2fd2087df87ad56f377f65eaa7e3d7c51c5a0661ee72490c574f26d0e653bbff9dd7ef1585f21f2ef566edc7ed3b09 From c208678fca1fc7b4b96e5678119531606065ec02 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 7 May 2021 15:39:13 +0000 Subject: [PATCH 255/381] container-selinux-2:2.161.1-2.dev.gite1092cd - bump to 2.161.1 - autobuilt e1092cd Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 12 ++++++++---- sources | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 86cc6c6..33c2a3c 100644 --- a/.gitignore +++ b/.gitignore @@ -159,3 +159,4 @@ /container-selinux-c9f0cb6.tar.gz /v2.155.0.tar.gz /container-selinux-5a60716.tar.gz +/container-selinux-e1092cd.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 0b9ffc2..a2fb89f 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,12 +2,12 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 5a6071656f75cc7794ea8edbe9487716b361ce7e +%global commit0 e1092cd2cb0891de02a70447e6e68adbf6e15c8c %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v2.160.0 +%define built_tag v2.161.1 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -23,8 +23,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.160.0 -Release: 3.dev.git%{shortcommit0}%{?dist} +Version: 2.161.1 +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -105,6 +105,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri May 07 2021 RH Container Bot - 2:2.161.1-2.dev.gite1092cd +- bump to 2.161.1 +- autobuilt e1092cd + * Tue Apr 20 2021 RH Container Bot - 2:2.160.0-3.dev.git5a60716 - autobuilt 5a60716 diff --git a/sources b/sources index 108b481..c6bf523 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5a60716.tar.gz) = e90d5e91511ff3662bc9f9c70065fccc3b2fd2087df87ad56f377f65eaa7e3d7c51c5a0661ee72490c574f26d0e653bbff9dd7ef1585f21f2ef566edc7ed3b09 +SHA512 (container-selinux-e1092cd.tar.gz) = ef107d442d03b143dcb7975d34bad0ca2425af1ba053ded64b475df9940e74f2ac9a1da63d631d4a30af84c51268bc3d976bc7cbe6d48a967ed9d0fbf49b53b1 From 7758bc735c30bebe8eeeddc5430dcd0af76ca093 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 12 May 2021 04:10:43 +0000 Subject: [PATCH 256/381] container-selinux-2:2.162.0-2.dev.gitda28288 - bump to 2.162.0 - autobuilt da28288 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 33c2a3c..78244d2 100644 --- a/.gitignore +++ b/.gitignore @@ -160,3 +160,4 @@ /v2.155.0.tar.gz /container-selinux-5a60716.tar.gz /container-selinux-e1092cd.tar.gz +/container-selinux-da28288.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index a2fb89f..7205de7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,12 +2,12 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 e1092cd2cb0891de02a70447e6e68adbf6e15c8c +%global commit0 da2828824807d859cee1ac96e1d39c1abd4397da %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v2.161.1 +%define built_tag v2.162.0 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -23,7 +23,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.161.1 +Version: 2.162.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -105,6 +105,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed May 12 2021 RH Container Bot - 2:2.162.0-2.dev.gitda28288 +- bump to 2.162.0 +- autobuilt da28288 + * Fri May 07 2021 RH Container Bot - 2:2.161.1-2.dev.gite1092cd - bump to 2.161.1 - autobuilt e1092cd diff --git a/sources b/sources index c6bf523..0cfd2e4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-e1092cd.tar.gz) = ef107d442d03b143dcb7975d34bad0ca2425af1ba053ded64b475df9940e74f2ac9a1da63d631d4a30af84c51268bc3d976bc7cbe6d48a967ed9d0fbf49b53b1 +SHA512 (container-selinux-da28288.tar.gz) = 1ca62a9bc0edc7c7f8dbc03c2c75ea2c7548854a16cd35049adf912423434fe4295ad29a07c063071065a09b2dfffe3637196e649f9c8ad84109c94ac674bc55 From 8cccf0bd0954f442248daf7fcd55ea1067abbd2e Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Sun, 16 May 2021 04:12:43 +0000 Subject: [PATCH 257/381] container-selinux-2:2.162.1-2.dev.git233e620 - bump to 2.162.1 - autobuilt 233e620 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 78244d2..f7911f8 100644 --- a/.gitignore +++ b/.gitignore @@ -161,3 +161,4 @@ /container-selinux-5a60716.tar.gz /container-selinux-e1092cd.tar.gz /container-selinux-da28288.tar.gz +/container-selinux-233e620.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 7205de7..0f62161 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 da2828824807d859cee1ac96e1d39c1abd4397da +%global commit0 233e620d6d0e4dc357e58908a9e8abd6e9e94a94 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag @@ -23,7 +23,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.162.0 +Version: 2.162.1 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -105,6 +105,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Sun May 16 2021 RH Container Bot - 2:2.162.1-2.dev.git233e620 +- bump to 2.162.1 +- autobuilt 233e620 + * Wed May 12 2021 RH Container Bot - 2:2.162.0-2.dev.gitda28288 - bump to 2.162.0 - autobuilt da28288 diff --git a/sources b/sources index 0cfd2e4..6b0ed13 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-da28288.tar.gz) = 1ca62a9bc0edc7c7f8dbc03c2c75ea2c7548854a16cd35049adf912423434fe4295ad29a07c063071065a09b2dfffe3637196e649f9c8ad84109c94ac674bc55 +SHA512 (container-selinux-233e620.tar.gz) = d249e5645dadc95a7b2e073f6ae4d137a06674fb7ebfee48a46db7bc83ea20c6f3148b0ea879c3f291ea17938d0bbe75c0fd385e5e24c904b326622a46404b22 From 2e560c5e4950e6c22b5acb055dd3769bfbfbc248 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 17 May 2021 06:01:30 -0400 Subject: [PATCH 258/381] Fix labels in users homedirs, before overlayfs is supported by default for non root users --- container-selinux.spec | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 0f62161..69db0fc 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -24,7 +24,7 @@ Name: container-selinux Epoch: 2 Version: 2.162.1 -Release: 2.dev.git%{shortcommit0}%{?dist} +Release: 3.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -103,8 +103,18 @@ fi # Currently shipped in selinux-policy-doc #%%{_datadir}/man/man8/container_selinux.8.gz +%triggerpostun -- container-selinux < 2:2.162.1-3 +if %{_sbindir}/selinuxenabled ; then + echo "Fixing Rootless SELinux labels in homedir" + %{_sbindir}/restorecon -R /home/*/.local/share/containers/storage/overlay* 2> /dev/null +fi + + # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon May 17 2021 Dan Walsh - 2:2.162.1-3.dev.git233e620 +- Fix labels in users homedirs, before overlayfs is supported by default for non root users + * Sun May 16 2021 RH Container Bot - 2:2.162.1-2.dev.git233e620 - bump to 2.162.1 - autobuilt 233e620 From c208a2d90f603660c08e4014f6dd8f21c0b315c1 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 25 May 2021 04:10:08 +0000 Subject: [PATCH 259/381] container-selinux-2:2.162.2-2.dev.git61b862a - bump to 2.162.2 - autobuilt 61b862a Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 12 ++++++++---- sources | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index f7911f8..8ec9f78 100644 --- a/.gitignore +++ b/.gitignore @@ -162,3 +162,4 @@ /container-selinux-e1092cd.tar.gz /container-selinux-da28288.tar.gz /container-selinux-233e620.tar.gz +/container-selinux-61b862a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 69db0fc..e9c98ff 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,12 +2,12 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 233e620d6d0e4dc357e58908a9e8abd6e9e94a94 +%global commit0 61b862abec5bc33724d7853b095ab6268fc485b7 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v2.162.0 +%define built_tag v2.162.2 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -23,8 +23,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.162.1 -Release: 3.dev.git%{shortcommit0}%{?dist} +Version: 2.162.2 +Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -112,6 +112,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue May 25 2021 RH Container Bot - 2:2.162.2-2.dev.git61b862a +- bump to 2.162.2 +- autobuilt 61b862a + * Mon May 17 2021 Dan Walsh - 2:2.162.1-3.dev.git233e620 - Fix labels in users homedirs, before overlayfs is supported by default for non root users diff --git a/sources b/sources index 6b0ed13..0a13b64 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-233e620.tar.gz) = d249e5645dadc95a7b2e073f6ae4d137a06674fb7ebfee48a46db7bc83ea20c6f3148b0ea879c3f291ea17938d0bbe75c0fd385e5e24c904b326622a46404b22 +SHA512 (container-selinux-61b862a.tar.gz) = 970f312e2cb68575cf550db5dbe64a844592089b51c60736d766980442cc7d8949f21acfc78c5860c380f5e2269050b2df9a364e30d2e86ac5690a42351e702c From 37d4bd63db214cd75cd9d69c01adc832804f9a68 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Sat, 12 Jun 2021 04:09:36 +0000 Subject: [PATCH 260/381] container-selinux-2:2.163.0-2.dev.git99b40c5 - bump to 2.163.0 - autobuilt 99b40c5 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 8ec9f78..6ccac3f 100644 --- a/.gitignore +++ b/.gitignore @@ -163,3 +163,4 @@ /container-selinux-da28288.tar.gz /container-selinux-233e620.tar.gz /container-selinux-61b862a.tar.gz +/container-selinux-99b40c5.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e9c98ff..1c98c5b 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,12 +2,12 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 61b862abec5bc33724d7853b095ab6268fc485b7 +%global commit0 99b40c5013ec2720a04b1d3579ef888281714c35 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v2.162.2 +%define built_tag v2.163.0 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -23,7 +23,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.162.2 +Version: 2.163.0 Release: 2.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -112,6 +112,10 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Sat Jun 12 2021 RH Container Bot - 2:2.163.0-2.dev.git99b40c5 +- bump to 2.163.0 +- autobuilt 99b40c5 + * Tue May 25 2021 RH Container Bot - 2:2.162.2-2.dev.git61b862a - bump to 2.162.2 - autobuilt 61b862a diff --git a/sources b/sources index 0a13b64..4c62aae 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-61b862a.tar.gz) = 970f312e2cb68575cf550db5dbe64a844592089b51c60736d766980442cc7d8949f21acfc78c5860c380f5e2269050b2df9a364e30d2e86ac5690a42351e702c +SHA512 (container-selinux-99b40c5.tar.gz) = 03df7817de2a166a9377a8c0c85e00f920c66b798522e2395fad1d90605765910c165a829058e6ca19d846e75f0da6e3fbedc522fa72d6adab77227d5cb2e83c From 0ed3080e4e12df0c92b7bfd8735f58f36ce9e004 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 19 Jul 2021 11:31:22 -0400 Subject: [PATCH 261/381] bump to 2.163.0 autobuilt 99b40c5 --- .gitignore | 1 + container-selinux.spec | 8 ++++---- sources | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 6ccac3f..3651e6b 100644 --- a/.gitignore +++ b/.gitignore @@ -164,3 +164,4 @@ /container-selinux-233e620.tar.gz /container-selinux-61b862a.tar.gz /container-selinux-99b40c5.tar.gz +/container-selinux-563ba3f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1c98c5b..53410af 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,12 +2,12 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 99b40c5013ec2720a04b1d3579ef888281714c35 +%global commit0 563ba3f2693f98de5e79a7fbf5889222ab9a454a %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v2.163.0 +%define built_tag v2.164.1 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -23,8 +23,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.163.0 -Release: 2.dev.git%{shortcommit0}%{?dist} +Version: 2.164.1 +Release: 0.dev.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes diff --git a/sources b/sources index 4c62aae..f738a28 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-99b40c5.tar.gz) = 03df7817de2a166a9377a8c0c85e00f920c66b798522e2395fad1d90605765910c165a829058e6ca19d846e75f0da6e3fbedc522fa72d6adab77227d5cb2e83c +SHA512 (container-selinux-563ba3f.tar.gz) = fdafd3ca1094fb009893e664a2c59b81b7b95ba796ea7e960c0c2def45a0ed229f4dece63cd87faf14e6c1094848614633b322526bb2625c5df6df6abb568a50 From a64ae0fa9b7e573642c3555c1dfc8019592997e0 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 19 Jul 2021 11:33:17 -0400 Subject: [PATCH 262/381] Allow spc_t domains to set bpf rules on any domain --- container-selinux.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/container-selinux.spec b/container-selinux.spec index 53410af..6da4011 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -112,6 +112,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Jul 19 2021 Dan Walsh - 2:2.164.1-0.dev +- Allow spc_t domains to set bpf rules on any domain + * Sat Jun 12 2021 RH Container Bot - 2:2.163.0-2.dev.git99b40c5 - bump to 2.163.0 - autobuilt 99b40c5 From c07db367f731ecba0762f93aa922c3b8b3675b0d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 21 Jul 2021 15:01:35 +0000 Subject: [PATCH 263/381] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering From 67bd97e493b2e686714f7d43bfdb2b54b40cb344 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 21 Jul 2021 19:59:41 +0000 Subject: [PATCH 264/381] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 6da4011..0b3fb61 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -24,7 +24,7 @@ Name: container-selinux Epoch: 2 Version: 2.164.1 -Release: 0.dev.git%{shortcommit0}%{?dist} +Release: 0.dev.git%{shortcommit0}%{?dist}.1 License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -112,6 +112,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Jul 21 2021 Fedora Release Engineering - 2:2.164.1-0.dev.git563ba3f.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Mon Jul 19 2021 Dan Walsh - 2:2.164.1-0.dev - Allow spc_t domains to set bpf rules on any domain From 039306ba70aab99cc522b0e3ff0a266ac520462d Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 4 Aug 2021 19:24:22 +0000 Subject: [PATCH 265/381] container-selinux-2:2.164.2-1 autobuilt v2.164.2 Signed-off-by: RH Container Bot --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 0b3fb61..d6d7555 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -23,8 +23,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.164.1 -Release: 0.dev.git%{shortcommit0}%{?dist}.1 +Version: 2.164.2 +Release: 1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -112,6 +112,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Aug 04 2021 RH Container Bot - 2:2.164.2-1 +- autobuilt v2.164.2 + * Wed Jul 21 2021 Fedora Release Engineering - 2:2.164.1-0.dev.git563ba3f.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From fd8f2748f96f25e7c51382c24e807342c119687f Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 25 Aug 2021 17:19:46 +0000 Subject: [PATCH 266/381] container-selinux-2:2.165.1-1 autobuilt v2.165.1 Signed-off-by: RH Container Bot --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index d6d7555..abc6616 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -23,7 +23,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.164.2 +Version: 2.165.1 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -112,6 +112,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Aug 25 2021 RH Container Bot - 2:2.165.1-1 +- autobuilt v2.165.1 + * Wed Aug 04 2021 RH Container Bot - 2:2.164.2-1 - autobuilt v2.164.2 From 61b74b997d510a475ef5ca8043ce714a88dafdda Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 26 Aug 2021 20:03:52 +0000 Subject: [PATCH 267/381] container-selinux-2:2.167.0-1 autobuilt v2.167.0 Signed-off-by: RH Container Bot --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index abc6616..7ab430f 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -23,7 +23,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.165.1 +Version: 2.167.0 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -112,6 +112,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Aug 26 2021 RH Container Bot - 2:2.167.0-1 +- autobuilt v2.167.0 + * Wed Aug 25 2021 RH Container Bot - 2:2.165.1-1 - autobuilt v2.165.1 From c287dbae6fd486e90e51151eeeba665b2a9efb91 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 10 Sep 2021 09:33:17 -0400 Subject: [PATCH 268/381] container-selinux-2:2.167.0-2 - use upstream tag instead of commits, fix autobuild macros Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 16 +++++++++------- sources | 2 +- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 3651e6b..370aeb0 100644 --- a/.gitignore +++ b/.gitignore @@ -165,3 +165,4 @@ /container-selinux-61b862a.tar.gz /container-selinux-99b40c5.tar.gz /container-selinux-563ba3f.tar.gz +/v2.167.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 7ab430f..6836025 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,12 +2,11 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global commit0 563ba3f2693f98de5e79a7fbf5889222ab9a454a -%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag -# to decide whether to autobuild (non-rawhide only) -%define built_tag v2.164.1 +# to decide whether to autobuild +%global built_tag v2.167.0 +%global built_tag_strip %(b=%{built_tag}; echo ${b:1}) # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -24,11 +23,11 @@ Name: container-selinux Epoch: 2 Version: 2.167.0 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes -Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +Source0: %{git0}/archive/%{built_tag}.tar.gz BuildArch: noarch BuildRequires: make BuildRequires: git-core @@ -50,7 +49,7 @@ Provides: docker-selinux = %{?epoch:%{epoch}:}%{version}-%{release} SELinux policy modules for use with container runtimes. %prep -%autosetup -Sgit -n %{name}-%{commit0} +%autosetup -Sgit -n %{name}-%{built_tag_strip} %build make @@ -112,6 +111,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Sep 10 2021 Lokesh Mandvekar - 2:2.167.0-2 +- use upstream tag instead of commits, fix autobuild macros + * Thu Aug 26 2021 RH Container Bot - 2:2.167.0-1 - autobuilt v2.167.0 diff --git a/sources b/sources index f738a28..45d2aa8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-563ba3f.tar.gz) = fdafd3ca1094fb009893e664a2c59b81b7b95ba796ea7e960c0c2def45a0ed229f4dece63cd87faf14e6c1094848614633b322526bb2625c5df6df6abb568a50 +SHA512 (v2.167.0.tar.gz) = c46ca4ff144a976362d05cd02809b9eed95c3514a9fe7a57cbec65ec0cb42fb300f4a086981e2917f2b236f34b9754130f4e5f3c4f137b0d65ff8e85c4e0ba73 From f9aa97e6da5179015572647e79ec439b81b2bf6c Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 13 Sep 2021 18:02:56 +0000 Subject: [PATCH 269/381] container-selinux-2:2.168.0-1 autobuilt v2.168.0 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 370aeb0..894bfad 100644 --- a/.gitignore +++ b/.gitignore @@ -166,3 +166,4 @@ /container-selinux-99b40c5.tar.gz /container-selinux-563ba3f.tar.gz /v2.167.0.tar.gz +/v2.168.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 6836025..a0a8643 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.167.0 +%global built_tag v2.168.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -22,8 +22,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.167.0 -Release: 2%{?dist} +Version: 2.168.0 +Release: 1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -111,6 +111,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Sep 13 2021 RH Container Bot - 2:2.168.0-1 +- autobuilt v2.168.0 + * Fri Sep 10 2021 Lokesh Mandvekar - 2:2.167.0-2 - use upstream tag instead of commits, fix autobuild macros diff --git a/sources b/sources index 45d2aa8..48caae7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.167.0.tar.gz) = c46ca4ff144a976362d05cd02809b9eed95c3514a9fe7a57cbec65ec0cb42fb300f4a086981e2917f2b236f34b9754130f4e5f3c4f137b0d65ff8e85c4e0ba73 +SHA512 (v2.168.0.tar.gz) = c66a71802c8f65cb253d51067408c6d8d6dc853ca7e1874e073c517d9a74acad85e7605bda4ce7b397278ab3734b3c1617b0fa6d8cb36e94ba67d6d6803f587b From c1c245c063e0b5140238b96abd1bf8d2a8b1f039 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Tue, 14 Sep 2021 16:11:28 +0200 Subject: [PATCH 270/381] Start shipping udica policy templates Signed-off-by: Vit Mojzis --- container-selinux.spec | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index a0a8643..65a4cfc 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -23,7 +23,7 @@ Name: container-selinux Epoch: 2 Version: 2.168.0 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -44,6 +44,7 @@ Requires(post): sed Obsoletes: %{name} <= 2:1.12.5-13 Obsoletes: docker-selinux <= 2:1.12.4-28 Provides: docker-selinux = %{?epoch:%{epoch}:}%{version}-%{release} +Conflicts: udica < 0.2.6-1 %description SELinux policy modules for use with container runtimes. @@ -63,6 +64,8 @@ install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/ser install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages install -d %{buildroot}/%{_datadir}/containers/selinux install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts +install -d %{buildroot}%{_datadir}/udica/templates +install -m 0644 udica-templates/*.cil %{buildroot}%{_datadir}/udica/templates %check @@ -99,6 +102,8 @@ fi %{_datadir}/selinux/* %dir %{_datadir}/containers/selinux %{_datadir}/containers/selinux/contexts +%dir %{_datadir}/udica/templates/ +%{_datadir}/udica/templates/* # Currently shipped in selinux-policy-doc #%%{_datadir}/man/man8/container_selinux.8.gz @@ -111,6 +116,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Sep 14 2021 Vit Mojzis - 2:2.168.0-2 +- Start shipping udica templates + * Mon Sep 13 2021 RH Container Bot - 2:2.168.0-1 - autobuilt v2.168.0 From 04f47a764a81868e1038f2327e608a8e9796b1b7 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 24 Sep 2021 21:04:32 +0000 Subject: [PATCH 271/381] container-selinux-2:2.169.0-1 autobuilt v2.169.0 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 894bfad..48c7bf3 100644 --- a/.gitignore +++ b/.gitignore @@ -167,3 +167,4 @@ /container-selinux-563ba3f.tar.gz /v2.167.0.tar.gz /v2.168.0.tar.gz +/v2.169.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 65a4cfc..bb6a75a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.168.0 +%global built_tag v2.169.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -22,8 +22,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.168.0 -Release: 2%{?dist} +Version: 2.169.0 +Release: 1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -116,6 +116,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Sep 24 2021 RH Container Bot - 2:2.169.0-1 +- autobuilt v2.169.0 + * Tue Sep 14 2021 Vit Mojzis - 2:2.168.0-2 - Start shipping udica templates diff --git a/sources b/sources index 48caae7..8c1fa76 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.168.0.tar.gz) = c66a71802c8f65cb253d51067408c6d8d6dc853ca7e1874e073c517d9a74acad85e7605bda4ce7b397278ab3734b3c1617b0fa6d8cb36e94ba67d6d6803f587b +SHA512 (v2.169.0.tar.gz) = a0beec62004c94f9eb6279e385ab41143a691dd21849cdd31bd6e2a3f45cb28714f56fe1186b5ddb0b114148e1e63387d0eeff331691adc8e745ba803a96d73c From 156b58ad36077d57ab802e8bfa147c4b3a9e8498 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 5 Oct 2021 19:47:48 +0000 Subject: [PATCH 272/381] container-selinux-2:2.170.0-1 autobuilt v2.170.0 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 48c7bf3..a3b6d41 100644 --- a/.gitignore +++ b/.gitignore @@ -168,3 +168,4 @@ /v2.167.0.tar.gz /v2.168.0.tar.gz /v2.169.0.tar.gz +/v2.170.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index bb6a75a..813d781 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.169.0 +%global built_tag v2.170.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -22,7 +22,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.169.0 +Version: 2.170.0 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -116,6 +116,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Oct 05 2021 RH Container Bot - 2:2.170.0-1 +- autobuilt v2.170.0 + * Fri Sep 24 2021 RH Container Bot - 2:2.169.0-1 - autobuilt v2.169.0 diff --git a/sources b/sources index 8c1fa76..80360b8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.169.0.tar.gz) = a0beec62004c94f9eb6279e385ab41143a691dd21849cdd31bd6e2a3f45cb28714f56fe1186b5ddb0b114148e1e63387d0eeff331691adc8e745ba803a96d73c +SHA512 (v2.170.0.tar.gz) = 416faa66c192764326a8b7b8f695aa5b0b82603c366f8b0bc53387c75bfaa50535103229eccfb1c2273aebeb8d08255ef18ba5cc9b10cc738baf5b216b883705 From cb5c675153472cdd75485600168e45c1d04b798b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 15 Oct 2021 14:52:35 -0400 Subject: [PATCH 273/381] Add conflicts k3s-selinux <= 0.4-1 to force upgrade --- container-selinux.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 813d781..cdee5a3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -23,7 +23,7 @@ Name: container-selinux Epoch: 2 Version: 2.170.0 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -45,6 +45,7 @@ Obsoletes: %{name} <= 2:1.12.5-13 Obsoletes: docker-selinux <= 2:1.12.4-28 Provides: docker-selinux = %{?epoch:%{epoch}:}%{version}-%{release} Conflicts: udica < 0.2.6-1 +Conflicts: k3s-selinux <= 0.4-1 %description SELinux policy modules for use with container runtimes. @@ -116,6 +117,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Fri Oct 15 2021 Dan Walsh - 2:2.170.0-2 +- Add conflicts k3s-selinux <= 0.4-1 to force upgrade + * Tue Oct 05 2021 RH Container Bot - 2:2.170.0-1 - autobuilt v2.170.0 From fd5c0b5da2ce5216c724c254fd1ed5b36ca9a5e4 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 10 Nov 2021 23:03:48 +0000 Subject: [PATCH 274/381] container-selinux-2:2.171.0-1 autobuilt v2.171.0 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index a3b6d41..861b672 100644 --- a/.gitignore +++ b/.gitignore @@ -169,3 +169,4 @@ /v2.168.0.tar.gz /v2.169.0.tar.gz /v2.170.0.tar.gz +/v2.171.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index cdee5a3..ab410f5 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.170.0 +%global built_tag v2.171.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -22,8 +22,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.170.0 -Release: 2%{?dist} +Version: 2.171.0 +Release: 1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -117,6 +117,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Nov 10 2021 RH Container Bot - 2:2.171.0-1 +- autobuilt v2.171.0 + * Fri Oct 15 2021 Dan Walsh - 2:2.170.0-2 - Add conflicts k3s-selinux <= 0.4-1 to force upgrade diff --git a/sources b/sources index 80360b8..90a0f9a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.170.0.tar.gz) = 416faa66c192764326a8b7b8f695aa5b0b82603c366f8b0bc53387c75bfaa50535103229eccfb1c2273aebeb8d08255ef18ba5cc9b10cc738baf5b216b883705 +SHA512 (v2.171.0.tar.gz) = c701ab7d4f60d9f243cc3e93880cc34d8160a889cba9f331338e9544edb69f389983cf3572136d904a69201fa4b2bee1eb379626cb84a04d59771318b223413e From 8bae2f2e518c1c85afd7a30ab59888cdfe0faf56 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 22 Nov 2021 23:03:22 +0000 Subject: [PATCH 275/381] container-selinux-2:2.172.0-1 autobuilt v2.172.0 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 861b672..c2cc683 100644 --- a/.gitignore +++ b/.gitignore @@ -170,3 +170,4 @@ /v2.169.0.tar.gz /v2.170.0.tar.gz /v2.171.0.tar.gz +/v2.172.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index ab410f5..ba2b7d4 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.171.0 +%global built_tag v2.172.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -22,7 +22,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.171.0 +Version: 2.172.0 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Mon Nov 22 2021 RH Container Bot - 2:2.172.0-1 +- autobuilt v2.172.0 + * Wed Nov 10 2021 RH Container Bot - 2:2.171.0-1 - autobuilt v2.171.0 diff --git a/sources b/sources index 90a0f9a..b72d59c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.171.0.tar.gz) = c701ab7d4f60d9f243cc3e93880cc34d8160a889cba9f331338e9544edb69f389983cf3572136d904a69201fa4b2bee1eb379626cb84a04d59771318b223413e +SHA512 (v2.172.0.tar.gz) = 5e61d0eefdb062ca15fedac72a5acd44ce7975e3ef070a6fac65ab38b6d052692c5f7e63fcdd73ed0b5293d6674dda52816a8037758a89f81a749e3b51b43370 From a57b6ae9954dbf66f2e711874fac09edf11f4946 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 6 Jan 2022 21:03:59 +0000 Subject: [PATCH 276/381] container-selinux-2:2.172.1-1 autobuilt v2.172.1 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index c2cc683..f2c03e1 100644 --- a/.gitignore +++ b/.gitignore @@ -171,3 +171,4 @@ /v2.170.0.tar.gz /v2.171.0.tar.gz /v2.172.0.tar.gz +/v2.172.1.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index ba2b7d4..f7134c7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.172.0 +%global built_tag v2.172.1 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -22,7 +22,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.172.0 +Version: 2.172.1 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Thu Jan 06 2022 RH Container Bot - 2:2.172.1-1 +- autobuilt v2.172.1 + * Mon Nov 22 2021 RH Container Bot - 2:2.172.0-1 - autobuilt v2.172.0 diff --git a/sources b/sources index b72d59c..936de72 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.172.0.tar.gz) = 5e61d0eefdb062ca15fedac72a5acd44ce7975e3ef070a6fac65ab38b6d052692c5f7e63fcdd73ed0b5293d6674dda52816a8037758a89f81a749e3b51b43370 +SHA512 (v2.172.1.tar.gz) = 96578d02fd15b41d7c1da400871b0b861d6091b7d04acb546e2856cf7da6abefaf847b8579c05af5fca1f10501f6ab6c0ce0baab0bb6b7afd7939e3f3ed8a339 From 237d59707cb47f3da2c3ae314cb4116453c2b61f Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 11 Jan 2022 12:04:22 +0000 Subject: [PATCH 277/381] container-selinux-2:2.173.0-1 autobuilt v2.173.0 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index f2c03e1..97011da 100644 --- a/.gitignore +++ b/.gitignore @@ -172,3 +172,4 @@ /v2.171.0.tar.gz /v2.172.0.tar.gz /v2.172.1.tar.gz +/v2.173.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index f7134c7..890bf32 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.172.1 +%global built_tag v2.173.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -22,7 +22,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.172.1 +Version: 2.173.0 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Jan 11 2022 RH Container Bot - 2:2.173.0-1 +- autobuilt v2.173.0 + * Thu Jan 06 2022 RH Container Bot - 2:2.172.1-1 - autobuilt v2.172.1 diff --git a/sources b/sources index 936de72..b87132f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.172.1.tar.gz) = 96578d02fd15b41d7c1da400871b0b861d6091b7d04acb546e2856cf7da6abefaf847b8579c05af5fca1f10501f6ab6c0ce0baab0bb6b7afd7939e3f3ed8a339 +SHA512 (v2.173.0.tar.gz) = e77836306ceb6b5b2f350cbc18f4c79a7d8b368ec84955bac2f1e3bedc4903b5a5dfd23bdb7289f2bdca177736d02897ed4700654387a76ff77a623d3386d104 From 258efbfe5ef399dca7fb36bff91fc5d0a4e32885 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 18 Jan 2022 16:04:46 +0000 Subject: [PATCH 278/381] container-selinux-2:2.173.1-1 autobuilt v2.173.1 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 97011da..e6f8dd4 100644 --- a/.gitignore +++ b/.gitignore @@ -173,3 +173,4 @@ /v2.172.0.tar.gz /v2.172.1.tar.gz /v2.173.0.tar.gz +/v2.173.1.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 890bf32..66cd599 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.173.0 +%global built_tag v2.173.1 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -22,7 +22,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.173.0 +Version: 2.173.1 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -117,6 +117,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Tue Jan 18 2022 RH Container Bot - 2:2.173.1-1 +- autobuilt v2.173.1 + * Tue Jan 11 2022 RH Container Bot - 2:2.173.0-1 - autobuilt v2.173.0 diff --git a/sources b/sources index b87132f..90fae30 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.173.0.tar.gz) = e77836306ceb6b5b2f350cbc18f4c79a7d8b368ec84955bac2f1e3bedc4903b5a5dfd23bdb7289f2bdca177736d02897ed4700654387a76ff77a623d3386d104 +SHA512 (v2.173.1.tar.gz) = 0dce3af485b404ba4d29b3c5e23c1fe9d230722c1f3e3317cf1b8de21c0663deae3863852b61e6e08d3b62764dde93d5dfc99d3a86c73038ab6e0297b057261d From 9d04c64d6db924eb69864ea09f57a90447f82360 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jan 2022 23:47:20 +0000 Subject: [PATCH 279/381] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- container-selinux.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 66cd599..dc2f5a5 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -23,7 +23,7 @@ Name: container-selinux Epoch: 2 Version: 2.173.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -117,6 +117,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Jan 19 2022 Fedora Release Engineering - 2:2.173.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Tue Jan 18 2022 RH Container Bot - 2:2.173.1-1 - autobuilt v2.173.1 From 115c590de04d97cf00117d1fef8bca3f7f300e22 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 26 Jan 2022 19:03:43 +0000 Subject: [PATCH 280/381] container-selinux-2:2.173.2-1 autobuilt v2.173.2 Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index e6f8dd4..d2a4f69 100644 --- a/.gitignore +++ b/.gitignore @@ -174,3 +174,4 @@ /v2.172.1.tar.gz /v2.173.0.tar.gz /v2.173.1.tar.gz +/v2.173.2.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index dc2f5a5..27f4917 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.173.1 +%global built_tag v2.173.2 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -22,8 +22,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.173.1 -Release: 2%{?dist} +Version: 2.173.2 +Release: 1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -117,6 +117,9 @@ fi # Hooked up to autobuilder, please check with @lsm5 before updating %changelog +* Wed Jan 26 2022 RH Container Bot - 2:2.173.2-1 +- autobuilt v2.173.2 + * Wed Jan 19 2022 Fedora Release Engineering - 2:2.173.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild diff --git a/sources b/sources index 90fae30..51ccb3e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.173.1.tar.gz) = 0dce3af485b404ba4d29b3c5e23c1fe9d230722c1f3e3317cf1b8de21c0663deae3863852b61e6e08d3b62764dde93d5dfc99d3a86c73038ab6e0297b057261d +SHA512 (v2.173.2.tar.gz) = a6e9201b26eb1cc06bced40a7919374d8c706a27c7bcc5281a62c1206868469fce0cb967e581dd8ecfe455ed0a2f51fdb656fdd1214ecf29b19e734e5a30dc67 From 6e8d3c1e6786f717a55c955201096890fe1ff4de Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 27 Jan 2022 13:37:46 -0500 Subject: [PATCH 281/381] switch to autospec Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 813 +---------------------------------------- 1 file changed, 4 insertions(+), 809 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 27f4917..0ebc554 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -7,6 +7,7 @@ # to decide whether to autobuild %global built_tag v2.173.2 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) +%global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -22,8 +23,8 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.173.2 -Release: 1%{?dist} +Version: %{gen_version} +Release: %autorelease License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -115,811 +116,5 @@ if %{_sbindir}/selinuxenabled ; then fi -# Hooked up to autobuilder, please check with @lsm5 before updating %changelog -* Wed Jan 26 2022 RH Container Bot - 2:2.173.2-1 -- autobuilt v2.173.2 - -* Wed Jan 19 2022 Fedora Release Engineering - 2:2.173.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Tue Jan 18 2022 RH Container Bot - 2:2.173.1-1 -- autobuilt v2.173.1 - -* Tue Jan 11 2022 RH Container Bot - 2:2.173.0-1 -- autobuilt v2.173.0 - -* Thu Jan 06 2022 RH Container Bot - 2:2.172.1-1 -- autobuilt v2.172.1 - -* Mon Nov 22 2021 RH Container Bot - 2:2.172.0-1 -- autobuilt v2.172.0 - -* Wed Nov 10 2021 RH Container Bot - 2:2.171.0-1 -- autobuilt v2.171.0 - -* Fri Oct 15 2021 Dan Walsh - 2:2.170.0-2 -- Add conflicts k3s-selinux <= 0.4-1 to force upgrade - -* Tue Oct 05 2021 RH Container Bot - 2:2.170.0-1 -- autobuilt v2.170.0 - -* Fri Sep 24 2021 RH Container Bot - 2:2.169.0-1 -- autobuilt v2.169.0 - -* Tue Sep 14 2021 Vit Mojzis - 2:2.168.0-2 -- Start shipping udica templates - -* Mon Sep 13 2021 RH Container Bot - 2:2.168.0-1 -- autobuilt v2.168.0 - -* Fri Sep 10 2021 Lokesh Mandvekar - 2:2.167.0-2 -- use upstream tag instead of commits, fix autobuild macros - -* Thu Aug 26 2021 RH Container Bot - 2:2.167.0-1 -- autobuilt v2.167.0 - -* Wed Aug 25 2021 RH Container Bot - 2:2.165.1-1 -- autobuilt v2.165.1 - -* Wed Aug 04 2021 RH Container Bot - 2:2.164.2-1 -- autobuilt v2.164.2 - -* Wed Jul 21 2021 Fedora Release Engineering - 2:2.164.1-0.dev.git563ba3f.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Mon Jul 19 2021 Dan Walsh - 2:2.164.1-0.dev -- Allow spc_t domains to set bpf rules on any domain - -* Sat Jun 12 2021 RH Container Bot - 2:2.163.0-2.dev.git99b40c5 -- bump to 2.163.0 -- autobuilt 99b40c5 - -* Tue May 25 2021 RH Container Bot - 2:2.162.2-2.dev.git61b862a -- bump to 2.162.2 -- autobuilt 61b862a - -* Mon May 17 2021 Dan Walsh - 2:2.162.1-3.dev.git233e620 -- Fix labels in users homedirs, before overlayfs is supported by default for non root users - -* Sun May 16 2021 RH Container Bot - 2:2.162.1-2.dev.git233e620 -- bump to 2.162.1 -- autobuilt 233e620 - -* Wed May 12 2021 RH Container Bot - 2:2.162.0-2.dev.gitda28288 -- bump to 2.162.0 -- autobuilt da28288 - -* Fri May 07 2021 RH Container Bot - 2:2.161.1-2.dev.gite1092cd -- bump to 2.161.1 -- autobuilt e1092cd - -* Tue Apr 20 2021 RH Container Bot - 2:2.160.0-3.dev.git5a60716 -- autobuilt 5a60716 - -* Wed Mar 31 2021 Lokesh Mandvekar - 2:2.160.0-2.dev.gitc9f0cb6 -- bump to v2.160.0 - -* Mon Mar 29 2021 RH Container Bot - 2:2.159.0-2.dev.gitd89a599 -- bump to 2.159.0 -- autobuilt d89a599 - -* Wed Feb 17 2021 Dan Walsh - 2:2.158.0-5.dev.gite78ac4f -- Rebuilt to use latest selinux-policy interfaces - -* Tue Feb 16 2021 RH Container Bot - 2:2.158.0-4.dev.gite78ac4f -- autobuilt e78ac4f - -* Fri Feb 12 2021 RH Container Bot - 2:2.158.0-3.dev.gitaeb85c4 -- autobuilt aeb85c4 - -* Thu Feb 11 2021 RH Container Bot - 2:2.158.0-2.dev.giteb6dad0 -- bump to 2.158.0 -- autobuilt eb6dad0 - -* Mon Feb 08 2021 RH Container Bot - 2:2.157.0-3.dev.git6d13bf9 -- autobuilt 6d13bf9 - -* Tue Feb 02 2021 RH Container Bot - 2:2.157.0-2.dev.gitf330e81 -- bump to 2.157.0 -- autobuilt f330e81 - -* Tue Jan 26 2021 Fedora Release Engineering - 2:2.156.0-3.dev.git75f193a -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Fri Jan 15 2021 RH Container Bot - 2:2.156.0-2.dev.git75f193a -- bump to 2.156.0 -- autobuilt 75f193a - -* Tue Jan 5 2021 RH Container Bot - 2:2.155.0-2.dev.git667f0f3 -- bump to 2.155.0 -- autobuilt 667f0f3 - -* Wed Dec 30 2020 RH Container Bot - 2:2.154.0-2.dev.git54e2ac5 -- bump to 2.154.0 -- autobuilt 54e2ac5 - -* Sat Dec 26 2020 RH Container Bot - 2:2.153.0-2.dev.git8573f8d -- bump to 2.153.0 -- autobuilt 8573f8d - -* Tue Dec 22 2020 RH Container Bot - 2:2.152.0-2.dev.git1677bc4 -- bump to 2.152.0 -- autobuilt 1677bc4 - -* Wed Dec 02 2020 Jindrich Novy - 2:2.151.0-4.dev.git5d3c461 -- remove bogus changelog dates emitted by build bot leading to build failure -- Related: #1715412 - -* Wed Dec 02 2020 Jindrich Novy - 2:2.151.0-3.dev.git5d3c461 -- remove %%fedora Epoch conditional -- Related: #1899626 - -* Thu Nov 5 2020 RH Container Bot - 2:2.151.0-2.dev.git5d3c461 -- bump to 2.151.0 -- autobuilt 5d3c461 - -* Fri Oct 23 2020 RH Container Bot - 2:2.150.0-2.dev.git0ef4703 -- bump to 2.150.0 -- autobuilt 0ef4703 - -* Thu Oct 15 2020 RH Container Bot - 2:2.148.0-3.dev.git9b3b66f -- autobuilt 9b3b66f - -* Wed Oct 14 2020 RH Container Bot - 2:2.148.0-2.dev.git3c361a2 -- bump to 2.148.0 -- autobuilt 3c361a2 - -* Mon Oct 12 2020 RH Container Bot - 2:2.147.0-2.dev.git9fb1698 -- bump to 2.147.0 -- autobuilt 9fb1698 - -* Thu Oct 8 2020 RH Container Bot - 2:2.146.0-2.dev.git2908536 -- bump to 2.146.0 -- autobuilt 2908536 - -* Thu Sep 10 2020 RH Container Bot - 2:2.145.0-2.dev.git464e922 -- bump to 2.145.0 -- autobuilt 464e922 - -* Mon Aug 31 2020 Lokesh Mandvekar - 2:2.144.0-5.dev.git5d929d4 -- Resolves: #1797554 - use _selinux_policy_version macro - -* Fri Aug 28 2020 Lokesh Mandvekar - 2:2.144.0-4.dev.git5d929d4 -- Resolves: #1780129 - bump min selinux-policy - -* Thu Aug 13 2020 RH Container Bot - 2:2.144.0-3.dev.git5d929d4 -- autobuilt 5d929d4 - -* Wed Aug 12 2020 RH Container Bot - 2:2.144.0-2.dev.git746ea7a -- bump to 2.144.0 -- autobuilt 746ea7a - -* Wed Aug 05 2020 RH Container Bot - 2:2.143.0-2.dev.gite2d5a9e -- bump to 2.143.0 -- autobuilt e2d5a9e - -* Mon Jul 27 2020 Fedora Release Engineering - 2:2.142.0-3.dev.gitfe6a25c -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Fri Jul 24 2020 RH Container Bot - 2:2.142.0-2.dev.gitfe6a25c -- bump to 2.142.0 -- autobuilt fe6a25c - -* Fri Jul 24 2020 RH Container Bot - 2:2.141.0-2.dev.git2750e78 -- bump to 2.141.0 -- autobuilt 2750e78 - -* Thu Jul 23 2020 Merlin Mathesius - 2:2.140.0-2.dev.git965c7fb -- Cleanup usage of %%{epoch} macro to allow building for ELN - -* Thu Jul 23 2020 RH Container Bot - 2:2.140.0-2.dev.git965c7fb -- bump to 2.140.0 -- autobuilt 965c7fb - -* Sat Jul 18 2020 RH Container Bot - 2:2.139.0-2.dev.git8c26927 -- bump to 2.139.0 -- autobuilt 8c26927 - -* Thu Jul 09 2020 RH Container Bot - 2:2.138.0-2.dev.git9884317 -- bump to 2.138.0 -- autobuilt 9884317 - -* Thu Jun 11 2020 RH Container Bot - 2:2.137.0-2.dev.git6b721da -- bump to 2.137.0 -- autobuilt 6b721da - -* Thu Jun 11 2020 RH Container Bot - 2:2.136.0-2.dev.git441172a -- bump to 2.136.0 -- autobuilt 441172a - -* Fri May 29 2020 RH Container Bot - 2:2.135.0-2.dev.git0d99e89 -- bump to 2.135.0 -- autobuilt 0d99e89 - -* Thu May 28 2020 RH Container Bot - 2:2.134.0-2.dev.gitff26015 -- bump to 2.134.0 -- autobuilt ff26015 - -* Mon May 11 2020 RH Container Bot - 2:2.132.0-3.dev.git0a878bd -- autobuilt 0a878bd - -* Wed Apr 15 2020 RH Container Bot - 2:2.132.0-2.dev.git448dfbf -- bump to 2.132.0 -- autobuilt 448dfbf - -* Thu Apr 09 2020 RH Container Bot - 2:2.131.0-2.dev.git9ce0dac -- bump to 2.131.0 -- autobuilt 9ce0dac - -* Mon Apr 06 2020 RH Container Bot - 2:2.130.0-2.dev.gitfd55ae0 -- bump to 2.130.0 -- autobuilt fd55ae0 - -* Sun Mar 29 2020 RH Container Bot - 2:2.129.0-2.dev.gitf00d1f4 -- bump to 2.129.0 -- autobuilt f00d1f4 - -* Sun Mar 29 2020 RH Container Bot - 2:2.128.0-2.dev.git363646f -- bump to 2.128.0 -- autobuilt 363646f - -* Fri Mar 27 2020 RH Container Bot - 2:2.127.0-2.dev.git6caf15d -- bump to 2.127.0 -- autobuilt 6caf15d - -* Thu Mar 26 2020 Dan Walsh - 2:2.126.0-2.dev.git867a377 -- Install selinux contexts file into /usr/share/containers/selinux/contexts - -* Thu Mar 26 2020 RH Container Bot - 2:2.126.0-2.dev.git867a377 -- bump to 2.126.0 -- autobuilt 867a377 - -* Mon Mar 23 2020 Lokesh Mandvekar - 2:2.125.2-2.dev.gitae0720d -- bump release tag - -* Mon Mar 23 2020 Dan Walsh - 2:2.125.2-1.dev.gitae0720d -- Install container_contexts file - -* Mon Mar 23 2020 RH Container Bot - 2:2.125.0-3.1.dev.gitfde876b -- autobuilt fde876b - -* Mon Mar 23 2020 Lokesh Mandvekar - 2:2.125.0-2.1.dev.gitb321ea4 -- bump release tag for smooth upgrade path - -* Fri Mar 20 2020 RH Container Bot - 2:2.125.0-0.1.dev.gitb321ea4 -- bump to 2.125.0 -- autobuilt b321ea4 - -* Tue Feb 11 2020 Lokesh Mandvekar - 2:2.124.0-4.dev.git5624558 -- keep functional upgrade path from f31 - -* Tue Feb 11 2020 RH Container Bot - 2:2.124.0-0.4.dev.git5624558 -- autobuilt 5624558 - -* Tue Jan 28 2020 Fedora Release Engineering - 2:2.124.0-0.3.dev.gitf958d0c -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Fri Jan 03 2020 Jindrich Novy - 2:2.124.0-0.2.dev.gitf958d0c -- use more current selinux policy version - -* Wed Dec 11 2019 RH Container Bot - 2:2.124.0-0.1.dev.gitf958d0c -- bump to 2.124.0 -- autobuilt f958d0c - -* Mon Dec 09 2019 Lokesh Mandvekar - 2:2.123.0-0.4.dev.git0b25a4a -- run selinux_relabel_pre - -* Fri Nov 29 2019 RH Container Bot - 2:2.123.0-0.3.dev.git0b25a4a -- autobuilt 0b25a4a - -* Fri Nov 29 2019 Dan Walsh - 2:2.123.0-0.2.dev.git661a904 -- Use selinux macros in post install scripts - -* Mon Nov 25 2019 RH Container Bot - 2:2.123.0-0.1.dev.git661a904 -- bump to 2.123.0 -- autobuilt 661a904 - -* Fri Nov 22 2019 RH Container Bot - 2:2.122.0-0.1.dev.git4560dd4 -- bump to 2.122.0 -- autobuilt 4560dd4 - -* Tue Nov 19 2019 RH Container Bot - 2:2.120.1-0.2.dev.gita233788 -- autobuilt a233788 - -* Wed Nov 06 2019 RH Container Bot - 2:2.120.1-0.1.dev.git6fb6dcf -- bump to 2.120.1 -- autobuilt 6fb6dcf - -* Sun Oct 27 2019 RH Container Bot - 2:2.119.1-0.1.dev.git2ecb2a8 -- bump to 2.119.1 -- autobuilt 2ecb2a8 - -* Thu Oct 24 2019 RH Container Bot - 2:2.119.0-0.1.dev.gitb383f07 -- bump to 2.119.0 -- autobuilt b383f07 - -* Fri Oct 11 2019 RH Container Bot - 2:2.118.0-0.1.dev.git79bdcb5 -- bump to 2.118.0 -- autobuilt 79bdcb5 - -* Fri Sep 20 2019 Lokesh Mandvekar (Bot) - 2:2.117.0-0.1.dev.gitbfde70a -- bump to 2.117.0 -- autobuilt bfde70a - -* Thu Sep 05 2019 Lokesh Mandvekar (Bot) - 2:2.116.0-0.1.dev.gitc5ef5ac -- bump to 2.116.0 -- autobuilt c5ef5ac - -* Wed Aug 21 2019 Lokesh Mandvekar (Bot) - 2:2.115.0-0.1.dev.gitfddfbbb -- bump to 2.115.0 -- autobuilt fddfbbb - -* Mon Aug 19 2019 Lokesh Mandvekar (Bot) - 2:2.114.0-0.1.dev.git028ab00 -- bump to 2.114.0 -- autobuilt 028ab00 - -* Fri Aug 9 2019 Dan Walsh - 2.113-1 -- Allow containers to name_bind to rawip_sockets. - -* Thu Aug 8 2019 Dan Walsh - 2.112-1 -- Allow containers to use fusefs_t entrypoint -- Dontaudit attempts to setattr on devicenodes. - -* Wed Jul 24 2019 Fedora Release Engineering - 2:2.111.0-3.1.dev.git9a75deb -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Thu Jul 18 2019 Lokesh Mandvekar (Bot) - 2:2.111.0-2.1.dev.git9a75deb -- bump to 2.111.0 -- autobuilt 9a75deb - -* Wed Jul 10 2019 Lokesh Mandvekar - 2.110.0-1.1.dev.git544d71f -- bump to v2.110.0 -- hook up to autobuild - -* Mon Jul 8 2019 Dan Walsh - 2.109-1 -- Allow containers to accept connections on all socket types -- Allow containers to connect to gssproxy stream sockets if added to container - -* Fri Jun 14 2019 Dan Walsh - 2.107-1 -- Allow containers to manipulate Onload files. - -* Tue Jun 11 2019 Dan Walsh - 2.106-1 -- Allow all unconfined domains to manage unlabeled keyrings -- Add labeling for kubernetes pods - -* Mon Jun 3 2019 Dan Walsh - 2.104-1 -- Set proper labeling for container volumes in SilverBlue - -* Fri May 17 2019 Dan Walsh - 2.103-1 -- Set proper labeling for container volumes - -* Sun May 12 2019 Dan Walsh - 2.102-1 -- Allow all container domains to be entered from container_file_t - -* Fri May 3 2019 Dan Walsh - 2.101-1 -- Allow containers to read rpm cache and rpm databse - -* Tue Apr 23 2019 Dan Walsh - 2.100-1 -- Allow containers running as spc_t to create unlabeled_t kernel keyrings - -* Mon Apr 22 2019 Dan Walsh - 2.99-1 -- Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. - -* Mon Apr 15 2019 Dan Walsh - 2.98-1 -- Allow iptables to append to container_file_t - -* Fri Apr 12 2019 Dan Walsh - 2.97-1 -- Allow containers to read/write sysctl_kernel_ns_last_pid_t -- Allow containers to manage fusefs sockets and named pipes - -* Thu Apr 4 2019 Dan Walsh - 2.96-1 -- Allow containers to read/write sysctl_kernel_ns_last_pid_t - -* Mon Apr 1 2019 Dan Walsh - 2.95-1 -- Allow containers to create fusefs sockets and named pipes - -* Thu Mar 28 2019 Dan Walsh - 2.94-1 -- Allow init_t to manage container content -- Allow container domains to create fifo_files on fusefs file systems -- Add boolean to allow containers to use ceph file systems - -* Tue Mar 26 2019 Dan Walsh - 2.91-1 -- Allow container runtimes to create unlabeled keyrings - -* Wed Mar 20 2019 Dan Walsh - 2.90-1 -- Allow containers to mount and umount fuse file systems. This will allow us -- to use buidlah within a user namespace separated container. - -* Sat Mar 9 2019 Dan Walsh - 2.89-1 -- Allow all container domains to have container file types entrypoint -- Add new release to fix issues with udica -- Allow container_runtime_t to dyntransition to container domains - -* Sat Mar 09 2019 Lokesh Mandvekar (Bot) - 2:2.89-5.git2521d0d -- bump to 2.89 -- autobuilt 2521d0d - -* Thu Mar 07 2019 Lokesh Mandvekar (Bot) - 2:2.88-4.git5c98b56 -- bump to 2.88 -- autobuilt 5c98b56 - -* Wed Mar 06 2019 Lokesh Mandvekar (Bot) - 2:2.87-3.git2c1a2ab -- autobuilt 2c1a2ab - -* Sat Mar 02 2019 Lokesh Mandvekar (Bot) - 2:2.87-2.git891a85f -- bump to 2.87 -- autobuilt 891a85f - -* Fri Mar 1 2019 Dan Walsh - 2.86-1 -- Allow unconfined user and services to dyntrans to container domains, needed for CRIU -- Allow containers exectue hugetlb files. - -* Thu Feb 28 2019 Dan Walsh - 2.85-1 -- More allow rules to allow containers to run within containers - -* Thu Feb 28 2019 Dan Walsh - 2.84-1 -- More allow rules to allow containers to run within containers - -* Tue Feb 26 2019 Lokesh Mandvekar (Bot) - 2:2.82-2.git5e1f62f -- bump to 2.82 -- autobuilt 5e1f62f - -* Mon Feb 25 2019 Dan Walsh - 2.83-1 -- Allow containers to mounton cgroup and container_file_t - -* Sun Feb 10 2019 Dan Walsh - 2.82-1.nightly.git5e1f62f -- Allow confined users to use containers - -* Fri Feb 08 2019 Lokesh Mandvekar (Bot) - 2:2.80-3.git21c2be6 -- bump to 2.80 -- autobuilt 21c2be6 - -* Thu Feb 7 2019 Dan Walsh - 2.81-1 -- Add new labels for paths for containerd - -* Thu Jan 31 2019 Fedora Release Engineering - 2:2.80-2.git1b655d9 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Tue Jan 22 2019 Dan Walsh - 2.80-1.nightly.git21c2be6 -- Don't allow containers to talk to contianer runtime sockets - -* Fri Jan 11 2019 Dan Walsh - 2.79-1 -- Fix labeling on /var/lib/registries - -* Thu Jan 10 2019 Dan Walsh - 2.78-1 -- Fix labeling for images in docker daemon user namespace - -* Mon Dec 17 2018 Dan Walsh - 2.77-1 -- Allow container-runtime to setattr on fifo_file handed into container runtime. - -* Tue Nov 13 2018 Lokesh Mandvekar (Bot) - 2:2.752.75-1.dev.git99e2cfd1 -- bump to 2.75 -- autobuilt 99e2cfd - -* Mon Nov 12 2018 Dan Walsh - 2.76-1 -- Allow containers to sendto dgram socket of container runtimes -- Needed to run container runtimes in notify socket unit files. - -* Tue Oct 30 2018 Dan Walsh - 2.75-1.dev.git99e2cfd -- Allow containers to use fuse file systems by default - -* Fri Oct 19 2018 Dan Walsh - 2.74-1 -- Allow containers to setexec themselves - -* Sat Sep 22 2018 Dan Walsh - 2.73-2 -- Remove requires for policycoreutils-python-utils we don't need it. - -* Wed Sep 12 2018 Dan Walsh - 2.73-1 -- Define spc_t as a container_domain, so that container_runtime will transition -to spc_t even when setup with nosuid. - -* Wed Sep 12 2018 Dan Walsh - 2.72-1 -- Allow container_runtimes to setattr on callers fifo_files -github.com/opencontainers/selinux -* Mon Aug 27 2018 Dan Walsh - 2.71-2 -- Fix restorecon to not error on missing directory - -* Wed Aug 22 2018 Dan Walsh - 2.71-1 -- Allow unconfined_r to transition to system_r over container_runtime_exec_t - -* Wed Aug 22 2018 Dan Walsh - 2.70-1 -- Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t - -* Wed Jul 25 2018 Dan Walsh - 2.69-1 -- dontaudit attempts to write to sysctl_kernel_t - -* Wed Jul 18 2018 Lokesh Mandvekar (Bot) - 2:2.68-2.gitc139a3d -- autobuilt c139a3d - -* Mon Jul 16 2018 Dan Walsh - 2.67-1 -- Add label for /var/lib/origin -- Add customizable_file_t to customizable_types - -* Thu Jul 12 2018 Fedora Release Engineering - 2:2.67-3.dev.git042f7cf -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Mon Jul 09 2018 Lokesh Mandvekar (Bot) - 2:2.67-2.git042f7cf -- autobuilt 042f7cf - -* Sat Jul 07 2018 Lokesh Mandvekar (Bot) - 2:2.67-1.git0407867 -- bump to 2.67 -- autobuilt 0407867 - -* Sat Jun 30 2018 Dan Walsh - 2.66-1 -- Allow container runtimes to dbus chat with systemd-resolved - -* Tue Jun 12 2018 Lokesh Mandvekar (Bot) - 2:2.64-1.gitdfaf8fd -- bump to 2.64 -- autobuilt dfaf8fd - -* Mon Jun 11 2018 Dan Walsh - 2.65-1 -- Add new type to handle containers running with a non priv user in a userns -- allow containers to map all sockets - -* Sun Jun 3 2018 Dan Walsh - 2.64-1.gitdfaf8fd -- Allow containers to create all socket classes - -* Wed May 30 2018 Dan Walsh - 2.63-1 -- Allow containers to create icmp packets - -* Fri May 25 2018 Lokesh Mandvekar (Bot) - 2:2.62-1.git1ecf953 -- bump to 2.62 -- autobuilt 1ecf953 - -* Mon May 21 2018 Dan Walsh - 2.61-1 -- Allow spc_t to load kernel modules from inside of container - -* Mon May 21 2018 Dan Walsh - 2.60-1 -- Allow containers to list cgroup directories - -* Mon May 21 2018 Dan Walsh - 2.59-1 -- Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t. - -* Mon May 21 2018 Dan Walsh - 2.58-2 -- Run restorecon /usr/bin/podman in postinstall - -* Fri May 18 2018 Dan Walsh - 2.58-1 -- Add labels to allow podman to be run from a systemd unit file - -* Tue Apr 17 2018 Lokesh Mandvekar (Bot) - 2:2.55-12.gitd248f91 -- autobuilt commit d248f91 - -* Tue Apr 17 2018 Lokesh Mandvekar (Bot) - 2:2.55-11.gitd248f91 -- autobuilt commit d248f91 - -* Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-10.gitd248f91 -- autobuilt commit d248f91 - -* Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-9.gitd248f91 -- autobuilt commit d248f91 - -* Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-8 -- autobuilt commit d248f91 - -* Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-7 -- autobuilt commit d248f91 - -* Mon Apr 16 2018 Lokesh Mandvekar (Bot) - 2:2.55-6 -- autobuilt commit d248f91 - -* Mon Apr 09 2018 Lokesh Mandvekar (Bot) - 2:2.55-5 -- autobuilt commit d248f91 - -* Mon Apr 09 2018 Lokesh Mandvekar (Bot) - 2:2.55-4 -- autobuilt commit d248f91 - -* Mon Apr 09 2018 Lokesh Mandvekar - 2:2.55-3 -- autobuilt commit d248f91 - -* Mon Apr 09 2018 Lokesh Mandvekar - 2:2.55-2 -- autobuilt commit d248f91 - -* Thu Mar 15 2018 Dan Walsh - 2.55-1 -- Dontaudit attempts by containers to write to /proc/self - -* Wed Mar 14 2018 Dan Walsh - 2.54-1 -- Add rules for container domains to make writing custom policy easier -- Allow shell_exec_t as a container_runtime_t entrypoint - -* Thu Mar 8 2018 Dan Walsh - 2.52-1 -- Add rules for container domains to make writing custom policy easier - -* Thu Mar 8 2018 Dan Walsh - 2.51-1 -- Allow shell_exec_t as a container_runtime_t entrypoint - -* Wed Mar 7 2018 Dan Walsh - 2.50-1 -- Allow bin_t as a container_runtime_t entrypoint -- Add rules for running container runtimes on mls - -* Thu Feb 15 2018 Dan Walsh - 2.48-1 -- Allow container domains to map container_file_t directories - -* Sat Feb 10 2018 Dan Walsh - 2.47-1 -- Change default label of /exports to container_var_lib_t - -* Fri Feb 09 2018 Igor Gnatenko - 2:2.46-3 -- Escape macros in %%CHANGELOG - -* Wed Feb 07 2018 Fedora Release Engineering - 2:2.46-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Sat Feb 03 2018 Dan Walsh - 2.46-1 -- Add support for nosuid_transition flags for container_runtime and unconfined domains -* Fri Feb 02 2018 Dan Walsh - 2.45-1 -- Allow containers to sendto their own stream sockets - -* Mon Jan 29 2018 Dan Walsh - 2.44-1 -- Allow container domains to read kernel ipc info - -* Mon Jan 22 2018 Dan Walsh - 2.43-1 -- Allow containers to memory map the fifo_files leaked into container from -container runtimes. - -* Tue Jan 16 2018 Dan Walsh - 2.42-1 -- Allow unconfined domains to transition to container types, when no-new-privs is set. - -* Tue Jan 9 2018 Dan Walsh - 2.41-1 -- Add support to nnp_transition for container domains -- Eliminates need for typebounds. - -* Tue Jan 9 2018 Dan Walsh - 2.40-1 -- Allow container_runtime_t to use user ttys -- Fixes bounds check for container_t - -* Mon Jan 8 2018 Dan Walsh - 2.39-1 -- Allow container runtimes to use interited terminals. This helps -satisfy the bounds check of container_t versus container_runtime_t. - -* Sat Jan 6 2018 Dan Walsh - 2.38-1 -- Allow container runtimes to mmap container_file_t devices -- Add labeling for rhel push plugin - -* Tue Dec 12 2017 Dan Walsh - 2.37-1 -- Allow containers to use inherited ttys -- Allow ostree to handle labels under /var/lib/containers/ostree - -* Mon Nov 27 2017 Dan Walsh - 2.36-1 -- Allow containers to relabelto/from all file types to container_file_t - -* Mon Nov 27 2017 Dan Walsh - 2.35-1 -- Allow container to map chr_files labeled container_file_t - -* Wed Nov 22 2017 Dan Walsh - 2.34-1 -- Dontaudit container processes getattr on kernel file systems - -* Sun Nov 19 2017 Dan Walsh - 2.33-1 -- Allow containers to read /etc/resolv.conf and /etc/hosts if volume -- mounted into container. - -* Wed Nov 8 2017 Dan Walsh - 2.32-1 -- Make sure users creating content in /var/lib with right labels - -* Thu Oct 26 2017 Dan Walsh - 2.31-1 -- Allow the container runtime to dbus chat with dnsmasq -- add dontaudit rules for container trying to write to /proc - -* Tue Oct 10 2017 Dan Walsh - 2.29-1 -- Add support for lxcd -- Add support for labeling of tmpfs storage created within a container. - -* Mon Oct 9 2017 Dan Walsh - 2.28-1 -- Allow a container to umount a container_file_t filesystem - -* Fri Sep 22 2017 Dan Walsh - 2.27-1 -- Allow container runtimes to work with the netfilter sockets -- Allow container_file_t to be an entrypoint for VM's -- Allow spc_t domains to transition to svirt_t - -* Fri Sep 22 2017 Dan Walsh - 2.24-1 -- Make sure container_runtime_t has all access of container_t - -* Thu Sep 7 2017 Dan Walsh - 2.23-1 -- Allow container runtimes to create sockets in tmp dirs - -* Tue Sep 5 2017 Dan Walsh - 2.22-1 -- Add additonal support for crio labeling. - -* Mon Aug 14 2017 Troy Dawson - 2.21-3 -- Fixup spec file conditionals - -* Wed Jul 26 2017 Fedora Release Engineering - 2:2.21-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Thu Jul 6 2017 Dan Walsh - 2.21-1 -- Allow containers to execmod on container_share_t files. - -* Thu Jul 6 2017 Dan Walsh - 2.20-2 -- Relabel runc and crio executables - -* Fri Jun 30 2017 Dan Walsh - 2.20-1 -- Allow container processes to getsession - -* Mon Jun 12 2017 Dan Walsh - 2.19-1 -- Allow containers to create tun sockets - -* Tue Jun 6 2017 Dan Walsh - 2.18-1 -- Fix labeling for CRI-O files in overlay subdirs - -* Mon Jun 5 2017 Dan Walsh - 2.17-1 -- Revert change to run the container_runtime as ranged - -* Thu Jun 1 2017 Dan Walsh - 2.16-1 -- Add default labeling for cri-o in /etc/crio directories - -* Wed May 31 2017 Dan Walsh - 2.15-1 -- Allow container types to read/write container_runtime fifo files -- Allow a container runtime to mount on top of its own /proc - -* Fri May 19 2017 Dan Walsh - 2.14-1 -- Add labels for crio rename -- Break container_t rules out to use a separate container_domain -- Allow containers to be able to set namespaced SYCTLS -- Allow sandbox containers manage fuse files. -- Fixes to make container_runtimes work on MLS machines -- Bump version to allow handling of container_file_t filesystems -- Allow containers to mount, remount and umount container_file_t file systems -- Fixes to handle cap_userns -- Give container_t access to XFRM sockets -- Allow spc_t to dbus chat with init system -- Allow spc_t to dbus chat with init system -- Add rules to allow container runtimes to run with unconfined disabled -- Add rules to support cgroup file systems mounted into container. -- Fix typebounds entrypoint problems -- Fix typebounds problems -- Add typebounds statement for container_t from container_runtime_t -- We should only label runc not runc* - -* Tue Feb 28 2017 Dan Walsh - 2.10-1 -- Add rules to allow container runtimes to run with unconfined disabled -- Add rules to support cgroup file systems mounted into container. - -* Mon Feb 13 2017 Dan Walsh - 2.9-1 -- Add rules to allow container_runtimes to run with unconfined disabled - -* Thu Feb 9 2017 Dan Walsh - 2:8.1-1 -- Allow container_file_t to be stored on cgroup_t file systems - -* Tue Feb 7 2017 Dan Walsh - 2:7.1-1 -- Fix type in container interface file - -* Mon Feb 6 2017 Dan Walsh - 2:6.1-1 -- Fix typebounds entrypoint problems - -* Fri Jan 27 2017 Dan Walsh - 2:5.1-1 -- Fix typebounds problems - -* Thu Jan 19 2017 Dan Walsh - 2:4.1-1 -- Add typebounds statement for container_t from container_runtime_t -- We should only label runc not runc* - -* Tue Jan 17 2017 Dan Walsh - 2:3.1-1 -- Fix labeling on /usr/bin/runc.* -- Add sandbox_net_domain access to container.te -- Remove containers ability to look at /etc content - -* Wed Jan 11 2017 Lokesh Mandvekar - 2:2.2-4 -- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7 - -* Tue Jan 10 2017 Jonathan Lebon - 2:2.2-3 -- properly disable docker module in %%post - -* Sat Jan 07 2017 Lokesh Mandvekar - 2:2.2-2 -- depend on selinux-policy-targeted -- relabel docker-latest* files as well - -* Fri Jan 06 2017 Lokesh Mandvekar - 2:2.2-1 -- bump to v2.2 -- additional labeling for ocid - -* Fri Jan 06 2017 Lokesh Mandvekar - 2:2.0-2 -- install policy at level 200 -- From: Dan Walsh - -* Fri Jan 06 2017 Lokesh Mandvekar - 2:2.0-1 -- Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a -standalone package) -- include projectatomic/RHEL-1.12 branch commit for building on centos/rhel - -* Mon Dec 19 2016 Lokesh Mandvekar - 2:1.12.4-29 -- new package (separated from docker) +%autochangelog From a011a4e035b01245a96b0244d955d9160901b4bd Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 1 Feb 2022 14:49:05 -0500 Subject: [PATCH 282/381] bup to v2.174.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index d2a4f69..48342c0 100644 --- a/.gitignore +++ b/.gitignore @@ -175,3 +175,4 @@ /v2.173.0.tar.gz /v2.173.1.tar.gz /v2.173.2.tar.gz +/v2.174.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 0ebc554..521dd92 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.173.2 +%global built_tag v2.174.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 51ccb3e..b7ae7da 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.173.2.tar.gz) = a6e9201b26eb1cc06bced40a7919374d8c706a27c7bcc5281a62c1206868469fce0cb967e581dd8ecfe455ed0a2f51fdb656fdd1214ecf29b19e734e5a30dc67 +SHA512 (v2.174.0.tar.gz) = d509a7075bd7e0746d80da0f8e160f27777065a6796ffdcdb887e4aa6fd1a7860ce009d523aae47bc2620312fd01b14853bdf35feb916d7aa3d15f2bfe79ff3d From b80cce14077556c12ffaa3691e3f0a26457d1729 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 3 Feb 2022 09:03:25 -0500 Subject: [PATCH 283/381] bump to v2.176.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 48342c0..9beb5d0 100644 --- a/.gitignore +++ b/.gitignore @@ -176,3 +176,4 @@ /v2.173.1.tar.gz /v2.173.2.tar.gz /v2.174.0.tar.gz +/v2.176.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 521dd92..fbd6297 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.174.0 +%global built_tag v2.176.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index b7ae7da..c95da91 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.174.0.tar.gz) = d509a7075bd7e0746d80da0f8e160f27777065a6796ffdcdb887e4aa6fd1a7860ce009d523aae47bc2620312fd01b14853bdf35feb916d7aa3d15f2bfe79ff3d +SHA512 (v2.176.0.tar.gz) = ad6c898da92df66bcd9578466e1d8513ba4e494d2f0c9c1f6ed0dec1426ebb624bb42b094cb7a478d9919c0952cd2e328a50fa58ff1ed2a7a069d9fbb8d4ffb8 From 56575732c2e88425d88f79d11e2c86a7664d1a9d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 7 Feb 2022 10:26:59 -0500 Subject: [PATCH 284/381] local build --- container-selinux.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index fbd6297..7c4edbd 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.176.0 +%global built_tag v2.176.1 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) From 132afee9391e57a43fab7d831d28471fcf51135c Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 7 Feb 2022 10:49:02 -0500 Subject: [PATCH 285/381] Revert "local build" - was just a test This reverts commit 56575732c2e88425d88f79d11e2c86a7664d1a9d. --- container-selinux.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 7c4edbd..fbd6297 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.176.1 +%global built_tag v2.176.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) From 0ec5ff3c754e15f4aa2492e6641db4372be69f73 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 7 Feb 2022 10:50:23 -0500 Subject: [PATCH 286/381] bump for rebuild Signed-off-by: Lokesh Mandvekar From 045c776835d71acad920420c631d0fa2eb890cde Mon Sep 17 00:00:00 2001 From: Ed Santiago Date: Mon, 7 Feb 2022 13:30:31 -0700 Subject: [PATCH 287/381] Use podman in gating tests Nothing complicated, just a very simple 'run' command. Currently fails, which is good, it means this test would have caught today's crisis[1]. Unfortunately it fails with no useful info whatsoever: the test result simply shows ERROR. I'm not sure there's much I can do about this, since podman itself is silent on the failure. (It'd be nice if gating tests at least showed us the exit status). [1] https://github.com/containers/container-selinux/issues/169 Signed-off-by: Ed Santiago --- tests/tests.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/tests.yml b/tests/tests.yml index a5b5b1f..552bdbb 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -6,8 +6,11 @@ required_packages: - policycoreutils - container-selinux + - podman tests: - is-module-installed: run: semodule --list=full | grep container - can-rebuild-policy: run: semodule -B + - can-run-podman: + run: podman run --rm quay.io/libpod/testimage:20210610 cat -v /proc/self/attr/current From 0cbd2b83da671684668c1d401e0a8f66f628a667 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 9 Feb 2022 14:52:17 -0500 Subject: [PATCH 288/381] bump to v2.177.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 9beb5d0..1473557 100644 --- a/.gitignore +++ b/.gitignore @@ -177,3 +177,4 @@ /v2.173.2.tar.gz /v2.174.0.tar.gz /v2.176.0.tar.gz +/v2.177.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index fbd6297..dda358a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.176.0 +%global built_tag v2.177.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index c95da91..48e1533 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.176.0.tar.gz) = ad6c898da92df66bcd9578466e1d8513ba4e494d2f0c9c1f6ed0dec1426ebb624bb42b094cb7a478d9919c0952cd2e328a50fa58ff1ed2a7a069d9fbb8d4ffb8 +SHA512 (v2.177.0.tar.gz) = fd25e01b4f9e78188a08ba190320671ab21eef21a9e85de14584bf61cc62a7dc4433a5663c3366416834a4f79eb4d521793db14ce9b4c3f2a896635d2343ffe2 From fc3b887a982be3646bb662c51345017121d0eaeb Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 11 Feb 2022 14:42:37 -0500 Subject: [PATCH 289/381] bump to v2.178.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 1473557..40e05ae 100644 --- a/.gitignore +++ b/.gitignore @@ -178,3 +178,4 @@ /v2.174.0.tar.gz /v2.176.0.tar.gz /v2.177.0.tar.gz +/v2.178.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index dda358a..8ae3b98 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.177.0 +%global built_tag v2.178.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 48e1533..8961689 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.177.0.tar.gz) = fd25e01b4f9e78188a08ba190320671ab21eef21a9e85de14584bf61cc62a7dc4433a5663c3366416834a4f79eb4d521793db14ce9b4c3f2a896635d2343ffe2 +SHA512 (v2.178.0.tar.gz) = b0916e55c874dcca5db5bd3639dca56120906541045241d3b959305b907bf8713253d11acb5c049ed7a1921acc0286718d0257102d0ceebab68a3673a2873016 From f52aec27061927b7ccd3af2bc36690c05a259a6e Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 1 Mar 2022 10:39:29 -0500 Subject: [PATCH 290/381] bump to v2.179.1 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 40e05ae..31264b8 100644 --- a/.gitignore +++ b/.gitignore @@ -179,3 +179,4 @@ /v2.176.0.tar.gz /v2.177.0.tar.gz /v2.178.0.tar.gz +/v2.179.1.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 8ae3b98..c4643a8 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.178.0 +%global built_tag v2.179.1 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 8961689..a1dab12 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.178.0.tar.gz) = b0916e55c874dcca5db5bd3639dca56120906541045241d3b959305b907bf8713253d11acb5c049ed7a1921acc0286718d0257102d0ceebab68a3673a2873016 +SHA512 (v2.179.1.tar.gz) = 51c14482bd041405557e2bea858ef62565cac6c385f31495addf3d7633f00f3bfe6e9e7de3f35eb8b6e442c80db029320364ba9eebb06b14e6a9a08a2db92049 From 370ad1e8eace12b3987e90c88a5505a091962ef3 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 7 Mar 2022 09:12:48 -0500 Subject: [PATCH 291/381] bump to v2.180.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 31264b8..8ae9b50 100644 --- a/.gitignore +++ b/.gitignore @@ -180,3 +180,4 @@ /v2.177.0.tar.gz /v2.178.0.tar.gz /v2.179.1.tar.gz +/v2.180.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index c4643a8..632ddaf 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.179.1 +%global built_tag v2.180.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index a1dab12..3a519f2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.179.1.tar.gz) = 51c14482bd041405557e2bea858ef62565cac6c385f31495addf3d7633f00f3bfe6e9e7de3f35eb8b6e442c80db029320364ba9eebb06b14e6a9a08a2db92049 +SHA512 (v2.180.0.tar.gz) = 391809480a7a7d9376a0076a427baa6ad5a201bd8aa508f39cc9a1f9f18d341d046642ce1595718744b4aaee8134a58dee0848d53edb9e9fbcf131269dc78d6a From 01159dc8d351e9036684bfee4a7aa5adae3617b5 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 25 Mar 2022 19:02:41 +0000 Subject: [PATCH 292/381] auto bump to v2.181.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 8ae9b50..ad6ae74 100644 --- a/.gitignore +++ b/.gitignore @@ -181,3 +181,4 @@ /v2.178.0.tar.gz /v2.179.1.tar.gz /v2.180.0.tar.gz +/v2.181.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 632ddaf..cfcc499 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.180.0 +%global built_tag v2.181.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 3a519f2..6b70793 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (v2.180.0.tar.gz) = 391809480a7a7d9376a0076a427baa6ad5a201bd8aa508f39cc9a1f9f18d341d046642ce1595718744b4aaee8134a58dee0848d53edb9e9fbcf131269dc78d6a +SHA512 (v2.181.0.tar.gz) = 8d85263599cf66b2d83e510ab75056d425ae5cd9b330c820d053e328575129ccca5320c92f29c8e0310d49b90261755567a28b93ae684f21f49698789ea6bf1b From 71fe6bf23def3095bc972479f76b7c8823f65f55 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 7 Apr 2022 08:53:01 -0400 Subject: [PATCH 293/381] rebuild Signed-off-by: Lokesh Mandvekar From a16983f2a4d5c8b91deeff8c285e22ec3372e587 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 18 Apr 2022 11:03:42 +0000 Subject: [PATCH 294/381] auto bump to v2.183.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index ad6ae74..2a55446 100644 --- a/.gitignore +++ b/.gitignore @@ -182,3 +182,4 @@ /v2.179.1.tar.gz /v2.180.0.tar.gz /v2.181.0.tar.gz +/v2.183.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index cfcc499..acec4ac 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.181.0 +%global built_tag v2.183.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 6b70793..c94c5ea 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ SHA512 (v2.180.0.tar.gz) = 391809480a7a7d9376a0076a427baa6ad5a201bd8aa508f39cc9a1f9f18d341d046642ce1595718744b4aaee8134a58dee0848d53edb9e9fbcf131269dc78d6a SHA512 (v2.181.0.tar.gz) = 8d85263599cf66b2d83e510ab75056d425ae5cd9b330c820d053e328575129ccca5320c92f29c8e0310d49b90261755567a28b93ae684f21f49698789ea6bf1b +SHA512 (v2.183.0.tar.gz) = 688c16ce53c2ba8c65b481eb26fb8517c6c6f89a1ebc268557ec08c76ee4cfde7e861f25deaa28fa89940710399d213b63842fcf059f1d702e7645c82151afbf From 62a54b91e4f15e4a7cbc1d200be59f6010ba0b32 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 21 Apr 2022 14:18:23 -0400 Subject: [PATCH 295/381] remove unwanted file entries from sources Signed-off-by: Lokesh Mandvekar --- sources | 2 -- 1 file changed, 2 deletions(-) diff --git a/sources b/sources index c94c5ea..fdc4e3b 100644 --- a/sources +++ b/sources @@ -1,3 +1 @@ -SHA512 (v2.180.0.tar.gz) = 391809480a7a7d9376a0076a427baa6ad5a201bd8aa508f39cc9a1f9f18d341d046642ce1595718744b4aaee8134a58dee0848d53edb9e9fbcf131269dc78d6a -SHA512 (v2.181.0.tar.gz) = 8d85263599cf66b2d83e510ab75056d425ae5cd9b330c820d053e328575129ccca5320c92f29c8e0310d49b90261755567a28b93ae684f21f49698789ea6bf1b SHA512 (v2.183.0.tar.gz) = 688c16ce53c2ba8c65b481eb26fb8517c6c6f89a1ebc268557ec08c76ee4cfde7e861f25deaa28fa89940710399d213b63842fcf059f1d702e7645c82151afbf From c69b4c3a01d6afe03318d45c1f1935c2a9086443 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 11 May 2022 14:49:44 -0400 Subject: [PATCH 296/381] empty commit for smooth upgrade path Signed-off-by: Lokesh Mandvekar From a0981ae9b5512e651a72356c8972df7d0aba2c8d Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 11 May 2022 14:49:46 -0400 Subject: [PATCH 297/381] empty commit for smooth upgrade path Signed-off-by: Lokesh Mandvekar From 7f88c4f20c6c5fdc0e6b3df123ed31f2cb25869c Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 24 May 2022 15:06:21 +0000 Subject: [PATCH 298/381] auto bump to v2.186.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2a55446..8e72d4a 100644 --- a/.gitignore +++ b/.gitignore @@ -183,3 +183,4 @@ /v2.180.0.tar.gz /v2.181.0.tar.gz /v2.183.0.tar.gz +/v2.186.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index acec4ac..2950b54 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.183.0 +%global built_tag v2.186.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index fdc4e3b..c890fc8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.183.0.tar.gz) = 688c16ce53c2ba8c65b481eb26fb8517c6c6f89a1ebc268557ec08c76ee4cfde7e861f25deaa28fa89940710399d213b63842fcf059f1d702e7645c82151afbf +SHA512 (v2.186.0.tar.gz) = eff1379b550f8dab3294778c51ddec4c626bc766566b4bbbb8875b535530e6efa78cfec22ba26f8b6bb305fb90ec6b072bdb4cf5d32b3e4706daa8b3225dc811 From 49a8b59d8136709b70cd0172892630166c7c79be Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 24 May 2022 17:04:35 +0000 Subject: [PATCH 299/381] auto bump to v2.187.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 8e72d4a..125b3a7 100644 --- a/.gitignore +++ b/.gitignore @@ -184,3 +184,4 @@ /v2.181.0.tar.gz /v2.183.0.tar.gz /v2.186.0.tar.gz +/v2.187.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 2950b54..ab255b3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -5,7 +5,7 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild -%global built_tag v2.186.0 +%global built_tag v2.187.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index c890fc8..d0596da 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.186.0.tar.gz) = eff1379b550f8dab3294778c51ddec4c626bc766566b4bbbb8875b535530e6efa78cfec22ba26f8b6bb305fb90ec6b072bdb4cf5d32b3e4706daa8b3225dc811 +SHA512 (v2.187.0.tar.gz) = a86c32cc83e68d3e84ddbb09afb6415899f3d214b51b37fa46976cd9f7c83a24e164a36ce43aa1e59a3bd93e2734b6ba34c98373a6eecfd1a313bc9a381b3a39 From b25bea1555154dbc48b23e8dfd57fceae5f655e4 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 27 May 2022 13:27:20 -0400 Subject: [PATCH 300/381] update Version field per changes in rpm autobuilder Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index ab255b3..b1d9564 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,11 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -# Used for comparing with latest upstream tag -# to decide whether to autobuild %global built_tag v2.187.0 -%global built_tag_strip %(b=%{built_tag}; echo ${b:1}) -%global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -23,7 +19,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: %{gen_version} +Version: 2.187.0 Release: %autorelease License: GPLv2 URL: %{git0} @@ -52,7 +48,7 @@ Conflicts: k3s-selinux <= 0.4-1 SELinux policy modules for use with container runtimes. %prep -%autosetup -Sgit -n %{name}-%{built_tag_strip} +%autosetup -Sgit %build make @@ -115,6 +111,5 @@ if %{_sbindir}/selinuxenabled ; then %{_sbindir}/restorecon -R /home/*/.local/share/containers/storage/overlay* 2> /dev/null fi - %changelog %autochangelog From 381c043b4682ff12a01601cbf85467a6ac459c6d Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 23 Jun 2022 15:04:11 +0000 Subject: [PATCH 301/381] auto bump to v2.188.0 --- .gitignore | 1 + container-selinux.spec | 4 ++-- sources | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 125b3a7..e08146a 100644 --- a/.gitignore +++ b/.gitignore @@ -185,3 +185,4 @@ /v2.183.0.tar.gz /v2.186.0.tar.gz /v2.187.0.tar.gz +/v2.188.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index b1d9564..77e4b45 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.187.0 +%global built_tag v2.188.0 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -19,7 +19,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.187.0 +Version: 2.188.0 Release: %autorelease License: GPLv2 URL: %{git0} diff --git a/sources b/sources index d0596da..db29ae3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.187.0.tar.gz) = a86c32cc83e68d3e84ddbb09afb6415899f3d214b51b37fa46976cd9f7c83a24e164a36ce43aa1e59a3bd93e2734b6ba34c98373a6eecfd1a313bc9a381b3a39 +SHA512 (v2.188.0.tar.gz) = 1b13275fe90fd15e57a4f72dafe875bcb247171f612ed2899245a3993c9ad25fbd2a7f6813e84a5f8b0473776d4dc11b84e8831f8c9f3eab9bacda525e0f6030 From 9d8732d586a8e2634792669ee8a8a7bf313466c1 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 14 Jul 2022 15:03:02 +0000 Subject: [PATCH 302/381] auto bump to v2.189.0 --- .gitignore | 1 + container-selinux.spec | 4 ++-- sources | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index e08146a..8fd74f4 100644 --- a/.gitignore +++ b/.gitignore @@ -186,3 +186,4 @@ /v2.186.0.tar.gz /v2.187.0.tar.gz /v2.188.0.tar.gz +/v2.189.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 77e4b45..c494d2f 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.188.0 +%global built_tag v2.189.0 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -19,7 +19,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.188.0 +Version: 2.189.0 Release: %autorelease License: GPLv2 URL: %{git0} diff --git a/sources b/sources index db29ae3..9c0a5bd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.188.0.tar.gz) = 1b13275fe90fd15e57a4f72dafe875bcb247171f612ed2899245a3993c9ad25fbd2a7f6813e84a5f8b0473776d4dc11b84e8831f8c9f3eab9bacda525e0f6030 +SHA512 (v2.189.0.tar.gz) = 0c3d1d3c0b53281fbcf08580e0567a3c8fb297b59f9c51424ffd03da38a72f25da129899b6f36bae446bd5653e105cd9a71418e0cdeee5057315a31322e71bdc From a73e6880380992aff9ccdf2c0049b2932519f485 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 20 Jul 2022 23:31:50 +0000 Subject: [PATCH 303/381] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering From 916aae25154fa1e1b5bd20ff2bc4ef528529c6d9 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 17 Aug 2022 14:38:34 -0400 Subject: [PATCH 304/381] Use similar macros as other podman-related packages Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index c494d2f..899f22c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.189.0 +%global built_tag_strip 2.189.0 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -24,7 +24,7 @@ Release: %autorelease License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes -Source0: %{git0}/archive/%{built_tag}.tar.gz +Source0: %{git0}/archive/v%{built_tag_strip}.tar.gz BuildArch: noarch BuildRequires: make BuildRequires: git-core @@ -48,7 +48,7 @@ Conflicts: k3s-selinux <= 0.4-1 SELinux policy modules for use with container runtimes. %prep -%autosetup -Sgit +%autosetup -Sgit %{name}-%{built_tag_strip} %build make From 5d42cc9de253a0db34a457d73502a422504dfa46 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 13 Sep 2022 14:30:22 -0400 Subject: [PATCH 305/381] Bump to v2.190.0 Resolves: #2031022 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 4 ++-- sources | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 8fd74f4..37cec56 100644 --- a/.gitignore +++ b/.gitignore @@ -187,3 +187,4 @@ /v2.187.0.tar.gz /v2.188.0.tar.gz /v2.189.0.tar.gz +/v2.190.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 899f22c..3d5507b 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag_strip 2.189.0 +%global built_tag_strip 2.190.0 # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -19,7 +19,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.189.0 +Version: 2.190.0 Release: %autorelease License: GPLv2 URL: %{git0} diff --git a/sources b/sources index 9c0a5bd..cfee6dc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.189.0.tar.gz) = 0c3d1d3c0b53281fbcf08580e0567a3c8fb297b59f9c51424ffd03da38a72f25da129899b6f36bae446bd5653e105cd9a71418e0cdeee5057315a31322e71bdc +SHA512 (v2.190.0.tar.gz) = 1b3d7fc3124265789d233d83112f7ced804c3f9721f56d2029f22a3c7e53f86c43305e5e84df2e65df756d2f2df5aaa915e9466f68e5c2b4af292311665ea53b From 0c3e157565c4d1571056470caa23fcc53f808907 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 10 Oct 2022 08:43:32 -0400 Subject: [PATCH 306/381] update macros to get version correctly Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 3d5507b..ae76412 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,9 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag_strip 2.190.0 +%global built_tag v2.190.0 +%global built_tag_strip %(b=%{built_tag}; echo ${b:1}) +%global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -19,7 +21,7 @@ # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: 2.190.0 +Version: %{gen_version} Release: %autorelease License: GPLv2 URL: %{git0} From 02261d4f06294ed56be733161cbe3b26916a1fdc Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 28 Oct 2022 14:43:13 +0530 Subject: [PATCH 307/381] bump to v2.190.1 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 37cec56..bb6c0cf 100644 --- a/.gitignore +++ b/.gitignore @@ -188,3 +188,4 @@ /v2.188.0.tar.gz /v2.189.0.tar.gz /v2.190.0.tar.gz +/v2.190.1.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index ae76412..e6c9219 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.190.0 +%global built_tag v2.190.1 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index cfee6dc..2bd7609 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.190.0.tar.gz) = 1b3d7fc3124265789d233d83112f7ced804c3f9721f56d2029f22a3c7e53f86c43305e5e84df2e65df756d2f2df5aaa915e9466f68e5c2b4af292311665ea53b +SHA512 (v2.190.1.tar.gz) = 716100b11816527128cd53590fe767fe01e2ab50f100d4b1d5e188b3eaac7023d9f293078428ffc733e9ab3497c56de1abc406d1fe8d23c951b5d39b97d6448b From 54778e261abe61a4b9bb072ac8b02e5baa1a1f91 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 31 Oct 2022 13:55:54 +0530 Subject: [PATCH 308/381] bump to v2.191.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index bb6c0cf..cee0e07 100644 --- a/.gitignore +++ b/.gitignore @@ -189,3 +189,4 @@ /v2.189.0.tar.gz /v2.190.0.tar.gz /v2.190.1.tar.gz +/v2.191.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e6c9219..0169ab7 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.190.1 +%global built_tag v2.191.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 2bd7609..5a4e1f1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.190.1.tar.gz) = 716100b11816527128cd53590fe767fe01e2ab50f100d4b1d5e188b3eaac7023d9f293078428ffc733e9ab3497c56de1abc406d1fe8d23c951b5d39b97d6448b +SHA512 (v2.191.0.tar.gz) = 6bb857245a2aba4e7481e484dc7df8cbb1da46e37c76e912f55bf3a4a1cc858ca1fdbbc7a63c95115d647c92ed74af8b9f67ac919ce47386e17d255939b845eb From 5f23ffaf8e4a75d35e4c4fd839e8941d9c136f0e Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 23 Nov 2022 18:32:48 +0530 Subject: [PATCH 309/381] bump to v2.193.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index cee0e07..2dc3488 100644 --- a/.gitignore +++ b/.gitignore @@ -190,3 +190,4 @@ /v2.190.0.tar.gz /v2.190.1.tar.gz /v2.191.0.tar.gz +/v2.193.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 0169ab7..a3d4218 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.191.0 +%global built_tag v2.193.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 5a4e1f1..56b5aed 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.191.0.tar.gz) = 6bb857245a2aba4e7481e484dc7df8cbb1da46e37c76e912f55bf3a4a1cc858ca1fdbbc7a63c95115d647c92ed74af8b9f67ac919ce47386e17d255939b845eb +SHA512 (v2.193.0.tar.gz) = b245fdd45e8de8701fd387f431fb48ba9c590efa0b5d804413059f8fb6672261fcb6bc3648d54fc30188038711f42239e0687259eb8dd33d17d75c7c24910d4a From dff2564c2c0c34e16c0ede32e929f469b655d99b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 14 Dec 2022 13:39:39 -0500 Subject: [PATCH 310/381] local build --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2dc3488..6de2d1d 100644 --- a/.gitignore +++ b/.gitignore @@ -191,3 +191,4 @@ /v2.190.1.tar.gz /v2.191.0.tar.gz /v2.193.0.tar.gz +/v2.195.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index a3d4218..5269333 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.193.0 +%global built_tag v2.195.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 56b5aed..0895196 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.193.0.tar.gz) = b245fdd45e8de8701fd387f431fb48ba9c590efa0b5d804413059f8fb6672261fcb6bc3648d54fc30188038711f42239e0687259eb8dd33d17d75c7c24910d4a +SHA512 (v2.195.0.tar.gz) = 1e24c8bb9791a705d3ba3830d5529f4c1e30b1a4d6b681d5a2352b3cbede05accbf496c0fa08f067f559a50b37a988530b518364418fad93061cda61b64dd911 From fe4141b17a4221fcbaeea7cf19c0d805b10a5dec Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 15 Dec 2022 05:10:45 -0500 Subject: [PATCH 311/381] local build --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 6de2d1d..944a3ae 100644 --- a/.gitignore +++ b/.gitignore @@ -192,3 +192,4 @@ /v2.191.0.tar.gz /v2.193.0.tar.gz /v2.195.0.tar.gz +/v2.195.1.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 5269333..3128b75 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.195.0 +%global built_tag v2.195.1 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 0895196..d0faf71 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.195.0.tar.gz) = 1e24c8bb9791a705d3ba3830d5529f4c1e30b1a4d6b681d5a2352b3cbede05accbf496c0fa08f067f559a50b37a988530b518364418fad93061cda61b64dd911 +SHA512 (v2.195.1.tar.gz) = 11c3b61cdf274fe36b4aa7b59ffb43664aa4a5e73b3845ca664dbadb9e7b016529053e300c4805546864f1cefd12074363c00b935c5c28500a2f2b9d9bb0376b From 3fa11813c16c17d5fd12249572ee5da023af8b7f Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 4 Jan 2023 17:51:20 +0530 Subject: [PATCH 312/381] bump to v2.197.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 944a3ae..4862469 100644 --- a/.gitignore +++ b/.gitignore @@ -193,3 +193,4 @@ /v2.193.0.tar.gz /v2.195.0.tar.gz /v2.195.1.tar.gz +/v2.197.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 3128b75..fe007d2 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.195.1 +%global built_tag v2.197.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index d0faf71..ef9f434 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.195.1.tar.gz) = 11c3b61cdf274fe36b4aa7b59ffb43664aa4a5e73b3845ca664dbadb9e7b016529053e300c4805546864f1cefd12074363c00b935c5c28500a2f2b9d9bb0376b +SHA512 (v2.197.0.tar.gz) = 2e0ef73206be5193cbd073d8e5a63cd62fc0f22be98fed73e45b424d062588182cfdb34af95d1b152a2626afcbef57443a6a0c248bd0e6d17a730268dc09e2be From 33f8e14356bc2653c33365f2c9252fc5e3074b65 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 6 Jan 2023 20:11:43 +0530 Subject: [PATCH 313/381] bump to v2.198.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 4862469..46109be 100644 --- a/.gitignore +++ b/.gitignore @@ -194,3 +194,4 @@ /v2.195.0.tar.gz /v2.195.1.tar.gz /v2.197.0.tar.gz +/v2.198.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index fe007d2..6f0543c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.197.0 +%global built_tag v2.198.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index ef9f434..8ec4aca 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.197.0.tar.gz) = 2e0ef73206be5193cbd073d8e5a63cd62fc0f22be98fed73e45b424d062588182cfdb34af95d1b152a2626afcbef57443a6a0c248bd0e6d17a730268dc09e2be +SHA512 (v2.198.0.tar.gz) = 33b4cf3a550894e4157098d24784474309dc8e65702bb15d735fa6899d7662d1077067dfed85e045037971cef8c2d3172d93ecd4efedbbdbaf8e56c5e93d8e14 From b8f764bbf56fe0eae93c743efd5c2b4280298fe7 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 19 Jan 2023 00:27:20 +0000 Subject: [PATCH 314/381] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering From 9e01c83a26dbf1f67bfd31da87c38d146f830cf4 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 31 Jan 2023 17:33:18 +0530 Subject: [PATCH 315/381] bump to v2.199.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 46109be..a2cd6e8 100644 --- a/.gitignore +++ b/.gitignore @@ -195,3 +195,4 @@ /v2.195.1.tar.gz /v2.197.0.tar.gz /v2.198.0.tar.gz +/v2.199.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 6f0543c..b11b646 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.198.0 +%global built_tag v2.199.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 8ec4aca..750ae14 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.198.0.tar.gz) = 33b4cf3a550894e4157098d24784474309dc8e65702bb15d735fa6899d7662d1077067dfed85e045037971cef8c2d3172d93ecd4efedbbdbaf8e56c5e93d8e14 +SHA512 (v2.199.0.tar.gz) = 28fd8f66d01fb4398f5df42432dca4c08123cd0cd9196d2f7deb30a095dd777a7285f067a508ec7faa7d1f3a72ae6939891b26d823c7c286586a36fa8a3a4ea2 From 24761d467feaa921c9150be25951d661c4ead1ca Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 8 Feb 2023 18:42:43 +0530 Subject: [PATCH 316/381] bump to v2.200.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 6 +++++- sources | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index a2cd6e8..e860c9e 100644 --- a/.gitignore +++ b/.gitignore @@ -196,3 +196,4 @@ /v2.197.0.tar.gz /v2.198.0.tar.gz /v2.199.0.tar.gz +/v2.200.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index b11b646..f7b71cf 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.199.0 +%global built_tag v2.200.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) @@ -51,6 +51,10 @@ SELinux policy modules for use with container runtimes. %prep %autosetup -Sgit %{name}-%{built_tag_strip} +# https://github.com/containers/container-selinux/issues/203 +%if 0%{?fedora} <= 37 +sed -i '/user_namespace/d' container.te +%endif %build make diff --git a/sources b/sources index 750ae14..c13e8d1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.199.0.tar.gz) = 28fd8f66d01fb4398f5df42432dca4c08123cd0cd9196d2f7deb30a095dd777a7285f067a508ec7faa7d1f3a72ae6939891b26d823c7c286586a36fa8a3a4ea2 +SHA512 (v2.200.0.tar.gz) = a681067e88552831de652dd74412e407b52b941dd769936cb5f9666a53837256d253c15916f1287c68f7c2693694904db42986582fa4a8487102e4332e592a2f From 586b681dfeb00dc68f447c095068ad29845fdce3 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 10 Feb 2023 18:11:29 +0530 Subject: [PATCH 317/381] packit: include _selinux_policy_version for centos 8 for whatever reason centos 8 on copr says undefined macro. Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/container-selinux.spec b/container-selinux.spec index f7b71cf..7bc4b39 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -18,6 +18,10 @@ # Format must contain '$x' somewhere to do anything useful %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; +%if 0%{?centos} == 8 +%global _selinux_policy_version 3.14.3-111.el8 +%endif + # Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 From 5434a9802e2fdc1f939deb07b526cc78bb1ca0ae Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 10 Feb 2023 18:36:41 +0530 Subject: [PATCH 318/381] dummy changelog to make packit centos 8 copr builds happy Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/container-selinux.spec b/container-selinux.spec index 7bc4b39..5d4d07c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -122,4 +122,9 @@ if %{_sbindir}/selinuxenabled ; then fi %changelog +%if 0%{?centos} == 8 +* Fri Feb 10 2023 Lokesh Mandvekar +- Dummy changelog to make packit centos 8 copr builds happy +%else %autochangelog +%endif From 496d853e1c99322482aa83ff3b78dd4ca0eb0b67 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 10 Feb 2023 18:52:46 +0530 Subject: [PATCH 319/381] delete systemd_chat_resolved for centos 8 packit builds Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index 5d4d07c..500ac2b 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -56,10 +56,15 @@ SELinux policy modules for use with container runtimes. %prep %autosetup -Sgit %{name}-%{built_tag_strip} # https://github.com/containers/container-selinux/issues/203 -%if 0%{?fedora} <= 37 +%if 0%{?fedora} <= 37 || 0%{?centos} sed -i '/user_namespace/d' container.te %endif +%if 0%{?centos} == 8 +sed -i '/systemd_chat_resolved/d' container.te +%endif + + %build make From f405e189fc5f1e6f4d553c1689989cec7da0f6b9 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 22 Feb 2023 20:00:53 +0000 Subject: [PATCH 320/381] auto bump to v2.201.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index e860c9e..92e554e 100644 --- a/.gitignore +++ b/.gitignore @@ -197,3 +197,4 @@ /v2.198.0.tar.gz /v2.199.0.tar.gz /v2.200.0.tar.gz +/v2.201.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 500ac2b..56508fd 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.200.0 +%global built_tag v2.201.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index c13e8d1..3bf8fa4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.200.0.tar.gz) = a681067e88552831de652dd74412e407b52b941dd769936cb5f9666a53837256d253c15916f1287c68f7c2693694904db42986582fa4a8487102e4332e592a2f +SHA512 (v2.201.0.tar.gz) = 90e09245ae0252edbf7c43c45de9a6e9fb8ea5b6e382608a29ce8c28736a1c4a8829f19e0f33badf5300af6648f58f545312f7da0be1697192e9df6175b05f77 From 9daecd44a0f5a5ccfee79f1f43d9942aa1337be4 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 3 Mar 2023 01:01:37 +0000 Subject: [PATCH 321/381] auto bump to v2.202.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 92e554e..2d5322f 100644 --- a/.gitignore +++ b/.gitignore @@ -198,3 +198,4 @@ /v2.199.0.tar.gz /v2.200.0.tar.gz /v2.201.0.tar.gz +/v2.202.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 56508fd..b0540ce 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.201.0 +%global built_tag v2.202.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 3bf8fa4..bb3101c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.201.0.tar.gz) = 90e09245ae0252edbf7c43c45de9a6e9fb8ea5b6e382608a29ce8c28736a1c4a8829f19e0f33badf5300af6648f58f545312f7da0be1697192e9df6175b05f77 +SHA512 (v2.202.0.tar.gz) = a68b647261401d8f817bb25f735a3296a025bb08de49ab07db3474a65d3005c3d7475bcfa8b064a064d84bb563ab6f4967dd29cd233ad011c335fe3c5924f5b3 From 29543ebdbe4d9519dfb9fa62680e0276787d41b3 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 6 Mar 2023 16:36:19 +0530 Subject: [PATCH 322/381] migrated to SPDX license Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index b0540ce..2539e38 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -27,7 +27,7 @@ Name: container-selinux Epoch: 2 Version: %{gen_version} Release: %autorelease -License: GPLv2 +License: GPL-2.0-only URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/v%{built_tag_strip}.tar.gz From 436047e7238fec57a6c2ec9a0e51bdec58c5a157 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 7 Mar 2023 15:01:31 +0000 Subject: [PATCH 323/381] auto bump to v2.203.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2d5322f..2fde8e0 100644 --- a/.gitignore +++ b/.gitignore @@ -199,3 +199,4 @@ /v2.200.0.tar.gz /v2.201.0.tar.gz /v2.202.0.tar.gz +/v2.203.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 2539e38..6dc6be5 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.202.0 +%global built_tag v2.203.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index bb3101c..34a5f8d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.202.0.tar.gz) = a68b647261401d8f817bb25f735a3296a025bb08de49ab07db3474a65d3005c3d7475bcfa8b064a064d84bb563ab6f4967dd29cd233ad011c335fe3c5924f5b3 +SHA512 (v2.203.0.tar.gz) = 2b3f575af1078f798338225b1b619c0685399abbff506c9cfe10ebf4994c3e17f5296dc7050c91ab12b2e478bf298f33aaec4c21bb4fa302db5f47f3fdc6b609 From a37491982632620730918271acb0524ee5bbdab6 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 13 Mar 2023 19:01:42 +0000 Subject: [PATCH 324/381] auto bump to v2.204.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2fde8e0..6e3d1d0 100644 --- a/.gitignore +++ b/.gitignore @@ -200,3 +200,4 @@ /v2.201.0.tar.gz /v2.202.0.tar.gz /v2.203.0.tar.gz +/v2.204.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 6dc6be5..7535ac3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.203.0 +%global built_tag v2.204.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 34a5f8d..5444a47 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.203.0.tar.gz) = 2b3f575af1078f798338225b1b619c0685399abbff506c9cfe10ebf4994c3e17f5296dc7050c91ab12b2e478bf298f33aaec4c21bb4fa302db5f47f3fdc6b609 +SHA512 (v2.204.0.tar.gz) = 7318826bffd9fbdfa2b339e2686317aa403dc497da66569f1a414b506b2f324535f1f4c4a784f006f6110158740bb3e81cafb1665fe8a864dcb210a16228b602 From b30eaa12138a11645cc0dc9546ef67c218347d50 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 16 Mar 2023 20:01:06 +0000 Subject: [PATCH 325/381] auto bump to v2.205.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 6e3d1d0..13febe7 100644 --- a/.gitignore +++ b/.gitignore @@ -201,3 +201,4 @@ /v2.202.0.tar.gz /v2.203.0.tar.gz /v2.204.0.tar.gz +/v2.205.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 7535ac3..2e10e22 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.204.0 +%global built_tag v2.205.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 5444a47..236868f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.204.0.tar.gz) = 7318826bffd9fbdfa2b339e2686317aa403dc497da66569f1a414b506b2f324535f1f4c4a784f006f6110158740bb3e81cafb1665fe8a864dcb210a16228b602 +SHA512 (v2.205.0.tar.gz) = a30ebb584c46d93b62cd53c50d2e8b7e84a98f0a9adb91e16e523ebfad920c61334471a32c0b8f96f3ce06de14e7346b64137b59a3248b4e5ea4978acad74948 From e37858fe401e10b8ad4d8caa4aaed5d3bbe2b311 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 21 Mar 2023 22:01:20 +0000 Subject: [PATCH 326/381] auto bump to v2.206.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 13febe7..cd3ece2 100644 --- a/.gitignore +++ b/.gitignore @@ -202,3 +202,4 @@ /v2.203.0.tar.gz /v2.204.0.tar.gz /v2.205.0.tar.gz +/v2.206.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 2e10e22..2bc7a12 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.205.0 +%global built_tag v2.206.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 236868f..ec2bd26 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.205.0.tar.gz) = a30ebb584c46d93b62cd53c50d2e8b7e84a98f0a9adb91e16e523ebfad920c61334471a32c0b8f96f3ce06de14e7346b64137b59a3248b4e5ea4978acad74948 +SHA512 (v2.206.0.tar.gz) = 3959f10964427476f121f683f3146ef50b1ce6859544d978fd3fb7473ae9fe73dab1b141a9e53f1048ca3c9aff0ba01f1d6bb454b678806749dca50ffcfd080c From a9e375591259343c3da7a6828e43c14ff9852f1c Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 31 Mar 2023 20:01:03 +0000 Subject: [PATCH 327/381] auto bump to v2.208.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index cd3ece2..5d7442b 100644 --- a/.gitignore +++ b/.gitignore @@ -203,3 +203,4 @@ /v2.204.0.tar.gz /v2.205.0.tar.gz /v2.206.0.tar.gz +/v2.208.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 2bc7a12..7ea0b79 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.206.0 +%global built_tag v2.208.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index ec2bd26..3353eb8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.206.0.tar.gz) = 3959f10964427476f121f683f3146ef50b1ce6859544d978fd3fb7473ae9fe73dab1b141a9e53f1048ca3c9aff0ba01f1d6bb454b678806749dca50ffcfd080c +SHA512 (v2.208.0.tar.gz) = 3612d332b385fb96835a310e10533a96b3c87d441144f80b1097a68913271d0480ba75c0b391f6ab599ca4b869d3331e95b1d5e04090e01917699b5d2e0c8d9a From 06867e53d1101cf0da4c066db17344bfdd57925e Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 3 Apr 2023 07:02:31 +0000 Subject: [PATCH 328/381] auto bump to v2.209.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 5d7442b..8b858d3 100644 --- a/.gitignore +++ b/.gitignore @@ -204,3 +204,4 @@ /v2.205.0.tar.gz /v2.206.0.tar.gz /v2.208.0.tar.gz +/v2.209.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 7ea0b79..69e9df1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.208.0 +%global built_tag v2.209.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 3353eb8..00840ea 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.208.0.tar.gz) = 3612d332b385fb96835a310e10533a96b3c87d441144f80b1097a68913271d0480ba75c0b391f6ab599ca4b869d3331e95b1d5e04090e01917699b5d2e0c8d9a +SHA512 (v2.209.0.tar.gz) = 98215e6ab832b0e9b951c69f9000b5bc8e0f38e4e88c8b702a0b01b0da945a32d9692fe87cc2ebeac4cd224fa37e94ef7c72a280e7ff2c95deedfa44eddb687f From 5ebc24d7cc1de5a37711b900fa2dc2457132568c Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 6 Apr 2023 21:01:05 +0000 Subject: [PATCH 329/381] auto bump to v2.210.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 8b858d3..f47eb93 100644 --- a/.gitignore +++ b/.gitignore @@ -205,3 +205,4 @@ /v2.206.0.tar.gz /v2.208.0.tar.gz /v2.209.0.tar.gz +/v2.210.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 69e9df1..64798e5 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.209.0 +%global built_tag v2.210.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 00840ea..24940fe 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.209.0.tar.gz) = 98215e6ab832b0e9b951c69f9000b5bc8e0f38e4e88c8b702a0b01b0da945a32d9692fe87cc2ebeac4cd224fa37e94ef7c72a280e7ff2c95deedfa44eddb687f +SHA512 (v2.210.0.tar.gz) = e0bc076893028b4cef0d6c48d690b984c5f5c87dcf75b502b91d0905e97db8ce21d5792f3e91d0b19d6991f9a7bba068525033a1e7ad075880a36c6d366b7187 From 2d04a157867e9b5d46bf06bf1e1a7359da293422 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Sat, 22 Apr 2023 12:01:40 +0000 Subject: [PATCH 330/381] auto bump to v2.211.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index f47eb93..515560e 100644 --- a/.gitignore +++ b/.gitignore @@ -206,3 +206,4 @@ /v2.208.0.tar.gz /v2.209.0.tar.gz /v2.210.0.tar.gz +/v2.211.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 64798e5..9add30d 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.210.0 +%global built_tag v2.211.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) diff --git a/sources b/sources index 24940fe..c752430 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.210.0.tar.gz) = e0bc076893028b4cef0d6c48d690b984c5f5c87dcf75b502b91d0905e97db8ce21d5792f3e91d0b19d6991f9a7bba068525033a1e7ad075880a36c6d366b7187 +SHA512 (v2.211.0.tar.gz) = 76c795cf51e80a3996ff79d5f29952932c35124c3ed283d1f101c61b02499ea8769d886b99a61e3c8c794ed9729b0151de92b283ef18d7e12f5fd59e5568860a From 1a501c866eea88309405ad3cc1381e936ac5432b Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 28 Apr 2023 13:39:45 -0400 Subject: [PATCH 331/381] fedora spec not used for packit copr-builds Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 5 ----- 1 file changed, 5 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 9add30d..0059ad0 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -127,9 +127,4 @@ if %{_sbindir}/selinuxenabled ; then fi %changelog -%if 0%{?centos} == 8 -* Fri Feb 10 2023 Lokesh Mandvekar -- Dummy changelog to make packit centos 8 copr builds happy -%else %autochangelog -%endif From 23b10c340b66402759218152a43e04adbc259275 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 28 Apr 2023 14:25:38 -0400 Subject: [PATCH 332/381] prepare for Packit integration, remove centos conditionals Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 0059ad0..6592a46 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,10 +3,6 @@ # container-selinux %global git0 https://github.com/containers/container-selinux -%global built_tag v2.211.0 -%global built_tag_strip %(b=%{built_tag}; echo ${b:1}) -%global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) - # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package %global selinuxtype targeted @@ -18,19 +14,14 @@ # Format must contain '$x' somewhere to do anything useful %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; -%if 0%{?centos} == 8 -%global _selinux_policy_version 3.14.3-111.el8 -%endif - -# Hooked up to autobuilder, please check with @lsm5 before updating Name: container-selinux Epoch: 2 -Version: %{gen_version} +Version: 2.211.0 Release: %autorelease License: GPL-2.0-only URL: %{git0} Summary: SELinux policies for container runtimes -Source0: %{git0}/archive/v%{built_tag_strip}.tar.gz +Source0: %{git0}/archive/v%{version}.tar.gz BuildArch: noarch BuildRequires: make BuildRequires: git-core @@ -56,15 +47,10 @@ SELinux policy modules for use with container runtimes. %prep %autosetup -Sgit %{name}-%{built_tag_strip} # https://github.com/containers/container-selinux/issues/203 -%if 0%{?fedora} <= 37 || 0%{?centos} +%if 0%{?fedora} <= 37 sed -i '/user_namespace/d' container.te %endif -%if 0%{?centos} == 8 -sed -i '/systemd_chat_resolved/d' container.te -%endif - - %build make From 8bff9a525154955a3d8efda5a6a358ff36898bae Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 2 May 2023 10:30:32 -0400 Subject: [PATCH 333/381] bump to v2.211.1 Should address relabeling issues mentioned in: https://bodhi.fedoraproject.org/updates/FEDORA-2023-06ac069828 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 515560e..bed9bb1 100644 --- a/.gitignore +++ b/.gitignore @@ -207,3 +207,4 @@ /v2.209.0.tar.gz /v2.210.0.tar.gz /v2.211.0.tar.gz +/v2.211.1.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 6592a46..564cc18 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -16,7 +16,7 @@ Name: container-selinux Epoch: 2 -Version: 2.211.0 +Version: 2.211.1 Release: %autorelease License: GPL-2.0-only URL: %{git0} diff --git a/sources b/sources index c752430..8ab7d2a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.211.0.tar.gz) = 76c795cf51e80a3996ff79d5f29952932c35124c3ed283d1f101c61b02499ea8769d886b99a61e3c8c794ed9729b0151de92b283ef18d7e12f5fd59e5568860a +SHA512 (v2.211.1.tar.gz) = 1708e6978905261d2fb03cd44da57761c3d813811ceb8af54a2615af50c2950c99fc62c7a38786af612be91de46abb27fc4b40c0cf116f2a3cef0b3a3944f8fa From e5568c55a3835ddb7b47506cb48e2207dfb96bb0 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 16 May 2023 09:21:55 -0400 Subject: [PATCH 334/381] bump to v2.213.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index bed9bb1..4733626 100644 --- a/.gitignore +++ b/.gitignore @@ -208,3 +208,4 @@ /v2.210.0.tar.gz /v2.211.0.tar.gz /v2.211.1.tar.gz +/v2.213.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 564cc18..0b9e76e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -16,7 +16,7 @@ Name: container-selinux Epoch: 2 -Version: 2.211.1 +Version: 2.213.0 Release: %autorelease License: GPL-2.0-only URL: %{git0} diff --git a/sources b/sources index 8ab7d2a..8920a6c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.211.1.tar.gz) = 1708e6978905261d2fb03cd44da57761c3d813811ceb8af54a2615af50c2950c99fc62c7a38786af612be91de46abb27fc4b40c0cf116f2a3cef0b3a3944f8fa +SHA512 (v2.213.0.tar.gz) = 5973b104b99dbadf8d935f241c70a570efc27a1858c035fc343f4ed6a234cd083da1e5a6281e04902bc8fe5997f2bfefe58d698c9225a82353a0f3d57b30933b From 280f3257e56a087b9290f923326d1460d4207bb0 Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 22 May 2023 15:48:19 +0000 Subject: [PATCH 335/381] [packit] 2.215.0 upstream release Upstream tag: v2.215.0 Upstream commit: 730f696f --- .gitignore | 1 + .packit.yaml | 86 ++++++++++++++++++++++++++++++++++++++++++ README.packit | 3 ++ container-selinux.spec | 74 ++++++++++++++++++++++++++---------- sources | 2 +- 5 files changed, 146 insertions(+), 20 deletions(-) create mode 100644 .packit.yaml create mode 100644 README.packit diff --git a/.gitignore b/.gitignore index 4733626..aaed0c6 100644 --- a/.gitignore +++ b/.gitignore @@ -209,3 +209,4 @@ /v2.211.0.tar.gz /v2.211.1.tar.gz /v2.213.0.tar.gz +/v2.215.0.tar.gz diff --git a/.packit.yaml b/.packit.yaml new file mode 100644 index 0000000..d49f936 --- /dev/null +++ b/.packit.yaml @@ -0,0 +1,86 @@ +--- +# See the documentation for more information: +# https://packit.dev/docs/configuration/ + +# Build targets can be found at: +# https://copr.fedorainfracloud.org/coprs/rhcontainerbot/packit-builds/ + +specfile_path: rpm/container-selinux.spec +upstream_tag_template: v{version} + +jobs: + - &copr + job: copr_build + # Run on every PR + trigger: pull_request + owner: rhcontainerbot + project: packit-builds + enable_net: true + # x86_64 is assumed by default + # container-selinux is noarch so we only need to test on one arch + targets: &pr_copr_targets + - fedora-rawhide + - fedora-38 + - fedora-37 + - centos-stream-9 + - centos-stream-8 + srpm_build_deps: + - make + - rpkg + actions: + fix-spec-file: + - bash .packit.sh + + - <<: *copr + # Run on commit to main branch + trigger: commit + branch: main + project: podman-next + targets: + - fedora-rawhide-aarch64 + - fedora-rawhide-ppc64le + - fedora-rawhide-s390x + - fedora-rawhide-x86_64 + - fedora-38-aarch64 + - fedora-38-ppc64le + - fedora-38-s390x + - fedora-38-x86_64 + - fedora-37-aarch64 + - fedora-37-ppc64le + - fedora-37-s390x + - fedora-37-x86_64 + - centos-stream+epel-next-9-aarch64 + - centos-stream+epel-next-9-ppc64le + - centos-stream+epel-next-9-s390x + - centos-stream+epel-next-9-x86_64 + + # All tests specified in the `/plans/` subdir + # FIXME: uncomment e2e tests after disk space issues resolved on testing farm + #- job: tests + # trigger: pull_request + # targets: *test_targets + # identifier: podman_e2e_test + # tmt_plan: "/plans/podman_e2e_test" + + - job: tests + trigger: pull_request + # arch assumed to be x86_64 by default. + targets: *pr_copr_targets + identifier: podman_system_test + tmt_plan: "/plans/podman_system_test" + + - job: propose_downstream + trigger: release + update_release: false + dist_git_branches: + - fedora-all + + - job: koji_build + trigger: commit + dist_git_branches: + - fedora-all + + - job: bodhi_update + trigger: commit + dist_git_branches: + - fedora-branched # rawhide updates are created automatically diff --git a/README.packit b/README.packit new file mode 100644 index 0000000..03c3f50 --- /dev/null +++ b/README.packit @@ -0,0 +1,3 @@ +This repository is maintained by packit. +https://packit.dev/ +The file was generated using packit 0.75.0.post16+g33d32c7. diff --git a/container-selinux.spec b/container-selinux.spec index 0b9e76e..48fcfc5 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -1,6 +1,6 @@ -%global debug_package %{nil} +%global debug_package %{nil} -# container-selinux +# container-selinux upstream %global git0 https://github.com/containers/container-selinux # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -14,9 +14,40 @@ # Format must contain '$x' somewhere to do anything useful %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; +# copr_username is only set on copr environments, not on others like koji +%if "%{?copr_username}" != "rhcontainerbot" +%bcond_with copr +%else +%bcond_without copr +%endif + +# RHEL 8 doesn't allow watch and systemd_chat_resolved +%if 0%{?rhel} == 8 +%bcond_without no_watch +%bcond_without no_systemd_chat_resolved +%else +%bcond_with no_watch +%bcond_with no_systemd_chat_resolved +%endif + +# https://github.com/containers/container-selinux/issues/203 +%if 0%{?fedora} <= 37 || 0%{?rhel} <= 9 +%bcond_without no_user_namespace +%else +%bcond_with no_user_namespace +%endif + Name: container-selinux +# Set different Epochs for copr and koji +%if %{with copr} +Epoch: 101 +%else Epoch: 2 -Version: 2.213.0 +%endif +# Keep Version in upstream specfile at 0. It will be automatically set +# to the correct value by Packit for copr and koji builds. +# IGNORE this comment if you're looking at it in dist-git. +Version: 2.215.0 Release: %autorelease License: GPL-2.0-only URL: %{git0} @@ -45,9 +76,22 @@ Conflicts: k3s-selinux <= 0.4-1 SELinux policy modules for use with container runtimes. %prep -%autosetup -Sgit %{name}-%{built_tag_strip} -# https://github.com/containers/container-selinux/issues/203 -%if 0%{?fedora} <= 37 +%autosetup -Sgit %{name}-%{version} + +sed -i 's/^man: install-policy/man:/' Makefile +sed -i 's/^install: man/install:/' Makefile + +%if %{with no_watch} +sed -i 's/watch watch_reads//' container.if +sed -i 's/watch watch_reads//' container.te +sed -i '/sysfs_t:dir watch/d' container.te +%endif + +%if %{with no_systemd_chat_resolved} +sed -i '/^systemd_chat_resolved/d' container.te +%endif + +%if %{with no_user_namespace} sed -i '/user_namespace/d' container.te %endif @@ -57,16 +101,7 @@ make %install # install policy modules %_format MODULES $x.pp.bz2 -install -d %{buildroot}%{_datadir}/selinux/packages -install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services -install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services -install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages -install -d %{buildroot}/%{_datadir}/containers/selinux -install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts -install -d %{buildroot}%{_datadir}/udica/templates -install -m 0644 udica-templates/*.cil %{buildroot}%{_datadir}/udica/templates - -%check +%{__make} DATADIR=%{buildroot}%{_datadir} SYSCONFDIR=%{buildroot}%{_sysconfdir} install install.udica-templates install.selinux-user %pre %selinux_relabel_pre -s %{selinuxtype} @@ -82,7 +117,7 @@ fi %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null %selinux_modules_install -s %{selinuxtype} $MODULES . %{_sysconfdir}/selinux/config -sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types +sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || : %postun @@ -103,8 +138,9 @@ fi %{_datadir}/containers/selinux/contexts %dir %{_datadir}/udica/templates/ %{_datadir}/udica/templates/* -# Currently shipped in selinux-policy-doc -#%%{_datadir}/man/man8/container_selinux.8.gz +%{_mandir}/man8/container_selinux.8.gz +%{_sysconfdir}/selinux/targeted/contexts/users/* +%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulenames} %triggerpostun -- container-selinux < 2:2.162.1-3 if %{_sbindir}/selinuxenabled ; then diff --git a/sources b/sources index 8920a6c..20ec8ae 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.213.0.tar.gz) = 5973b104b99dbadf8d935f241c70a570efc27a1858c035fc343f4ed6a234cd083da1e5a6281e04902bc8fe5997f2bfefe58d698c9225a82353a0f3d57b30933b +SHA512 (v2.215.0.tar.gz) = b6a756169bb0c9da8332d4913471cc72fb82c3cd7d8b919dd8a8b7527d2375773bcf553bc5e53ba7ee3f01539334864348b081eeae4362611355d454c869e7d9 From 473824031cfa92e19ee19462897d4d11a90f9e32 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 23 May 2023 09:18:15 -0400 Subject: [PATCH 336/381] [packit] 2.215.0 upstream release Upstream tag: v2.215.0 Upstream commit: e16876ee --- README.packit | 2 +- container-selinux.spec | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.packit b/README.packit index 03c3f50..83c84ce 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.75.0.post16+g33d32c7. +The file was generated using packit 0.75.0. diff --git a/container-selinux.spec b/container-selinux.spec index 48fcfc5..bc1092c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -103,6 +103,9 @@ make %_format MODULES $x.pp.bz2 %{__make} DATADIR=%{buildroot}%{_datadir} SYSCONFDIR=%{buildroot}%{_sysconfdir} install install.udica-templates install.selinux-user +# Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120 +rm %{buildroot}%{_mandir}/man8/container_selinux.8 + %pre %selinux_relabel_pre -s %{selinuxtype} @@ -138,7 +141,8 @@ fi %{_datadir}/containers/selinux/contexts %dir %{_datadir}/udica/templates/ %{_datadir}/udica/templates/* -%{_mandir}/man8/container_selinux.8.gz +# Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120 +#%%{_mandir}/man8/container_selinux.8.gz %{_sysconfdir}/selinux/targeted/contexts/users/* %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulenames} From c5cb8ccf6ce8db4238da4518201624c29c424ced Mon Sep 17 00:00:00 2001 From: Packit Date: Tue, 30 May 2023 19:10:35 +0000 Subject: [PATCH 337/381] [packit] 2.216.0 upstream release Upstream tag: v2.216.0 Upstream commit: a1a96a2e --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index aaed0c6..071ebdf 100644 --- a/.gitignore +++ b/.gitignore @@ -210,3 +210,4 @@ /v2.211.1.tar.gz /v2.213.0.tar.gz /v2.215.0.tar.gz +/v2.216.0.tar.gz diff --git a/README.packit b/README.packit index 83c84ce..01582f6 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.75.0. +The file was generated using packit 0.76.0. diff --git a/container-selinux.spec b/container-selinux.spec index bc1092c..f660d54 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -47,7 +47,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.215.0 +Version: 2.216.0 Release: %autorelease License: GPL-2.0-only URL: %{git0} diff --git a/sources b/sources index 20ec8ae..1178355 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.215.0.tar.gz) = b6a756169bb0c9da8332d4913471cc72fb82c3cd7d8b919dd8a8b7527d2375773bcf553bc5e53ba7ee3f01539334864348b081eeae4362611355d454c869e7d9 +SHA512 (v2.216.0.tar.gz) = 444497b0dbb41b4b3534a08f37ae861fd31300b6add9380e7df9519b248b5527342ff66956a455a47630c9e174def5ce4fb34fffcf3fc0c522cd25b153b1ba40 From a317b950f41dff13fd636ebf06a69d3ce5ef77bf Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 5 Jun 2023 18:29:06 +0000 Subject: [PATCH 338/381] [packit] 2.217.0 upstream release Upstream tag: v2.217.0 Upstream commit: 2e448062 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 071ebdf..d272ada 100644 --- a/.gitignore +++ b/.gitignore @@ -211,3 +211,4 @@ /v2.213.0.tar.gz /v2.215.0.tar.gz /v2.216.0.tar.gz +/v2.217.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index f660d54..54d960c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -47,7 +47,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.216.0 +Version: 2.217.0 Release: %autorelease License: GPL-2.0-only URL: %{git0} diff --git a/sources b/sources index 1178355..17c50fa 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.216.0.tar.gz) = 444497b0dbb41b4b3534a08f37ae861fd31300b6add9380e7df9519b248b5527342ff66956a455a47630c9e174def5ce4fb34fffcf3fc0c522cd25b153b1ba40 +SHA512 (v2.217.0.tar.gz) = 69bf61a04800f970b216994a4b579e4755ace2cc75f1444664c634fa3b9f7fa75faa5f018acf81b3d4ac7ddfc16e395f62a0bbfb11ad4b8961f11fd45e9f5c19 From 5c06fa109077740a1c27ac49fc8580fac42b162e Mon Sep 17 00:00:00 2001 From: Packit Date: Tue, 6 Jun 2023 15:26:16 +0000 Subject: [PATCH 339/381] [packit] 2.218.0 upstream release Upstream tag: v2.218.0 Upstream commit: 08662f13 --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index d272ada..84f65ac 100644 --- a/.gitignore +++ b/.gitignore @@ -212,3 +212,4 @@ /v2.215.0.tar.gz /v2.216.0.tar.gz /v2.217.0.tar.gz +/v2.218.0.tar.gz diff --git a/README.packit b/README.packit index 01582f6..b25e4da 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.76.0. +The file was generated using packit 0.76.0.post2+gbdab6df. diff --git a/container-selinux.spec b/container-selinux.spec index 54d960c..f76e6b1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -47,7 +47,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.217.0 +Version: 2.218.0 Release: %autorelease License: GPL-2.0-only URL: %{git0} diff --git a/sources b/sources index 17c50fa..3fb48db 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.217.0.tar.gz) = 69bf61a04800f970b216994a4b579e4755ace2cc75f1444664c634fa3b9f7fa75faa5f018acf81b3d4ac7ddfc16e395f62a0bbfb11ad4b8961f11fd45e9f5c19 +SHA512 (v2.218.0.tar.gz) = 93ff44d54ee0970eccfdacf9d7cf8b4aa5efe172995d72772e48ae5317f0eb28c1fddfdf3b9bd0c3c47014b978a28060e665e2459b0dda539f58e4338e9587a8 From b3d7d4b81d5a7bbe63bf72efe6d9edb624ae1f6e Mon Sep 17 00:00:00 2001 From: Packit Date: Sun, 2 Jul 2023 11:28:42 +0000 Subject: [PATCH 340/381] [packit] 2.219.0 upstream release Upstream tag: v2.219.0 Upstream commit: e3d7d0b1 --- .gitignore | 1 + .packit.yaml | 24 +++++------------------- README.packit | 2 +- container-selinux.spec | 42 ++++++++++++++---------------------------- sources | 2 +- 5 files changed, 22 insertions(+), 49 deletions(-) diff --git a/.gitignore b/.gitignore index 84f65ac..ec73296 100644 --- a/.gitignore +++ b/.gitignore @@ -213,3 +213,4 @@ /v2.216.0.tar.gz /v2.217.0.tar.gz /v2.218.0.tar.gz +/v2.219.0.tar.gz diff --git a/.packit.yaml b/.packit.yaml index d49f936..e5121fc 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -19,17 +19,11 @@ jobs: # x86_64 is assumed by default # container-selinux is noarch so we only need to test on one arch targets: &pr_copr_targets - - fedora-rawhide - - fedora-38 - - fedora-37 + - fedora-all - centos-stream-9 - centos-stream-8 srpm_build_deps: - make - - rpkg - actions: - fix-spec-file: - - bash .packit.sh - <<: *copr # Run on commit to main branch @@ -37,18 +31,10 @@ jobs: branch: main project: podman-next targets: - - fedora-rawhide-aarch64 - - fedora-rawhide-ppc64le - - fedora-rawhide-s390x - - fedora-rawhide-x86_64 - - fedora-38-aarch64 - - fedora-38-ppc64le - - fedora-38-s390x - - fedora-38-x86_64 - - fedora-37-aarch64 - - fedora-37-ppc64le - - fedora-37-s390x - - fedora-37-x86_64 + - fedora-all-aarch64 + - fedora-all-ppc64le + - fedora-all-s390x + - fedora-all-x86_64 - centos-stream+epel-next-9-aarch64 - centos-stream+epel-next-9-ppc64le - centos-stream+epel-next-9-s390x diff --git a/README.packit b/README.packit index b25e4da..101115f 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.76.0.post2+gbdab6df. +The file was generated using packit 0.77.0.post2+g06f877b. diff --git a/container-selinux.spec b/container-selinux.spec index f76e6b1..bc2580c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -1,8 +1,5 @@ %global debug_package %{nil} -# container-selinux upstream -%global git0 https://github.com/containers/container-selinux - # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package %global selinuxtype targeted @@ -14,45 +11,34 @@ # Format must contain '$x' somewhere to do anything useful %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; -# copr_username is only set on copr environments, not on others like koji -%if "%{?copr_username}" != "rhcontainerbot" -%bcond_with copr -%else -%bcond_without copr -%endif - # RHEL 8 doesn't allow watch and systemd_chat_resolved -%if 0%{?rhel} == 8 -%bcond_without no_watch -%bcond_without no_systemd_chat_resolved -%else -%bcond_with no_watch -%bcond_with no_systemd_chat_resolved +%if %{defined rhel} && 0%{?rhel} == 8 +%define no_watch 1 +%define no_systemd_chat_resolved 1 +%global _selinux_policy_version 3.14.3-80.el8 %endif # https://github.com/containers/container-selinux/issues/203 -%if 0%{?fedora} <= 37 || 0%{?rhel} <= 9 -%bcond_without no_user_namespace -%else -%bcond_with no_user_namespace +%if %{!defined fedora} && %{!defined rhel} || %{defined fedora} && 0%{?fedora} <= 37 || %{defined rhel} && 0%{?rhel} <= 9 +%define no_user_namespace 1 %endif Name: container-selinux # Set different Epochs for copr and koji -%if %{with copr} -Epoch: 101 +%if %{defined copr_username} +Epoch: 102 %else Epoch: 2 %endif # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.218.0 +Version: 2.219.0 Release: %autorelease License: GPL-2.0-only -URL: %{git0} +URL: https://github.com/containers/%{name} Summary: SELinux policies for container runtimes -Source0: %{git0}/archive/v%{version}.tar.gz +Source0: %{url}/archive/v%{version}.tar.gz BuildArch: noarch BuildRequires: make BuildRequires: git-core @@ -81,17 +67,17 @@ SELinux policy modules for use with container runtimes. sed -i 's/^man: install-policy/man:/' Makefile sed -i 's/^install: man/install:/' Makefile -%if %{with no_watch} +%if %{defined no_watch} sed -i 's/watch watch_reads//' container.if sed -i 's/watch watch_reads//' container.te sed -i '/sysfs_t:dir watch/d' container.te %endif -%if %{with no_systemd_chat_resolved} +%if %{defined no_systemd_chat_resolved} sed -i '/^systemd_chat_resolved/d' container.te %endif -%if %{with no_user_namespace} +%if %{defined no_user_namespace} sed -i '/user_namespace/d' container.te %endif diff --git a/sources b/sources index 3fb48db..f62b444 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.218.0.tar.gz) = 93ff44d54ee0970eccfdacf9d7cf8b4aa5efe172995d72772e48ae5317f0eb28c1fddfdf3b9bd0c3c47014b978a28060e665e2459b0dda539f58e4338e9587a8 +SHA512 (v2.219.0.tar.gz) = 469987579a645b1b7df843e2f3e11b74c798ebe0774cc021f6aa24e4c365c2eb65397ad918f89a0734119dcb803ddac622b1420a998bd3d1e34b7dd3c13e8cc3 From 5e76ec1dc90bece75eca30ce18910d517f28fc0e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jul 2023 16:19:24 +0000 Subject: [PATCH 341/381] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering From 507a53d1e9c2341c1b3d16dacb00aade052fa840 Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 14 Aug 2023 17:40:01 +0000 Subject: [PATCH 342/381] 2.221 upstream release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upstream tag: v2.221 Upstream commit: ed30ab0d If you need to do any change in this pull request, you need to locally fetch the source branch of it and push it (with a fix) to your fork (as it is not possible to push to the branch created in the Packit’s fork): ``` git fetch https://src.fedoraproject.org/forks/packit/rpms/container-selinux.git refs/heads/*:refs/remotes/packit/* git checkout packit/2.221-rawhide-update-propose_downstream ``` --- .gitignore | 1 + .packit.yaml | 30 ++++++++---------------------- README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 5 files changed, 12 insertions(+), 25 deletions(-) diff --git a/.gitignore b/.gitignore index ec73296..7ddca38 100644 --- a/.gitignore +++ b/.gitignore @@ -214,3 +214,4 @@ /v2.217.0.tar.gz /v2.218.0.tar.gz /v2.219.0.tar.gz +/v2.221.tar.gz diff --git a/.packit.yaml b/.packit.yaml index e5121fc..b4167a5 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -2,43 +2,29 @@ # See the documentation for more information: # https://packit.dev/docs/configuration/ -# Build targets can be found at: -# https://copr.fedorainfracloud.org/coprs/rhcontainerbot/packit-builds/ - specfile_path: rpm/container-selinux.spec upstream_tag_template: v{version} +srpm_build_deps: + - make + jobs: - - &copr - job: copr_build - # Run on every PR + - job: copr_build trigger: pull_request - owner: rhcontainerbot - project: packit-builds enable_net: true - # x86_64 is assumed by default # container-selinux is noarch so we only need to test on one arch targets: &pr_copr_targets - fedora-all - centos-stream-9 - centos-stream-8 - srpm_build_deps: - - make - - <<: *copr - # Run on commit to main branch + # Run on commit to main branch + - job: copr_build trigger: commit branch: main + owner: rhcontainerbot project: podman-next - targets: - - fedora-all-aarch64 - - fedora-all-ppc64le - - fedora-all-s390x - - fedora-all-x86_64 - - centos-stream+epel-next-9-aarch64 - - centos-stream+epel-next-9-ppc64le - - centos-stream+epel-next-9-s390x - - centos-stream+epel-next-9-x86_64 + enable_net: true # All tests specified in the `/plans/` subdir # FIXME: uncomment e2e tests after disk space issues resolved on testing farm diff --git a/README.packit b/README.packit index 101115f..d7c433c 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.77.0.post2+g06f877b. +The file was generated using packit 0.78.2.post2+g81828af. diff --git a/container-selinux.spec b/container-selinux.spec index bc2580c..e08e6b1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.219.0 +Version: 2.221 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index f62b444..a950989 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.219.0.tar.gz) = 469987579a645b1b7df843e2f3e11b74c798ebe0774cc021f6aa24e4c365c2eb65397ad918f89a0734119dcb803ddac622b1420a998bd3d1e34b7dd3c13e8cc3 +SHA512 (v2.221.tar.gz) = bc00af81076bc1ab468f67dfcb9affff7d335c613d5a859637b0d6d63d42fd86e93057ac84e1549d3d41c787b24e36f194880c04e5e29c5bf6b7ed0004cf1074 From 813175eff445ebe89b3730223bc2523334f031d7 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 15 Aug 2023 09:19:54 -0400 Subject: [PATCH 343/381] bump to v2.221.0 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 7ddca38..5e1ef4b 100644 --- a/.gitignore +++ b/.gitignore @@ -215,3 +215,4 @@ /v2.218.0.tar.gz /v2.219.0.tar.gz /v2.221.tar.gz +/v2.221.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e08e6b1..6eeab50 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.221 +Version: 2.221.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index a950989..38029d7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.221.tar.gz) = bc00af81076bc1ab468f67dfcb9affff7d335c613d5a859637b0d6d63d42fd86e93057ac84e1549d3d41c787b24e36f194880c04e5e29c5bf6b7ed0004cf1074 +SHA512 (v2.221.0.tar.gz) = 71e4bbc1507f9d04dd78c5881814c57b2138ed91ff474f0ce6db5da5e14ce848d7fe41952284b3525fb222eaf364dcc84efbb2f7641d78ac9abf5343e481be5d From b1e22dd31c9450f7444d242af7ab4a16ec2b65a6 Mon Sep 17 00:00:00 2001 From: Packit Date: Tue, 29 Aug 2023 21:06:35 +0000 Subject: [PATCH 344/381] [packit] 2.221.1 upstream release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upstream tag: v2.221.1 Upstream commit: bfb44d38 If you need to do any change in this pull request, you need to locally fetch the source branch of it and push it (with a fix) to your fork (as it is not possible to push to the branch created in the Packit’s fork): ``` git fetch https://src.fedoraproject.org/forks/packit/rpms/container-selinux.git refs/heads/*:refs/remotes/packit/* git checkout packit/2.221.1-rawhide-update-propose_downstream ``` --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 5e1ef4b..4d18507 100644 --- a/.gitignore +++ b/.gitignore @@ -216,3 +216,4 @@ /v2.219.0.tar.gz /v2.221.tar.gz /v2.221.0.tar.gz +/v2.221.1.tar.gz diff --git a/README.packit b/README.packit index d7c433c..797aefb 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.78.2.post2+g81828af. +The file was generated using packit 0.79.0.post2+g93f33d9. diff --git a/container-selinux.spec b/container-selinux.spec index 6eeab50..9c3efc3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.221.0 +Version: 2.221.1 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 38029d7..7ecf5ea 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.221.0.tar.gz) = 71e4bbc1507f9d04dd78c5881814c57b2138ed91ff474f0ce6db5da5e14ce848d7fe41952284b3525fb222eaf364dcc84efbb2f7641d78ac9abf5343e481be5d +SHA512 (v2.221.1.tar.gz) = 5ba0144812b4df7b5ef2480cdb1330f3aeae4781ee89d3342770cd301b3c8df764a144ca32f622a28adadeb9b973ede8008c23eacca51edec12d3882bceb2d9a From bbe8925300e5d15057835071cb325022e76f261a Mon Sep 17 00:00:00 2001 From: Packit Date: Sun, 17 Sep 2023 13:49:48 +0000 Subject: [PATCH 345/381] [packit] 2.222.0 upstream release Upstream tag: v2.222.0 Upstream commit: cbaa1ba7 --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 4d18507..16e4ef8 100644 --- a/.gitignore +++ b/.gitignore @@ -217,3 +217,4 @@ /v2.221.tar.gz /v2.221.0.tar.gz /v2.221.1.tar.gz +/v2.222.0.tar.gz diff --git a/README.packit b/README.packit index 797aefb..786c2a0 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.79.0.post2+g93f33d9. +The file was generated using packit 0.80.0.post8+gf2b5fcbc. diff --git a/container-selinux.spec b/container-selinux.spec index 9c3efc3..324451a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.221.1 +Version: 2.222.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 7ecf5ea..e18b4c0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.221.1.tar.gz) = 5ba0144812b4df7b5ef2480cdb1330f3aeae4781ee89d3342770cd301b3c8df764a144ca32f622a28adadeb9b973ede8008c23eacca51edec12d3882bceb2d9a +SHA512 (v2.222.0.tar.gz) = f5475c4f0d99c0b594637d004b526f8c129e967ed93b558e11dbed772df958cd6967f0a3183ea02cd1c7ef941510b59e9ffdf1a1238ae6880c220466967d683a From 8252c641d9b1f9fc6d81b944d0cafec27e7fe483 Mon Sep 17 00:00:00 2001 From: Packit Date: Wed, 11 Oct 2023 11:09:33 +0000 Subject: [PATCH 346/381] [packit] 2.224.0 upstream release Upstream tag: v2.224.0 Upstream commit: 31e9f0bd --- .gitignore | 1 + .packit.yaml | 67 ++++++++++++++++++++++++++++++++++-------- README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 5 files changed, 59 insertions(+), 15 deletions(-) diff --git a/.gitignore b/.gitignore index 16e4ef8..a935d69 100644 --- a/.gitignore +++ b/.gitignore @@ -218,3 +218,4 @@ /v2.221.0.tar.gz /v2.221.1.tar.gz /v2.222.0.tar.gz +/v2.224.0.tar.gz diff --git a/.packit.yaml b/.packit.yaml index b4167a5..6f84a58 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -11,36 +11,79 @@ srpm_build_deps: jobs: - job: copr_build trigger: pull_request + notifications: + failure_comment: + message: "Ephemeral COPR build failed. @containers/packit-build please check." enable_net: true # container-selinux is noarch so we only need to test on one arch - targets: &pr_copr_targets + targets: - fedora-all - - centos-stream-9 - - centos-stream-8 + - fedora-eln + - epel-9 + - epel-8 # Run on commit to main branch + # Build targets managed in copr settings - job: copr_build trigger: commit + notifications: + failure_comment: + message: "podman-next COPR build failed. @containers/packit-build please check." branch: main owner: rhcontainerbot project: podman-next enable_net: true # All tests specified in the `/plans/` subdir - # FIXME: uncomment e2e tests after disk space issues resolved on testing farm - #- job: tests - # trigger: pull_request - # targets: *test_targets - # identifier: podman_e2e_test - # tmt_plan: "/plans/podman_e2e_test" - + # Podman e2e tests for Fedora and CentOS Stream - job: tests trigger: pull_request - # arch assumed to be x86_64 by default. - targets: *pr_copr_targets + notifications: + failure_comment: + message: "podman e2e tests failed. @containers/packit-build please check." + targets: &pr_test_targets + - fedora-all + - epel-9 + - epel-8 + identifier: podman_e2e_test + tmt_plan: "/plans/podman_e2e_test" + + # Podman system tests for Fedora and CentOS Stream + - job: tests + trigger: pull_request + notifications: + failure_comment: + message: "podman system tests failed. @containers/packit-build please check." + targets: *pr_test_targets identifier: podman_system_test tmt_plan: "/plans/podman_system_test" + # Podman e2e tests for RHEL + - job: tests + trigger: pull_request + use_internal_tf: true + notifications: + failure_comment: + message: "podman e2e tests failed on RHEL. @containers/packit-build please check." + targets: &pr_test_targets_rhel + epel-9-x86_64: + distros: [RHEL-9.2.0-Nightly] + epel-8-x86_64: + distros: [RHEL-8.10.0-Nightly] + identifier: podman_e2e_test_internal + tmt_plan: "/plans/podman_e2e_test" + + # Podman system tests for RHEL + - job: tests + trigger: pull_request + use_internal_tf: true + notifications: + failure_comment: + message: "podman system tests failed on RHEL. @containers/packit-build please check." + targets: *pr_test_targets_rhel + identifier: podman_system_test_internal + tmt_plan: "/plans/podman_system_test" + - job: propose_downstream trigger: release update_release: false diff --git a/README.packit b/README.packit index 786c2a0..327dfec 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.80.0.post8+gf2b5fcbc. +The file was generated using packit 0.83.0.post1.dev4+g46d87465. diff --git a/container-selinux.spec b/container-selinux.spec index 324451a..3c995a5 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.222.0 +Version: 2.224.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index e18b4c0..2eec748 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.222.0.tar.gz) = f5475c4f0d99c0b594637d004b526f8c129e967ed93b558e11dbed772df958cd6967f0a3183ea02cd1c7ef941510b59e9ffdf1a1238ae6880c220466967d683a +SHA512 (v2.224.0.tar.gz) = ab838c379aae99347c5d49ef84513c5fa1cd03faf1ab6b1dd4b6c571875c7c9df389abfb41ce0e2c2a57e14d11c47cbac85e2a6ad8004c2db6087849d91282aa From 4d552c672dbb5fc5c72929c9c7e3947e0ceedcd0 Mon Sep 17 00:00:00 2001 From: Packit Date: Thu, 30 Nov 2023 00:41:51 +0000 Subject: [PATCH 347/381] [packit] 2.226.0 upstream release Upstream tag: v2.226.0 Upstream commit: cff8553f --- .gitignore | 1 + .packit.yaml | 4 ++-- README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index a935d69..e57030a 100644 --- a/.gitignore +++ b/.gitignore @@ -219,3 +219,4 @@ /v2.221.1.tar.gz /v2.222.0.tar.gz /v2.224.0.tar.gz +/v2.226.0.tar.gz diff --git a/.packit.yaml b/.packit.yaml index 6f84a58..0f6b9fd 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -67,9 +67,9 @@ jobs: message: "podman e2e tests failed on RHEL. @containers/packit-build please check." targets: &pr_test_targets_rhel epel-9-x86_64: - distros: [RHEL-9.2.0-Nightly] + distros: [RHEL-9.3.0-Nightly,RHEL-9.4.0-Nightly] epel-8-x86_64: - distros: [RHEL-8.10.0-Nightly] + distros: [RHEL-8.9.0-Nightly,RHEL-8.10.0-Nightly] identifier: podman_e2e_test_internal tmt_plan: "/plans/podman_e2e_test" diff --git a/README.packit b/README.packit index 327dfec..ef95206 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.83.0.post1.dev4+g46d87465. +The file was generated using packit 0.87.0. diff --git a/container-selinux.spec b/container-selinux.spec index 3c995a5..7f2ac48 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.224.0 +Version: 2.226.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 2eec748..d6bc57a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.224.0.tar.gz) = ab838c379aae99347c5d49ef84513c5fa1cd03faf1ab6b1dd4b6c571875c7c9df389abfb41ce0e2c2a57e14d11c47cbac85e2a6ad8004c2db6087849d91282aa +SHA512 (v2.226.0.tar.gz) = 9decb066c62779336c22c027a2d3870c3dc1fe0afaa80ad59c4058c0030e0867352955d568e297f2258ba855a2be0d70c0d257cb64543b8726ff0755d63e95f8 From fce80f30080b39a96de5cd218482cd133eb1ff1a Mon Sep 17 00:00:00 2001 From: Packit Date: Thu, 21 Dec 2023 15:51:36 +0000 Subject: [PATCH 348/381] [packit] 2.227.0 upstream release Upstream tag: v2.227.0 Upstream commit: 289df825 --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index e57030a..a6ea623 100644 --- a/.gitignore +++ b/.gitignore @@ -220,3 +220,4 @@ /v2.222.0.tar.gz /v2.224.0.tar.gz /v2.226.0.tar.gz +/v2.227.0.tar.gz diff --git a/README.packit b/README.packit index ef95206..f27b296 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.87.0. +The file was generated using packit 0.87.1.post1.dev11+gd1f7091b. diff --git a/container-selinux.spec b/container-selinux.spec index 7f2ac48..0aa2346 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.226.0 +Version: 2.227.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index d6bc57a..3b13bad 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.226.0.tar.gz) = 9decb066c62779336c22c027a2d3870c3dc1fe0afaa80ad59c4058c0030e0867352955d568e297f2258ba855a2be0d70c0d257cb64543b8726ff0755d63e95f8 +SHA512 (v2.227.0.tar.gz) = 604f6e8be89efb1dc6b70596149ea8cdd36958125dc740e3468757e732d452dda8b786b7d593bff099fb80fada369e54118a6d9e3eff0cdae2c15ac22c4acf04 From c63e6813d94835abfb00f5035acc225a00d605be Mon Sep 17 00:00:00 2001 From: Packit Date: Thu, 11 Jan 2024 03:13:23 +0000 Subject: [PATCH 349/381] [packit] 2.228.0 upstream release Upstream tag: v2.228.0 Upstream commit: 48c2b45f --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 3 ++- sources | 2 +- 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index a6ea623..5d86517 100644 --- a/.gitignore +++ b/.gitignore @@ -221,3 +221,4 @@ /v2.224.0.tar.gz /v2.226.0.tar.gz /v2.227.0.tar.gz +/v2.228.0.tar.gz diff --git a/README.packit b/README.packit index f27b296..8c508a5 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.87.1.post1.dev11+gd1f7091b. +The file was generated using packit 0.88.0. diff --git a/container-selinux.spec b/container-selinux.spec index 0aa2346..689dc58 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.227.0 +Version: 2.228.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} @@ -71,6 +71,7 @@ sed -i 's/^install: man/install:/' Makefile sed -i 's/watch watch_reads//' container.if sed -i 's/watch watch_reads//' container.te sed -i '/sysfs_t:dir watch/d' container.te +sed -i '/fifo_file watch/d' container.te %endif %if %{defined no_systemd_chat_resolved} diff --git a/sources b/sources index 3b13bad..56eb602 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.227.0.tar.gz) = 604f6e8be89efb1dc6b70596149ea8cdd36958125dc740e3468757e732d452dda8b786b7d593bff099fb80fada369e54118a6d9e3eff0cdae2c15ac22c4acf04 +SHA512 (v2.228.0.tar.gz) = b6dcfdc7044d491c15fe582af7cd2a653318ccb0d793556a7222620b5d3d1270d6d514cb9fae83d8f9e8300c5a3a8aee3c9bf69d68f8955b3f87cc20fb035f97 From f2ab676dc0792b449cd57867643be5c6688fff6c Mon Sep 17 00:00:00 2001 From: Packit Date: Thu, 18 Jan 2024 02:53:21 +0000 Subject: [PATCH 350/381] [packit] 2.228.1 upstream release Upstream tag: v2.228.1 Upstream commit: d733187b --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 5d86517..755ae26 100644 --- a/.gitignore +++ b/.gitignore @@ -222,3 +222,4 @@ /v2.226.0.tar.gz /v2.227.0.tar.gz /v2.228.0.tar.gz +/v2.228.1.tar.gz diff --git a/README.packit b/README.packit index 8c508a5..115b422 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.88.0. +The file was generated using packit 0.88.0.post1.dev4+gc070191b. diff --git a/container-selinux.spec b/container-selinux.spec index 689dc58..efca51a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.228.0 +Version: 2.228.1 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 56eb602..ebebf32 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.228.0.tar.gz) = b6dcfdc7044d491c15fe582af7cd2a653318ccb0d793556a7222620b5d3d1270d6d514cb9fae83d8f9e8300c5a3a8aee3c9bf69d68f8955b3f87cc20fb035f97 +SHA512 (v2.228.1.tar.gz) = d746a9d843c6bbe9cec0d7bb4ab7de4c791f12d82cc2f95aa52b225729d2a0933019a4d588d8b565e92aaaf04a0e967a5db3d50caded4b3f446bc122e841da03 From 0ad7a38c63a57d5ac351eae8dc6447f74bb13277 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 19 Jan 2024 16:07:41 +0000 Subject: [PATCH 351/381] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From fb3dca68cbdc3f922256b63b7e82858dafb26d76 Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 22 Jan 2024 12:53:47 +0000 Subject: [PATCH 352/381] [packit] 2.229.0 upstream release Upstream tag: v2.229.0 Upstream commit: eac57925 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 755ae26..ceb3a01 100644 --- a/.gitignore +++ b/.gitignore @@ -223,3 +223,4 @@ /v2.227.0.tar.gz /v2.228.0.tar.gz /v2.228.1.tar.gz +/v2.229.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index efca51a..70a34f3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.228.1 +Version: 2.229.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index ebebf32..05ff519 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.228.1.tar.gz) = d746a9d843c6bbe9cec0d7bb4ab7de4c791f12d82cc2f95aa52b225729d2a0933019a4d588d8b565e92aaaf04a0e967a5db3d50caded4b3f446bc122e841da03 +SHA512 (v2.229.0.tar.gz) = 1341e0a6996d1ff2b06a0095f6720595f0775dff27f1f45702b3e03ea78f3b45708f55400b4dc8bfc4586efec4f72528512e8fbe461629a55a18936f8e6df30d From b0b9b555ec4a7c5785444b05cd0e09e339ccd535 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 24 Jan 2024 08:00:11 +0000 Subject: [PATCH 353/381] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From a24e6afd78102261b06788feb2788c773a0066a0 Mon Sep 17 00:00:00 2001 From: Packit Date: Wed, 28 Feb 2024 15:07:51 +0000 Subject: [PATCH 354/381] [packit] 2.229.1 upstream release Upstream tag: v2.229.1 Upstream commit: a023e9ee --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index ceb3a01..dd028fd 100644 --- a/.gitignore +++ b/.gitignore @@ -224,3 +224,4 @@ /v2.228.0.tar.gz /v2.228.1.tar.gz /v2.229.0.tar.gz +/v2.229.1.tar.gz diff --git a/README.packit b/README.packit index 115b422..31341b6 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.88.0.post1.dev4+gc070191b. +The file was generated using packit 0.93.0. diff --git a/container-selinux.spec b/container-selinux.spec index 70a34f3..3372761 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.229.0 +Version: 2.229.1 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 05ff519..9c53c37 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.229.0.tar.gz) = 1341e0a6996d1ff2b06a0095f6720595f0775dff27f1f45702b3e03ea78f3b45708f55400b4dc8bfc4586efec4f72528512e8fbe461629a55a18936f8e6df30d +SHA512 (v2.229.1.tar.gz) = 19a3434093c1e30ae4e09988169435489c054f5eb9e0fb2a6ddd511da1393340913abbc5d848da280dfff1b314b1ee88bdff8092e59c51da839ca8e0bead531e From f7ef46bd6be7b4993f3147cc52fadfd4449ee7b7 Mon Sep 17 00:00:00 2001 From: Packit Date: Sat, 2 Mar 2024 18:44:04 +0000 Subject: [PATCH 355/381] [packit] 2.230.0 upstream release Upstream tag: v2.230.0 Upstream commit: 5cec8532 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index dd028fd..c22fbd6 100644 --- a/.gitignore +++ b/.gitignore @@ -225,3 +225,4 @@ /v2.228.1.tar.gz /v2.229.0.tar.gz /v2.229.1.tar.gz +/v2.230.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 3372761..2aea4cd 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.229.1 +Version: 2.230.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 9c53c37..17706d2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.229.1.tar.gz) = 19a3434093c1e30ae4e09988169435489c054f5eb9e0fb2a6ddd511da1393340913abbc5d848da280dfff1b314b1ee88bdff8092e59c51da839ca8e0bead531e +SHA512 (v2.230.0.tar.gz) = 6534fb6e1360b6e64d6e49e674a976e711f42b8b75b0ad1dffb35f870e2ccf9fcfe38de5e4f695a7e2490c6fe880c36bb3c17c1510e4758d0d3aa877dea719a8 From 2d328af1cd85cfa3b228296f582709f5ba25dcf4 Mon Sep 17 00:00:00 2001 From: Packit Date: Wed, 24 Apr 2024 14:30:43 +0000 Subject: [PATCH 356/381] Update to 2.231.0 upstream release - Resolves: rhbz#2276827 Upstream tag: v2.231.0 Upstream commit: 5d983412 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + .packit.yaml | 4 ++-- README.packit | 2 +- container-selinux.spec | 14 +++++++++++++- sources | 2 +- 5 files changed, 18 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index c22fbd6..07fedca 100644 --- a/.gitignore +++ b/.gitignore @@ -226,3 +226,4 @@ /v2.229.0.tar.gz /v2.229.1.tar.gz /v2.230.0.tar.gz +/v2.231.0.tar.gz diff --git a/.packit.yaml b/.packit.yaml index 0f6b9fd..b066cb5 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -67,9 +67,9 @@ jobs: message: "podman e2e tests failed on RHEL. @containers/packit-build please check." targets: &pr_test_targets_rhel epel-9-x86_64: - distros: [RHEL-9.3.0-Nightly,RHEL-9.4.0-Nightly] + distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly] epel-8-x86_64: - distros: [RHEL-8.9.0-Nightly,RHEL-8.10.0-Nightly] + distros: [RHEL-8.9.0-Nightly,RHEL-8-Nightly] identifier: podman_e2e_test_internal tmt_plan: "/plans/podman_e2e_test" diff --git a/README.packit b/README.packit index 31341b6..bee8d88 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.93.0. +The file was generated using packit 0.95.0. diff --git a/container-selinux.spec b/container-selinux.spec index 2aea4cd..87bd464 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -18,6 +18,14 @@ %global _selinux_policy_version 3.14.3-80.el8 %endif +# RHEL < 10 and Fedora < 40 use file context entries in /var/run +%if %{defined rhel} && 0%{?rhel} < 10 +%define legacy_var_run 1 +%endif +%if %{defined fedora} && 0%{?fedora} < 40 +%define legacy_var_run 1 +%endif + # https://github.com/containers/container-selinux/issues/203 %if %{!defined fedora} && %{!defined rhel} || %{defined fedora} && 0%{?fedora} <= 37 || %{defined rhel} && 0%{?rhel} <= 9 %define no_user_namespace 1 @@ -33,7 +41,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.230.0 +Version: 2.231.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} @@ -82,6 +90,10 @@ sed -i '/^systemd_chat_resolved/d' container.te sed -i '/user_namespace/d' container.te %endif +%if %{defined legacy_var_run} +sed -i 's|^/run/|/var/run/|' container.fc +%endif + %build make diff --git a/sources b/sources index 17706d2..2755628 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.230.0.tar.gz) = 6534fb6e1360b6e64d6e49e674a976e711f42b8b75b0ad1dffb35f870e2ccf9fcfe38de5e4f695a7e2490c6fe880c36bb3c17c1510e4758d0d3aa877dea719a8 +SHA512 (v2.231.0.tar.gz) = 1e1cf48dda96e72330719ec6b679cbb832e002903c94afee3d3a4754196712026a050bbf619e9b0fdba6efbd1c56aaf1e687cd0436cc3386ac23d5b5a83f6352 From 7c08fffb11ed1d7a6315a587346670ac9c9c064d Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 20 May 2024 15:00:44 -0400 Subject: [PATCH 357/381] Attempt to use TMT plans Signed-off-by: Lokesh Mandvekar --- .fmf/version | 1 + gating.yaml | 8 +++++- plans/main.fmf | 54 +++++++++++++++++++++++++++++++++++++ plans/podman_e2e_test.sh | 32 ++++++++++++++++++++++ plans/podman_system_test.sh | 9 +++++++ 5 files changed, 103 insertions(+), 1 deletion(-) create mode 100644 .fmf/version create mode 100644 plans/main.fmf create mode 100644 plans/podman_e2e_test.sh create mode 100644 plans/podman_system_test.sh diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/gating.yaml b/gating.yaml index c2182c7..e15b02e 100644 --- a/gating.yaml +++ b/gating.yaml @@ -3,4 +3,10 @@ product_versions: - fedora-* decision_context: bodhi_update_push_stable rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + #- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/podman_e2e_test_downstream.functional} + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/podman_system_test_downstream.functional} +product_versions: + - rhel-* +decision_context: osci_compose_gate +rules: [] diff --git a/plans/main.fmf b/plans/main.fmf new file mode 100644 index 0000000..17a055a --- /dev/null +++ b/plans/main.fmf @@ -0,0 +1,54 @@ +prepare+: + - name: Install bats + how: shell + script: | + BATS_VERSION=1.11.0 + curl -s -L -O https://github.com/bats-core/bats-core/archive/refs/tags/v$BATS_VERSION.tar.gz + tar zxf v$BATS_VERSION.tar.gz + cd bats-core-$BATS_VERSION + ./install.sh /usr + + # Install packages to run podman revdep tests + - how: install + package: + - golang + - podman + - podman-tests + +/podman_e2e_test_upstream: + summary: Run SELinux specific Podman e2e tests on upstream PRs + execute: + how: tmt + script: | + # Install podman-next copr and update from it + bash ./plans/repo_setup.sh + bash ./plans/podman_e2e_test.sh + adjust: + when: trigger == commit + +/podman_e2e_test_downstream: + summary: Run SELinux specific Podman e2e tests on downstream bodhi / errata + execute: + how: tmt + script: bash ./plans/podman_e2e_test.sh + adjust: + when: trigger == update + +/podman_system_test_upstream: + summary: Run SELinux specific Podman system tests on upstream PRs + execute: + how: tmt + script: | + # Install podman-next copr and update from it + bash ./plans/repo_setup.sh + bash ./plans/podman_system_test.sh + adjust: + when: trigger == commit + +/podman_system_test_downstream: + summary: Run SELinux specific Podman system tests on downstream bodhi / errata + execute: + how: tmt + script: bash ./plans/podman_system_test.sh + adjust: + when: trigger == update diff --git a/plans/podman_e2e_test.sh b/plans/podman_e2e_test.sh new file mode 100644 index 0000000..c2b5a27 --- /dev/null +++ b/plans/podman_e2e_test.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +# Do not set -e as we want to work on all results of `rpm -q dnf[5]`. +set -xo pipefail + +cat /etc/redhat-release +rpm -q container-selinux golang podman + +# /tmp is often unsufficient +export TMPDIR=/var/tmp + +# dnf5 contains breaking changes +# Either of `dnf` OR `dnf5` will be installed, never both. +# To fetch srpm, dnf uses `--source`, dnf5 uses `--srpm`. +rpm -q dnf5 +if [[ $? -eq 0 ]]; then + SRPM_OPTS="--srpm" +else + SRPM_OPTS="--source" +fi + +# Fetch and extract latest podman source from the highest priority dnf repo +# NOTE: On upstream pull-requests, the srpm will be fetched from the +# podman-next copr while on bodhi updates, it will be fetched from Fedora's +# official repos. +dnf download $SRPM_OPTS podman +rpm2cpio podman*.src.rpm | cpio -di +tar zxf podman-*.tar.gz + +# Run podman e2e tests +cd podman-*/test/e2e +PODMAN_BINARY=/usr/bin/podman go test -v config.go config_amd64.go common_test.go libpod_suite_test.go run_selinux_test.go diff --git a/plans/podman_system_test.sh b/plans/podman_system_test.sh new file mode 100644 index 0000000..428145a --- /dev/null +++ b/plans/podman_system_test.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +set -exo pipefail + +cat /etc/redhat-release +rpm -q container-selinux podman podman-tests + +# Run podman system tests +bats /usr/share/podman/test/system/410-selinux.bats From 114bba5ebc94bfb6e8b1522d2e3e5677a70c5a87 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 20 May 2024 15:25:11 -0400 Subject: [PATCH 358/381] Reuse TMT tests: remove old STI tests Signed-off-by: Lokesh Mandvekar --- gating.yaml | 1 - plans/main.fmf | 1 + tests/tests.yml | 16 ---------------- 3 files changed, 1 insertion(+), 17 deletions(-) delete mode 100644 tests/tests.yml diff --git a/gating.yaml b/gating.yaml index e15b02e..d34f241 100644 --- a/gating.yaml +++ b/gating.yaml @@ -3,7 +3,6 @@ product_versions: - fedora-* decision_context: bodhi_update_push_stable rules: - #- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/podman_e2e_test_downstream.functional} - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/podman_system_test_downstream.functional} product_versions: diff --git a/plans/main.fmf b/plans/main.fmf index 17a055a..aeccfdf 100644 --- a/plans/main.fmf +++ b/plans/main.fmf @@ -12,6 +12,7 @@ prepare+: - how: install package: - golang + - iptables - podman - podman-tests diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index 552bdbb..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,16 +0,0 @@ -- hosts: localhost - tags: - - classic - roles: - - role: standard-test-basic - required_packages: - - policycoreutils - - container-selinux - - podman - tests: - - is-module-installed: - run: semodule --list=full | grep container - - can-rebuild-policy: - run: semodule -B - - can-run-podman: - run: podman run --rm quay.io/libpod/testimage:20210610 cat -v /proc/self/attr/current From 6548fb56c2be5e93a2e2b41e7fb031184bf90769 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 20 May 2024 15:52:00 -0400 Subject: [PATCH 359/381] TMT: use fmf to discover tests Signed-off-by: Lokesh Mandvekar --- gating.yaml | 3 +-- plans/main.fmf | 4 ++++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/gating.yaml b/gating.yaml index d34f241..2866434 100644 --- a/gating.yaml +++ b/gating.yaml @@ -3,8 +3,7 @@ product_versions: - fedora-* decision_context: bodhi_update_push_stable rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/podman_e2e_test_downstream.functional} - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/podman_system_test_downstream.functional} + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} product_versions: - rhel-* decision_context: osci_compose_gate diff --git a/plans/main.fmf b/plans/main.fmf index aeccfdf..640f679 100644 --- a/plans/main.fmf +++ b/plans/main.fmf @@ -29,6 +29,8 @@ prepare+: /podman_e2e_test_downstream: summary: Run SELinux specific Podman e2e tests on downstream bodhi / errata + discover: + how: fmf execute: how: tmt script: bash ./plans/podman_e2e_test.sh @@ -48,6 +50,8 @@ prepare+: /podman_system_test_downstream: summary: Run SELinux specific Podman system tests on downstream bodhi / errata + discover: + how: fmf execute: how: tmt script: bash ./plans/podman_system_test.sh From 1012b5368e910a6dbe43067af18040f9fbf81e61 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 20 May 2024 16:13:42 -0400 Subject: [PATCH 360/381] fix gating.yaml Signed-off-by: Lokesh Mandvekar --- gating.yaml | 2 ++ plans/main.fmf | 21 +++++++++------------ 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/gating.yaml b/gating.yaml index 2866434..dbb1d91 100644 --- a/gating.yaml +++ b/gating.yaml @@ -4,6 +4,8 @@ product_versions: decision_context: bodhi_update_push_stable rules: - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +--- !Policy product_versions: - rhel-* decision_context: osci_compose_gate diff --git a/plans/main.fmf b/plans/main.fmf index 640f679..81c4835 100644 --- a/plans/main.fmf +++ b/plans/main.fmf @@ -1,3 +1,8 @@ +discover: + how: fmf +execute: + how: tmt + prepare+: - name: Install bats how: shell @@ -18,8 +23,7 @@ prepare+: /podman_e2e_test_upstream: summary: Run SELinux specific Podman e2e tests on upstream PRs - execute: - how: tmt + execute+: script: | # Install podman-next copr and update from it bash ./plans/repo_setup.sh @@ -29,18 +33,14 @@ prepare+: /podman_e2e_test_downstream: summary: Run SELinux specific Podman e2e tests on downstream bodhi / errata - discover: - how: fmf - execute: - how: tmt + execute+: script: bash ./plans/podman_e2e_test.sh adjust: when: trigger == update /podman_system_test_upstream: summary: Run SELinux specific Podman system tests on upstream PRs - execute: - how: tmt + execute+: script: | # Install podman-next copr and update from it bash ./plans/repo_setup.sh @@ -50,10 +50,7 @@ prepare+: /podman_system_test_downstream: summary: Run SELinux specific Podman system tests on downstream bodhi / errata - discover: - how: fmf - execute: - how: tmt + execute+: script: bash ./plans/podman_system_test.sh adjust: when: trigger == update From 66b85a8781ee41973c2167c58b1cdb29f4982629 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 21 May 2024 16:48:26 -0400 Subject: [PATCH 361/381] sync test plans from upstream --- .gitignore | 1 + .packit.yaml | 113 ++++++++++++++++++++++++------------ container-selinux.spec | 8 ++- plans/all.fmf | 20 +++++++ plans/main.fmf | 56 ------------------ plans/podman_e2e_test.sh | 32 ---------- plans/podman_system_test.sh | 9 --- sources | 2 +- test/Makefile | 23 ++++++++ test/main.fmf | 29 +++++++++ test/podman-tests.sh | 84 +++++++++++++++++++++++++++ 11 files changed, 238 insertions(+), 139 deletions(-) create mode 100644 plans/all.fmf delete mode 100644 plans/main.fmf delete mode 100644 plans/podman_e2e_test.sh delete mode 100644 plans/podman_system_test.sh create mode 100644 test/Makefile create mode 100644 test/main.fmf create mode 100644 test/podman-tests.sh diff --git a/.gitignore b/.gitignore index 07fedca..c48dcd9 100644 --- a/.gitignore +++ b/.gitignore @@ -227,3 +227,4 @@ /v2.229.1.tar.gz /v2.230.0.tar.gz /v2.231.0.tar.gz +/packit-tmt-bodhi-reuse.zip diff --git a/.packit.yaml b/.packit.yaml index b066cb5..9d0fa2f 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -2,16 +2,42 @@ # See the documentation for more information: # https://packit.dev/docs/configuration/ -specfile_path: rpm/container-selinux.spec +downstream_package_name: container-selinux upstream_tag_template: v{version} +# Ref: https://packit.dev/docs/configuration#files_to_sync +files_to_sync: + - src: rpm/gating.yaml + dest: gating.yaml + - src: plans/ + dest: plans/ + delete: true + - src: test/ + dest: test/ + delete: true + - src: .fmf/ + dest: .fmf/ + delete: true + - .packit.yaml + +packages: + container-selinux-fedora: + pkg_tool: fedpkg + specfile_path: rpm/container-selinux.spec + container-selinux-centos: + pkg_tool: centpkg + specfile_path: rpm/container-selinux.spec + container-selinux-rhel: + specfile_path: rpm/container-selinux.spec + srpm_build_deps: - make jobs: - job: copr_build trigger: pull_request - notifications: + packages: [container-selinux-fedora] + notifications: &copr_build_failure_notification failure_comment: message: "Ephemeral COPR build failed. @containers/packit-build please check." enable_net: true @@ -19,13 +45,29 @@ jobs: targets: - fedora-all - fedora-eln + + - job: copr_build + trigger: pull_request + packages: [container-selinux-centos] + notifications: *copr_build_failure_notification + enable_net: true + targets: + - centos-stream-9 + - centos-stream-10 + + - job: copr_build + trigger: pull_request + packages: [container-selinux-rhel] + notifications: *copr_build_failure_notification + enable_net: true + targets: - epel-9 - - epel-8 # Run on commit to main branch # Build targets managed in copr settings - job: copr_build trigger: commit + packages: [container-selinux-fedora] notifications: failure_comment: message: "podman-next COPR build failed. @containers/packit-build please check." @@ -35,67 +77,62 @@ jobs: enable_net: true # All tests specified in the `/plans/` subdir - # Podman e2e tests for Fedora and CentOS Stream + # Tests for Fedora - job: tests trigger: pull_request - notifications: + packages: [container-selinux-fedora] + notifications: &test_failure_notification failure_comment: - message: "podman e2e tests failed. @containers/packit-build please check." - targets: &pr_test_targets + message: "Tests failed. @containers/packit-build please check." + targets: - fedora-all - - epel-9 - - epel-8 - identifier: podman_e2e_test - tmt_plan: "/plans/podman_e2e_test" - # Podman system tests for Fedora and CentOS Stream + # Tests for CentOS Stream - job: tests trigger: pull_request - notifications: - failure_comment: - message: "podman system tests failed. @containers/packit-build please check." - targets: *pr_test_targets - identifier: podman_system_test - tmt_plan: "/plans/podman_system_test" + packages: [container-selinux-centos] + notifications: *test_failure_notification + targets: + - centos-stream-9 + - centos-stream-10 - # Podman e2e tests for RHEL + # Tests for RHEL - job: tests trigger: pull_request + packages: [container-selinux-rhel] use_internal_tf: true - notifications: - failure_comment: - message: "podman e2e tests failed on RHEL. @containers/packit-build please check." - targets: &pr_test_targets_rhel + notifications: *test_failure_notification + targets: epel-9-x86_64: distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly] - epel-8-x86_64: - distros: [RHEL-8.9.0-Nightly,RHEL-8-Nightly] - identifier: podman_e2e_test_internal - tmt_plan: "/plans/podman_e2e_test" - - # Podman system tests for RHEL - - job: tests - trigger: pull_request - use_internal_tf: true - notifications: - failure_comment: - message: "podman system tests failed on RHEL. @containers/packit-build please check." - targets: *pr_test_targets_rhel - identifier: podman_system_test_internal - tmt_plan: "/plans/podman_system_test" + # Use centos-stream-10 until we have epel-10 + # TODO: Enable after RHEL-10 gets selinux-policy >= 40.13.1 which is + # already on CentOS Stream 10. + #centos-stream-10-x86_64: + # distros: [RHEL-10-Beta-Nightly] - job: propose_downstream trigger: release update_release: false + packages: [container-selinux-fedora] dist_git_branches: - fedora-all + - job: propose_downstream + trigger: release + update_release: false + packages: [container-selinux-centos] + dist_git_branches: + - c10s + - job: koji_build trigger: commit + packages: [container-selinux-fedora] dist_git_branches: - fedora-all - job: bodhi_update trigger: commit + packages: [container-selinux-fedora] dist_git_branches: - fedora-branched # rawhide updates are created automatically diff --git a/container-selinux.spec b/container-selinux.spec index 87bd464..94c3b2c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -44,9 +44,10 @@ Epoch: 2 Version: 2.231.0 Release: %autorelease License: GPL-2.0-only -URL: https://github.com/containers/%{name} +URL: https://github.com/lsm5/%{name} Summary: SELinux policies for container runtimes -Source0: %{url}/archive/v%{version}.tar.gz +#Source0: %%{url}/archive/v%%{version}.tar.gz +Source0: https://github.com/lsm5/container-selinux/archive/refs/heads/packit-tmt-bodhi-reuse.zip BuildArch: noarch BuildRequires: make BuildRequires: git-core @@ -70,7 +71,8 @@ Conflicts: k3s-selinux <= 0.4-1 SELinux policy modules for use with container runtimes. %prep -%autosetup -Sgit %{name}-%{version} +#%%autosetup -Sgit %%{name}-packit-tmt-bodhi-reuse +%setup -q -n %{name}-packit-tmt-bodhi-reuse sed -i 's/^man: install-policy/man:/' Makefile sed -i 's/^install: man/install:/' Makefile diff --git a/plans/all.fmf b/plans/all.fmf new file mode 100644 index 0000000..b6ec398 --- /dev/null +++ b/plans/all.fmf @@ -0,0 +1,20 @@ +discover: + how: fmf +execute: + how: tmt + +/upstream: + summary: Run SELinux specific Podman tests on upstream PRs + discover+: + filter: tag:upstream + adjust+: + enabled: false + when: initiator is not defined or initiator != packit + +/downstream: + summary: Run SELinux specific Podman e2e tests on bodhi / errata and dist-git PRs + discover+: + filter: tag:downstream + adjust+: + enabled: false + when: initiator == packit diff --git a/plans/main.fmf b/plans/main.fmf deleted file mode 100644 index 81c4835..0000000 --- a/plans/main.fmf +++ /dev/null @@ -1,56 +0,0 @@ -discover: - how: fmf -execute: - how: tmt - -prepare+: - - name: Install bats - how: shell - script: | - BATS_VERSION=1.11.0 - curl -s -L -O https://github.com/bats-core/bats-core/archive/refs/tags/v$BATS_VERSION.tar.gz - tar zxf v$BATS_VERSION.tar.gz - cd bats-core-$BATS_VERSION - ./install.sh /usr - - # Install packages to run podman revdep tests - - how: install - package: - - golang - - iptables - - podman - - podman-tests - -/podman_e2e_test_upstream: - summary: Run SELinux specific Podman e2e tests on upstream PRs - execute+: - script: | - # Install podman-next copr and update from it - bash ./plans/repo_setup.sh - bash ./plans/podman_e2e_test.sh - adjust: - when: trigger == commit - -/podman_e2e_test_downstream: - summary: Run SELinux specific Podman e2e tests on downstream bodhi / errata - execute+: - script: bash ./plans/podman_e2e_test.sh - adjust: - when: trigger == update - -/podman_system_test_upstream: - summary: Run SELinux specific Podman system tests on upstream PRs - execute+: - script: | - # Install podman-next copr and update from it - bash ./plans/repo_setup.sh - bash ./plans/podman_system_test.sh - adjust: - when: trigger == commit - -/podman_system_test_downstream: - summary: Run SELinux specific Podman system tests on downstream bodhi / errata - execute+: - script: bash ./plans/podman_system_test.sh - adjust: - when: trigger == update diff --git a/plans/podman_e2e_test.sh b/plans/podman_e2e_test.sh deleted file mode 100644 index c2b5a27..0000000 --- a/plans/podman_e2e_test.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env bash - -# Do not set -e as we want to work on all results of `rpm -q dnf[5]`. -set -xo pipefail - -cat /etc/redhat-release -rpm -q container-selinux golang podman - -# /tmp is often unsufficient -export TMPDIR=/var/tmp - -# dnf5 contains breaking changes -# Either of `dnf` OR `dnf5` will be installed, never both. -# To fetch srpm, dnf uses `--source`, dnf5 uses `--srpm`. -rpm -q dnf5 -if [[ $? -eq 0 ]]; then - SRPM_OPTS="--srpm" -else - SRPM_OPTS="--source" -fi - -# Fetch and extract latest podman source from the highest priority dnf repo -# NOTE: On upstream pull-requests, the srpm will be fetched from the -# podman-next copr while on bodhi updates, it will be fetched from Fedora's -# official repos. -dnf download $SRPM_OPTS podman -rpm2cpio podman*.src.rpm | cpio -di -tar zxf podman-*.tar.gz - -# Run podman e2e tests -cd podman-*/test/e2e -PODMAN_BINARY=/usr/bin/podman go test -v config.go config_amd64.go common_test.go libpod_suite_test.go run_selinux_test.go diff --git a/plans/podman_system_test.sh b/plans/podman_system_test.sh deleted file mode 100644 index 428145a..0000000 --- a/plans/podman_system_test.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -set -exo pipefail - -cat /etc/redhat-release -rpm -q container-selinux podman podman-tests - -# Run podman system tests -bats /usr/share/podman/test/system/410-selinux.bats diff --git a/sources b/sources index 2755628..be5f9f2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.231.0.tar.gz) = 1e1cf48dda96e72330719ec6b679cbb832e002903c94afee3d3a4754196712026a050bbf619e9b0fdba6efbd1c56aaf1e687cd0436cc3386ac23d5b5a83f6352 +SHA512 (packit-tmt-bodhi-reuse.zip) = 91d25cd7fd97710c2ff1f1330f4f6d25d6ab0e7d17b05e956bb5975bbca9ba72c35276e4a5cd10163838b9ba84e5e30cb868715cbeb5fead6acb98a1697e0eac diff --git a/test/Makefile b/test/Makefile new file mode 100644 index 0000000..083ca93 --- /dev/null +++ b/test/Makefile @@ -0,0 +1,23 @@ +.PHONY: basic_check +basic_check: + semodule --list=full | grep container + semodule -B + +.PHONY: podman_e2e_test_upstream +podman_e2e_test_upstream: + bash ./podman-tests.sh e2e upstream + +.PHONY: podman_e2e_test_downstream +podman_e2e_test_downstream: + bash ./podman-tests.sh e2e downstream + +.PHONY: podman_system_test_upstream +podman_system_test_upstream: + bash ./podman-tests.sh system upstream + +.PHONY: podman_system_test_downstream +podman_system_test_downstream: + bash ./podman-tests.sh system downstream + +clean: + rm -rf podman-*dev* podman.spec diff --git a/test/main.fmf b/test/main.fmf new file mode 100644 index 0000000..6543521 --- /dev/null +++ b/test/main.fmf @@ -0,0 +1,29 @@ +# Only common dependencies that are NOT required to run podman-tests.sh are +# specified here. Everything else is in podman-tests.sh. +require: + - cpio + - make + - policycoreutils + +/basic_check: + summary: Run basic checks + tag: [ upstream, downstream ] + test: make basic_check + +/upstream: + tag: upstream +/upstream/podman_e2e_test: + summary: Run SELinux specific Podman e2e tests on upstream PRs + test: make podman_e2e_test_upstream +/upstream/podman_system_test: + summary: Run SELinux specific Podman system tests on upstream PRs + test: make podman_system_test_upstream + +/downstream: + tag: downstream +/downstream/podman_e2e_test: + summary: Run SELinux specific Podman e2e tests on downstream bodhi / errata and dist-git PRs + test: make podman_e2e_test_downstream +/downstream/podman_system_test: + summary: Run SELinux specific Podman system tests on downstream bodhi / errata and dist-git PRs + test: make podman_system_test_downstream diff --git a/test/podman-tests.sh b/test/podman-tests.sh new file mode 100644 index 0000000..0ff881e --- /dev/null +++ b/test/podman-tests.sh @@ -0,0 +1,84 @@ +#!/usr/bin/env bash + +# Do not set -e as we want to work on all results of `rpm -q dnf[5]`. +set -exo pipefail + +if [ "$(id -u)" -ne 0 ];then + echo "Please run this script as superuser" + exit 1 +fi + +if [[ $1 == '' ]]; then + echo -e "Usage: podman-tests.sh TEST_TYPE STREAM\nTEST_TYPE can be 'e2e' or 'system'\nSTREAM can be 'upstream' or 'downstream'" + exit 1 +fi + +# `rhel` macro exists on RHEL, CentOS Stream, and Fedora ELN +# `centos` macro exists only on CentOS Stream +CENTOS_VERSION=$(rpm --eval '%{?centos}') +RHEL_VERSION=$(rpm --eval '%{?rhel}') + +# For upstream tests, we need to test with podman and other packages from the +# podman-next copr. For downstream tests (bodhi, errata), we don't need any +# additional setup +if [[ $2 == "upstream" ]]; then + # Use CentOS Stream 10 copr target for RHEL-10 until EPEL 10 becomes + # available + if [[ -n $CENTOS_VERSION || $RHEL_VERSION -ge 10 ]]; then + dnf -y copr enable rhcontainerbot/podman-next centos-stream-$CENTOS_VERSION + else + dnf -y copr enable rhcontainerbot/podman-next + fi + echo "priority=5" >> /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:rhcontainerbot:podman-next.repo +fi + +# Remove testing-farm repos if they exist +rm -f /etc/yum.repos.d/tag-repository.repo + +# Install common dependencies for tests +dnf -y install podman + +cat /etc/redhat-release +rpm -q container-selinux podman + +if [[ $1 == "e2e" ]]; then + # Install dependencies for tests + dnf -y install golang + rpm -q golang + + # /tmp is often unsufficient + export TMPDIR=/var/tmp + + # dnf5 contains breaking changes + # Either of `dnf` OR `dnf5` will be installed, never both. + # To fetch srpm, dnf uses `--source`, dnf5 uses `--srpm`. + rpm -q dnf5 && SRPM_OPTS="--srpm" || SRPM_OPTS="--source" + + # Fetch and extract latest podman source from the highest priority dnf repo + # NOTE: On upstream pull-requests, the srpm will be fetched from the + # podman-next copr while on bodhi updates, it will be fetched from Fedora's + # official repos. + dnf download $SRPM_OPTS podman + rpm2cpio podman*.src.rpm | cpio -di + tar zxf *.tar.gz + + # Run podman e2e tests + cd podman-*/test/e2e + PODMAN_BINARY=/usr/bin/podman go test -v config.go config_amd64.go common_test.go libpod_suite_test.go run_selinux_test.go +fi + +if [[ $1 == "system" ]]; then + # Enable EPEL to fetch bats + if [[ -n $(rpm --eval '%{?rhel}') ]]; then + # Until EPEL 10 is available use epel-9 for all RHEL and CentOS Stream + dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm + sed -i 's/$releasever/9/g' /etc/yum.repos.d/epel.repo + fi + + # Install test dependencies + dnf -y install bats podman-tests + rpm -q bats podman-tests + + # Run podman system tests + bats /usr/share/podman/test/system/410-selinux.bats +fi From 8377dcb72ba4c889ac241728b01ee1d98effd42e Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 10 Jun 2024 17:32:34 +0000 Subject: [PATCH 362/381] Update to 2.232.1 upstream release Upstream tag: v2.232.1 Upstream commit: 4ff1a398 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + .packit.yaml | 2 - README.packit | 2 +- container-selinux.spec | 43 ++++++-------------- sources | 2 +- test/podman-tests.sh | 92 +++++++++++++++++++++++++----------------- 6 files changed, 72 insertions(+), 70 deletions(-) diff --git a/.gitignore b/.gitignore index c48dcd9..a973481 100644 --- a/.gitignore +++ b/.gitignore @@ -228,3 +228,4 @@ /v2.230.0.tar.gz /v2.231.0.tar.gz /packit-tmt-bodhi-reuse.zip +/v2.232.1.tar.gz diff --git a/.packit.yaml b/.packit.yaml index 9d0fa2f..4b6cb92 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -113,14 +113,12 @@ jobs: - job: propose_downstream trigger: release - update_release: false packages: [container-selinux-fedora] dist_git_branches: - fedora-all - job: propose_downstream trigger: release - update_release: false packages: [container-selinux-centos] dist_git_branches: - c10s diff --git a/README.packit b/README.packit index bee8d88..d2b528d 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.95.0. +The file was generated using packit 0.97.1.post1.dev6+gc8c0314a. diff --git a/container-selinux.spec b/container-selinux.spec index 94c3b2c..a56b428 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -11,29 +11,24 @@ # Format must contain '$x' somewhere to do anything useful %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; -# RHEL 8 doesn't allow watch and systemd_chat_resolved -%if %{defined rhel} && 0%{?rhel} == 8 -%define no_watch 1 -%define no_systemd_chat_resolved 1 -%global _selinux_policy_version 3.14.3-80.el8 -%endif - # RHEL < 10 and Fedora < 40 use file context entries in /var/run -%if %{defined rhel} && 0%{?rhel} < 10 -%define legacy_var_run 1 -%endif -%if %{defined fedora} && 0%{?fedora} < 40 +%if %{defined rhel} && 0%{?rhel} < 10 || %{defined fedora} && 0%{?fedora} < 40 %define legacy_var_run 1 %endif # https://github.com/containers/container-selinux/issues/203 -%if %{!defined fedora} && %{!defined rhel} || %{defined fedora} && 0%{?fedora} <= 37 || %{defined rhel} && 0%{?rhel} <= 9 +%if %{!defined fedora} && %{!defined rhel} || %{defined rhel} && 0%{?rhel} <= 9 %define no_user_namespace 1 %endif +# copr_build is more intuitive than copr_username +%if %{defined copr_username} +%define copr_build 1 +%endif + Name: container-selinux # Set different Epochs for copr and koji -%if %{defined copr_username} +%if %{defined copr_build} Epoch: 102 %else Epoch: 2 @@ -41,13 +36,12 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.231.0 +Version: 2.232.1 Release: %autorelease License: GPL-2.0-only -URL: https://github.com/lsm5/%{name} +URL: https://github.com/containers/%{name} Summary: SELinux policies for container runtimes -#Source0: %%{url}/archive/v%%{version}.tar.gz -Source0: https://github.com/lsm5/container-selinux/archive/refs/heads/packit-tmt-bodhi-reuse.zip +Source0: %{url}/archive/v%{version}.tar.gz BuildArch: noarch BuildRequires: make BuildRequires: git-core @@ -71,23 +65,11 @@ Conflicts: k3s-selinux <= 0.4-1 SELinux policy modules for use with container runtimes. %prep -#%%autosetup -Sgit %%{name}-packit-tmt-bodhi-reuse -%setup -q -n %{name}-packit-tmt-bodhi-reuse +%autosetup -Sgit %{name}-%{version} sed -i 's/^man: install-policy/man:/' Makefile sed -i 's/^install: man/install:/' Makefile -%if %{defined no_watch} -sed -i 's/watch watch_reads//' container.if -sed -i 's/watch watch_reads//' container.te -sed -i '/sysfs_t:dir watch/d' container.te -sed -i '/fifo_file watch/d' container.te -%endif - -%if %{defined no_systemd_chat_resolved} -sed -i '/^systemd_chat_resolved/d' container.te -%endif - %if %{defined no_user_namespace} sed -i '/user_namespace/d' container.te %endif @@ -140,6 +122,7 @@ fi %{_datadir}/selinux/* %dir %{_datadir}/containers/selinux %{_datadir}/containers/selinux/contexts +%dir %{_datadir}/udica %dir %{_datadir}/udica/templates/ %{_datadir}/udica/templates/* # Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120 diff --git a/sources b/sources index be5f9f2..07ddcc7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (packit-tmt-bodhi-reuse.zip) = 91d25cd7fd97710c2ff1f1330f4f6d25d6ab0e7d17b05e956bb5975bbca9ba72c35276e4a5cd10163838b9ba84e5e30cb868715cbeb5fead6acb98a1697e0eac +SHA512 (v2.232.1.tar.gz) = babaf5f65b639493482392674717284574859e4bbb03e897843265708f4f5cceeb260712cdff09771076d99c18aa89718c0e95dc33839e72e809de9e80079ae2 diff --git a/test/podman-tests.sh b/test/podman-tests.sh index 0ff881e..50a29e2 100644 --- a/test/podman-tests.sh +++ b/test/podman-tests.sh @@ -1,18 +1,20 @@ #!/usr/bin/env bash -# Do not set -e as we want to work on all results of `rpm -q dnf[5]`. set -exo pipefail -if [ "$(id -u)" -ne 0 ];then - echo "Please run this script as superuser" +if [[ "$(id -u)" -ne 0 ]];then + echo "Please run as superuser" exit 1 fi -if [[ $1 == '' ]]; then +if [[ -z "$1" ]]; then echo -e "Usage: podman-tests.sh TEST_TYPE STREAM\nTEST_TYPE can be 'e2e' or 'system'\nSTREAM can be 'upstream' or 'downstream'" exit 1 fi +TEST_TYPE=$1 +STREAM=$2 + # `rhel` macro exists on RHEL, CentOS Stream, and Fedora ELN # `centos` macro exists only on CentOS Stream CENTOS_VERSION=$(rpm --eval '%{?centos}') @@ -21,7 +23,7 @@ RHEL_VERSION=$(rpm --eval '%{?rhel}') # For upstream tests, we need to test with podman and other packages from the # podman-next copr. For downstream tests (bodhi, errata), we don't need any # additional setup -if [[ $2 == "upstream" ]]; then +if [[ "$STREAM" == "upstream" ]]; then # Use CentOS Stream 10 copr target for RHEL-10 until EPEL 10 becomes # available if [[ -n $CENTOS_VERSION || $RHEL_VERSION -ge 10 ]]; then @@ -32,53 +34,71 @@ if [[ $2 == "upstream" ]]; then echo "priority=5" >> /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:rhcontainerbot:podman-next.repo fi -# Remove testing-farm repos if they exist +# Remove testing-farm repos if they exist as these interfere with the packages +# we want to install, especially when podman-next copr is involved rm -f /etc/yum.repos.d/tag-repository.repo -# Install common dependencies for tests -dnf -y install podman +# Fetch and extract latest podman source from the highest priority dnf repo +# NOTE: On upstream pull-requests, the srpm will be fetched from the +# podman-next copr while on bodhi updates, it will be fetched from Fedora's +# official repos. +PODMAN_DIR=$(mktemp -d) +pushd $PODMAN_DIR +# Download podman and podman-tests rpms, along with podman srpm +dnf download podman podman-tests +# Download srpm, srpm opts differ between dnf and dnf5 +rpm -q dnf5 && dnf download --srpm podman || dnf download --source podman + +# Ensure podman-tests RPM and podman SRPM version-release match +# NOTE: podman RPM and podman-tests RPM matching is ensured by podman.spec so +# matching podman-tests and podman srpm is sufficient here. +PODMAN_TESTS_VERSION=$(ls podman-tests* | sed -e "s/.$(uname -m).rpm//" -e "s/podman-tests-//") +PODMAN_SRPM_VERSION=$(ls podman*.src.rpm | sed -e "s/.src.rpm//" -e "s/podman-//") +if [[ "$PODMAN_TESTS_VERSION" != "$PODMAN_SRPM_VERSION" ]]; then + echo "podman-tests and podman srpm version-release don't match" + exit 1 +fi + +# Install downloaded podman and podman-tests rpms +dnf -y install ./podman*.$(uname -m).rpm + +# Extract and untar podman source from srpm +rpm2cpio $(ls podman*.src.rpm) | cpio -di +tar zxf *.tar.gz + +popd + +# Enable EPEL on RHEL/CentOS Stream envs to fetch bats +if [[ -n $(rpm --eval '%{?rhel}') ]]; then + # Until EPEL 10 is available use epel-9 for all RHEL and CentOS Stream + dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm + sed -i 's/$releasever/9/g' /etc/yum.repos.d/epel.repo +fi + +# Install dependencies for running tests +dnf -y install bats golang + +# Print versions of distro and installed packages cat /etc/redhat-release -rpm -q container-selinux podman - -if [[ $1 == "e2e" ]]; then - # Install dependencies for tests - dnf -y install golang - rpm -q golang +rpm -q bats container-selinux golang podman podman-tests selinux-policy +if [[ "$TEST_TYPE" == "e2e" ]]; then # /tmp is often unsufficient export TMPDIR=/var/tmp # dnf5 contains breaking changes # Either of `dnf` OR `dnf5` will be installed, never both. # To fetch srpm, dnf uses `--source`, dnf5 uses `--srpm`. - rpm -q dnf5 && SRPM_OPTS="--srpm" || SRPM_OPTS="--source" - - # Fetch and extract latest podman source from the highest priority dnf repo - # NOTE: On upstream pull-requests, the srpm will be fetched from the - # podman-next copr while on bodhi updates, it will be fetched from Fedora's - # official repos. - dnf download $SRPM_OPTS podman - rpm2cpio podman*.src.rpm | cpio -di - tar zxf *.tar.gz + #rpm -q dnf5 && SRPM_OPTS="--srpm" || SRPM_OPTS="--source" # Run podman e2e tests - cd podman-*/test/e2e + pushd $PODMAN_DIR/podman-*/test/e2e PODMAN_BINARY=/usr/bin/podman go test -v config.go config_amd64.go common_test.go libpod_suite_test.go run_selinux_test.go + popd fi -if [[ $1 == "system" ]]; then - # Enable EPEL to fetch bats - if [[ -n $(rpm --eval '%{?rhel}') ]]; then - # Until EPEL 10 is available use epel-9 for all RHEL and CentOS Stream - dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm - sed -i 's/$releasever/9/g' /etc/yum.repos.d/epel.repo - fi - - # Install test dependencies - dnf -y install bats podman-tests - rpm -q bats podman-tests - +if [[ "$TEST_TYPE" == "system" ]]; then # Run podman system tests bats /usr/share/podman/test/system/410-selinux.bats fi From 1d88ecfc5671417f42184cb232192e8c188f0a08 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 17 Jul 2024 19:56:23 +0000 Subject: [PATCH 363/381] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From b4ebc80e865c58cb49c63fb12b4659b125cf5dc8 Mon Sep 17 00:00:00 2001 From: Packit Date: Wed, 11 Sep 2024 14:00:39 +0000 Subject: [PATCH 364/381] Update to 2.233.0 upstream release Upstream tag: v2.233.0 Upstream commit: cc5da8a9 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + .packit.yaml | 29 ++++++++++++++++++++--------- README.packit | 2 +- container-selinux.spec | 2 +- plans/all.fmf | 2 +- sources | 2 +- test/Makefile | 20 ++++++-------------- test/main.fmf | 26 +++++++++----------------- test/podman-tests.sh | 33 ++++----------------------------- 9 files changed, 44 insertions(+), 73 deletions(-) diff --git a/.gitignore b/.gitignore index a973481..d168437 100644 --- a/.gitignore +++ b/.gitignore @@ -229,3 +229,4 @@ /v2.231.0.tar.gz /packit-tmt-bodhi-reuse.zip /v2.232.1.tar.gz +/v2.233.0.tar.gz diff --git a/.packit.yaml b/.packit.yaml index 4b6cb92..2f048d0 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -9,6 +9,7 @@ upstream_tag_template: v{version} files_to_sync: - src: rpm/gating.yaml dest: gating.yaml + delete: true - src: plans/ dest: plans/ delete: true @@ -51,7 +52,7 @@ jobs: packages: [container-selinux-centos] notifications: *copr_build_failure_notification enable_net: true - targets: + targets: ¢os_targets - centos-stream-9 - centos-stream-10 @@ -86,15 +87,23 @@ jobs: message: "Tests failed. @containers/packit-build please check." targets: - fedora-all + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo # Tests for CentOS Stream - job: tests trigger: pull_request packages: [container-selinux-centos] notifications: *test_failure_notification - targets: - - centos-stream-9 - - centos-stream-10 + targets: *centos_targets + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo # Tests for RHEL - job: tests @@ -105,11 +114,13 @@ jobs: targets: epel-9-x86_64: distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly] - # Use centos-stream-10 until we have epel-10 - # TODO: Enable after RHEL-10 gets selinux-policy >= 40.13.1 which is - # already on CentOS Stream 10. - #centos-stream-10-x86_64: - # distros: [RHEL-10-Beta-Nightly] + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/epel-$releasever/rhcontainerbot-podman-next-epel-$releasever.repo + - type: repository-file + id: https://src.fedoraproject.org/rpms/epel-release/raw/epel9/f/epel.repo - job: propose_downstream trigger: release diff --git a/README.packit b/README.packit index d2b528d..459869a 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.97.1.post1.dev6+gc8c0314a. +The file was generated using packit 0.101.0. diff --git a/container-selinux.spec b/container-selinux.spec index a56b428..cc61060 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -36,7 +36,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.232.1 +Version: 2.233.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/plans/all.fmf b/plans/all.fmf index b6ec398..9e0d10b 100644 --- a/plans/all.fmf +++ b/plans/all.fmf @@ -12,7 +12,7 @@ execute: when: initiator is not defined or initiator != packit /downstream: - summary: Run SELinux specific Podman e2e tests on bodhi / errata and dist-git PRs + summary: Run SELinux specific Podman tests on bodhi / errata and dist-git PRs discover+: filter: tag:downstream adjust+: diff --git a/sources b/sources index 07ddcc7..e8e9fbc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.232.1.tar.gz) = babaf5f65b639493482392674717284574859e4bbb03e897843265708f4f5cceeb260712cdff09771076d99c18aa89718c0e95dc33839e72e809de9e80079ae2 +SHA512 (v2.233.0.tar.gz) = f79380a3312cb57953bc1286ba7dcdbf29ab95ce72de79c5bac1eb6c4401d2bcb0c9875802c7198a9680af19affb34170581c609180408b21cc27cf680c3feb4 diff --git a/test/Makefile b/test/Makefile index 083ca93..5fee1ea 100644 --- a/test/Makefile +++ b/test/Makefile @@ -3,21 +3,13 @@ basic_check: semodule --list=full | grep container semodule -B -.PHONY: podman_e2e_test_upstream -podman_e2e_test_upstream: - bash ./podman-tests.sh e2e upstream +.PHONY: podman_e2e_test +podman_e2e_test: + bash ./podman-tests.sh e2e -.PHONY: podman_e2e_test_downstream -podman_e2e_test_downstream: - bash ./podman-tests.sh e2e downstream - -.PHONY: podman_system_test_upstream -podman_system_test_upstream: - bash ./podman-tests.sh system upstream - -.PHONY: podman_system_test_downstream -podman_system_test_downstream: - bash ./podman-tests.sh system downstream +.PHONY: podman_system_test +podman_system_test: + bash ./podman-tests.sh system clean: rm -rf podman-*dev* podman.spec diff --git a/test/main.fmf b/test/main.fmf index 6543521..8c30075 100644 --- a/test/main.fmf +++ b/test/main.fmf @@ -6,24 +6,16 @@ require: - policycoreutils /basic_check: - summary: Run basic checks tag: [ upstream, downstream ] + summary: Run basic checks test: make basic_check -/upstream: - tag: upstream -/upstream/podman_e2e_test: - summary: Run SELinux specific Podman e2e tests on upstream PRs - test: make podman_e2e_test_upstream -/upstream/podman_system_test: - summary: Run SELinux specific Podman system tests on upstream PRs - test: make podman_system_test_upstream +/podman_e2e_test: + tag: [ upstream, downstream ] + summary: Run SELinux specific Podman e2e tests + test: make podman_e2e_test -/downstream: - tag: downstream -/downstream/podman_e2e_test: - summary: Run SELinux specific Podman e2e tests on downstream bodhi / errata and dist-git PRs - test: make podman_e2e_test_downstream -/downstream/podman_system_test: - summary: Run SELinux specific Podman system tests on downstream bodhi / errata and dist-git PRs - test: make podman_system_test_downstream +/podman_system_test: + tag: [ upstream, downstream ] + summary: Run SELinux specific Podman system tests + test: make podman_system_test diff --git a/test/podman-tests.sh b/test/podman-tests.sh index 50a29e2..b758cc8 100644 --- a/test/podman-tests.sh +++ b/test/podman-tests.sh @@ -2,37 +2,19 @@ set -exo pipefail +cat /etc/redhat-release + if [[ "$(id -u)" -ne 0 ]];then echo "Please run as superuser" exit 1 fi if [[ -z "$1" ]]; then - echo -e "Usage: podman-tests.sh TEST_TYPE STREAM\nTEST_TYPE can be 'e2e' or 'system'\nSTREAM can be 'upstream' or 'downstream'" + echo -e "Usage: $(basename ${BASH_SOURCE[0]}) TEST_TYPE\nTEST_TYPE can be 'e2e' or 'system'\n" exit 1 fi TEST_TYPE=$1 -STREAM=$2 - -# `rhel` macro exists on RHEL, CentOS Stream, and Fedora ELN -# `centos` macro exists only on CentOS Stream -CENTOS_VERSION=$(rpm --eval '%{?centos}') -RHEL_VERSION=$(rpm --eval '%{?rhel}') - -# For upstream tests, we need to test with podman and other packages from the -# podman-next copr. For downstream tests (bodhi, errata), we don't need any -# additional setup -if [[ "$STREAM" == "upstream" ]]; then - # Use CentOS Stream 10 copr target for RHEL-10 until EPEL 10 becomes - # available - if [[ -n $CENTOS_VERSION || $RHEL_VERSION -ge 10 ]]; then - dnf -y copr enable rhcontainerbot/podman-next centos-stream-$CENTOS_VERSION - else - dnf -y copr enable rhcontainerbot/podman-next - fi - echo "priority=5" >> /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:rhcontainerbot:podman-next.repo -fi # Remove testing-farm repos if they exist as these interfere with the packages # we want to install, especially when podman-next copr is involved @@ -69,18 +51,11 @@ tar zxf *.tar.gz popd -# Enable EPEL on RHEL/CentOS Stream envs to fetch bats -if [[ -n $(rpm --eval '%{?rhel}') ]]; then - # Until EPEL 10 is available use epel-9 for all RHEL and CentOS Stream - dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm - sed -i 's/$releasever/9/g' /etc/yum.repos.d/epel.repo -fi - # Install dependencies for running tests +# NOTE: bats will be fetched from Fedora repos on public testing-farm envs if EPEL repo is absent or disabled. dnf -y install bats golang # Print versions of distro and installed packages -cat /etc/redhat-release rpm -q bats container-selinux golang podman podman-tests selinux-policy if [[ "$TEST_TYPE" == "e2e" ]]; then From edda101018b1210c0b1a1d463b0ccacb1f716059 Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 11 Nov 2024 12:09:59 +0000 Subject: [PATCH 365/381] Update to 2.234.1 upstream release Upstream tag: v2.234.1 Upstream commit: 8ba68ee9 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + .packit.yaml | 51 ++++++++++++++---------------------------- README.packit | 2 +- container-selinux.spec | 25 +++++++++++---------- sources | 2 +- test/Makefile | 1 + 6 files changed, 34 insertions(+), 48 deletions(-) diff --git a/.gitignore b/.gitignore index d168437..0c07861 100644 --- a/.gitignore +++ b/.gitignore @@ -230,3 +230,4 @@ /packit-tmt-bodhi-reuse.zip /v2.232.1.tar.gz /v2.233.0.tar.gz +/v2.234.1.tar.gz diff --git a/.packit.yaml b/.packit.yaml index 2f048d0..c9b56ad 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -28,7 +28,7 @@ packages: container-selinux-centos: pkg_tool: centpkg specfile_path: rpm/container-selinux.spec - container-selinux-rhel: + container-selinux-eln: specfile_path: rpm/container-selinux.spec srpm_build_deps: @@ -43,8 +43,18 @@ jobs: message: "Ephemeral COPR build failed. @containers/packit-build please check." enable_net: true # container-selinux is noarch so we only need to test on one arch + targets: &fedora_copr_targets + - fedora-development + - fedora-latest + - fedora-ltest-stable + - fedora-40 + + - job: copr_build + trigger: pull_request + packages: [container-selinux-eln] + notifications: *copr_build_failure_notification + enable_net: true targets: - - fedora-all - fedora-eln - job: copr_build @@ -52,18 +62,10 @@ jobs: packages: [container-selinux-centos] notifications: *copr_build_failure_notification enable_net: true - targets: ¢os_targets + targets: ¢os_copr_targets - centos-stream-9 - centos-stream-10 - - job: copr_build - trigger: pull_request - packages: [container-selinux-rhel] - notifications: *copr_build_failure_notification - enable_net: true - targets: - - epel-9 - # Run on commit to main branch # Build targets managed in copr settings - job: copr_build @@ -85,8 +87,7 @@ jobs: notifications: &test_failure_notification failure_comment: message: "Tests failed. @containers/packit-build please check." - targets: - - fedora-all + targets: *fedora_copr_targets tf_extra_params: environments: - artifacts: @@ -98,34 +99,17 @@ jobs: trigger: pull_request packages: [container-selinux-centos] notifications: *test_failure_notification - targets: *centos_targets + targets: *centos_copr_targets tf_extra_params: environments: - artifacts: - type: repository-file id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo - # Tests for RHEL - - job: tests - trigger: pull_request - packages: [container-selinux-rhel] - use_internal_tf: true - notifications: *test_failure_notification - targets: - epel-9-x86_64: - distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly] - tf_extra_params: - environments: - - artifacts: - - type: repository-file - id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/epel-$releasever/rhcontainerbot-podman-next-epel-$releasever.repo - - type: repository-file - id: https://src.fedoraproject.org/rpms/epel-release/raw/epel9/f/epel.repo - - job: propose_downstream trigger: release packages: [container-selinux-fedora] - dist_git_branches: + dist_git_branches: &fedora_targets - fedora-all - job: propose_downstream @@ -137,8 +121,7 @@ jobs: - job: koji_build trigger: commit packages: [container-selinux-fedora] - dist_git_branches: - - fedora-all + dist_git_branches: *fedora_targets - job: bodhi_update trigger: commit diff --git a/README.packit b/README.packit index 459869a..1b4760d 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.101.0. +The file was generated using packit 0.102.2.post1.dev4+g3142fcf8. diff --git a/container-selinux.spec b/container-selinux.spec index cc61060..646c38a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,6 @@ # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package -%global selinuxtype targeted %global moduletype services %global modulenames container @@ -36,7 +35,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.233.0 +Version: 2.234.1 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} @@ -51,7 +50,8 @@ BuildRequires: selinux-policy-devel >= %_selinux_policy_version # RE: rhbz#1195804 - ensure min NVR for selinux-policy Requires: selinux-policy >= %_selinux_policy_version Requires(post): selinux-policy-base >= %_selinux_policy_version -Requires(post): selinux-policy-targeted >= %_selinux_policy_version +Requires(post): selinux-policy-any >= %_selinux_policy_version +Recommends: selinux-policy-targeted >= %_selinux_policy_version Requires(post): policycoreutils Requires(post): libselinux-utils Requires(post): sed @@ -90,7 +90,7 @@ make rm %{buildroot}%{_mandir}/man8/container_selinux.8 %pre -%selinux_relabel_pre -s %{selinuxtype} +%selinux_relabel_pre %post # Install all modules in a single transaction @@ -98,21 +98,21 @@ if [ $1 -eq 1 ]; then %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2 -%{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null -%{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null -%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null -%selinux_modules_install -s %{selinuxtype} $MODULES . %{_sysconfdir}/selinux/config +%{_sbindir}/semodule -n -s ${SELINUXTYPE} -r container 2> /dev/null +%{_sbindir}/semodule -n -s ${SELINUXTYPE} -d docker 2> /dev/null +%{_sbindir}/semodule -n -s ${SELINUXTYPE} -d gear 2> /dev/null +%selinux_modules_install -s ${SELINUXTYPE} $MODULES sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || : %postun if [ $1 -eq 0 ]; then - %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker + %selinux_modules_uninstall %{modulenames} docker fi %posttrans -%selinux_relabel_post -s %{selinuxtype} +%selinux_relabel_post #define license tag if not already defined %{!?_licensedir:%global license %doc} @@ -127,8 +127,9 @@ fi %{_datadir}/udica/templates/* # Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120 #%%{_mandir}/man8/container_selinux.8.gz -%{_sysconfdir}/selinux/targeted/contexts/users/* -%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulenames} +%{_sysconfdir}/selinux/targeted/contexts/users/container_u +%ghost %verify(not mode) %{_selinux_store_path}/targeted/active/modules/200/%{modulenames} +%ghost %verify(not mode) %{_selinux_store_path}/mls/active/modules/200/%{modulenames} %triggerpostun -- container-selinux < 2:2.162.1-3 if %{_sbindir}/selinuxenabled ; then diff --git a/sources b/sources index e8e9fbc..3c5862b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.233.0.tar.gz) = f79380a3312cb57953bc1286ba7dcdbf29ab95ce72de79c5bac1eb6c4401d2bcb0c9875802c7198a9680af19affb34170581c609180408b21cc27cf680c3feb4 +SHA512 (v2.234.1.tar.gz) = 6ffc70aa42134aec10eaf5f5b4b10a0481309e4285a419d65df9afabc033a34c86147fade0640e7b641b89aaaea3c525ae23700bea675ea6a1319c8fdb7a1859 diff --git a/test/Makefile b/test/Makefile index 5fee1ea..9088bd9 100644 --- a/test/Makefile +++ b/test/Makefile @@ -2,6 +2,7 @@ basic_check: semodule --list=full | grep container semodule -B + rpm -Vqf /var/lib/selinux/*/active/modules/200/container .PHONY: podman_e2e_test podman_e2e_test: From 038f1b6063dc8a9960157896a00a0f33121c6e7d Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 11 Nov 2024 14:12:33 +0000 Subject: [PATCH 366/381] Update to 2.234.2 upstream release Upstream tag: v2.234.2 Upstream commit: cd0a1758 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 7 ++----- sources | 2 +- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 0c07861..2069158 100644 --- a/.gitignore +++ b/.gitignore @@ -231,3 +231,4 @@ /v2.232.1.tar.gz /v2.233.0.tar.gz /v2.234.1.tar.gz +/v2.234.2.tar.gz diff --git a/README.packit b/README.packit index 1b4760d..c18262a 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.102.2.post1.dev4+g3142fcf8. +The file was generated using packit 0.103.0. diff --git a/container-selinux.spec b/container-selinux.spec index 646c38a..e34b6fd 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -35,7 +35,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.234.1 +Version: 2.234.2 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} @@ -86,9 +86,6 @@ make %_format MODULES $x.pp.bz2 %{__make} DATADIR=%{buildroot}%{_datadir} SYSCONFDIR=%{buildroot}%{_sysconfdir} install install.udica-templates install.selinux-user -# Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120 -rm %{buildroot}%{_mandir}/man8/container_selinux.8 - %pre %selinux_relabel_pre @@ -126,7 +123,7 @@ fi %dir %{_datadir}/udica/templates/ %{_datadir}/udica/templates/* # Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120 -#%%{_mandir}/man8/container_selinux.8.gz +%{_mandir}/man8/container_selinux.8.gz %{_sysconfdir}/selinux/targeted/contexts/users/container_u %ghost %verify(not mode) %{_selinux_store_path}/targeted/active/modules/200/%{modulenames} %ghost %verify(not mode) %{_selinux_store_path}/mls/active/modules/200/%{modulenames} diff --git a/sources b/sources index 3c5862b..1703887 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.234.1.tar.gz) = 6ffc70aa42134aec10eaf5f5b4b10a0481309e4285a419d65df9afabc033a34c86147fade0640e7b641b89aaaea3c525ae23700bea675ea6a1319c8fdb7a1859 +SHA512 (v2.234.2.tar.gz) = 2ec931ca1bf3f62659944389ef9679c6bc283aa001c275ef84e5be0430e79090ec20a993cccd24c4122f7adc3bcf8338489e09b1e5ad548fde1eef840022281c From c2d42deedf06526ec01b5492de41d4dec146d7c6 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 26 Dec 2024 15:35:49 +0530 Subject: [PATCH 367/381] TMT: sync tests with upstream Signed-off-by: Lokesh Mandvekar --- plans/all.fmf | 20 ------------- plans/main.fmf | 40 ++++++++++++++++++++++++++ test/main.fmf | 12 ++++---- test/podman-tests.sh | 67 ++------------------------------------------ 4 files changed, 47 insertions(+), 92 deletions(-) delete mode 100644 plans/all.fmf create mode 100644 plans/main.fmf diff --git a/plans/all.fmf b/plans/all.fmf deleted file mode 100644 index 9e0d10b..0000000 --- a/plans/all.fmf +++ /dev/null @@ -1,20 +0,0 @@ -discover: - how: fmf -execute: - how: tmt - -/upstream: - summary: Run SELinux specific Podman tests on upstream PRs - discover+: - filter: tag:upstream - adjust+: - enabled: false - when: initiator is not defined or initiator != packit - -/downstream: - summary: Run SELinux specific Podman tests on bodhi / errata and dist-git PRs - discover+: - filter: tag:downstream - adjust+: - enabled: false - when: initiator == packit diff --git a/plans/main.fmf b/plans/main.fmf new file mode 100644 index 0000000..2e13af5 --- /dev/null +++ b/plans/main.fmf @@ -0,0 +1,40 @@ +discover: + how: fmf +execute: + how: tmt +adjust: + - when: initiator == packit + because: "We need to test with updated packages from rhcontainerbot/podman-next copr" + prepare+: + how: shell + script: | + sed -i -n '/^priority=/!p;$apriority=1' /etc/yum.repos.d/*podman-next*.repo + dnf -y upgrade --allowerasing + # FIXME: Use epel10 once bats is available there + - when: distro == centos-stream-10 or distro == rhel-10 + because: "bats isn't yet available on epel10" + prepare+: + how: install + copr: rhcontainerbot/bats-el10 + package: bats + - when: distro == centos-stream-9 or distro == rhel-9 + because: "bats is present on EPEL on rhel9 / c9s" + prepare+: + how: feature + epel: enabled + +/upstream: + summary: Run SELinux specific Podman tests on upstream PRs + discover+: + filter: tag:upstream + adjust+: + - enabled: false + when: initiator is not defined or initiator != packit + +/downstream: + summary: Run SELinux specific Podman tests on bodhi / errata and dist-git PRs + discover+: + filter: tag:downstream + adjust+: + - enabled: false + when: initiator == packit diff --git a/test/main.fmf b/test/main.fmf index 8c30075..bded6bc 100644 --- a/test/main.fmf +++ b/test/main.fmf @@ -1,8 +1,11 @@ -# Only common dependencies that are NOT required to run podman-tests.sh are -# specified here. Everything else is in podman-tests.sh. require: + - bats + - container-selinux - cpio + - golang - make + - podman + - podman-tests - policycoreutils /basic_check: @@ -10,11 +13,6 @@ require: summary: Run basic checks test: make basic_check -/podman_e2e_test: - tag: [ upstream, downstream ] - summary: Run SELinux specific Podman e2e tests - test: make podman_e2e_test - /podman_system_test: tag: [ upstream, downstream ] summary: Run SELinux specific Podman system tests diff --git a/test/podman-tests.sh b/test/podman-tests.sh index b758cc8..0033d25 100644 --- a/test/podman-tests.sh +++ b/test/podman-tests.sh @@ -9,71 +9,8 @@ if [[ "$(id -u)" -ne 0 ]];then exit 1 fi -if [[ -z "$1" ]]; then - echo -e "Usage: $(basename ${BASH_SOURCE[0]}) TEST_TYPE\nTEST_TYPE can be 'e2e' or 'system'\n" - exit 1 -fi - -TEST_TYPE=$1 - -# Remove testing-farm repos if they exist as these interfere with the packages -# we want to install, especially when podman-next copr is involved -rm -f /etc/yum.repos.d/tag-repository.repo - -# Fetch and extract latest podman source from the highest priority dnf repo -# NOTE: On upstream pull-requests, the srpm will be fetched from the -# podman-next copr while on bodhi updates, it will be fetched from Fedora's -# official repos. -PODMAN_DIR=$(mktemp -d) -pushd $PODMAN_DIR - -# Download podman and podman-tests rpms, along with podman srpm -dnf download podman podman-tests -# Download srpm, srpm opts differ between dnf and dnf5 -rpm -q dnf5 && dnf download --srpm podman || dnf download --source podman - -# Ensure podman-tests RPM and podman SRPM version-release match -# NOTE: podman RPM and podman-tests RPM matching is ensured by podman.spec so -# matching podman-tests and podman srpm is sufficient here. -PODMAN_TESTS_VERSION=$(ls podman-tests* | sed -e "s/.$(uname -m).rpm//" -e "s/podman-tests-//") -PODMAN_SRPM_VERSION=$(ls podman*.src.rpm | sed -e "s/.src.rpm//" -e "s/podman-//") -if [[ "$PODMAN_TESTS_VERSION" != "$PODMAN_SRPM_VERSION" ]]; then - echo "podman-tests and podman srpm version-release don't match" - exit 1 -fi - -# Install downloaded podman and podman-tests rpms -dnf -y install ./podman*.$(uname -m).rpm - -# Extract and untar podman source from srpm -rpm2cpio $(ls podman*.src.rpm) | cpio -di -tar zxf *.tar.gz - -popd - -# Install dependencies for running tests -# NOTE: bats will be fetched from Fedora repos on public testing-farm envs if EPEL repo is absent or disabled. -dnf -y install bats golang - # Print versions of distro and installed packages rpm -q bats container-selinux golang podman podman-tests selinux-policy -if [[ "$TEST_TYPE" == "e2e" ]]; then - # /tmp is often unsufficient - export TMPDIR=/var/tmp - - # dnf5 contains breaking changes - # Either of `dnf` OR `dnf5` will be installed, never both. - # To fetch srpm, dnf uses `--source`, dnf5 uses `--srpm`. - #rpm -q dnf5 && SRPM_OPTS="--srpm" || SRPM_OPTS="--source" - - # Run podman e2e tests - pushd $PODMAN_DIR/podman-*/test/e2e - PODMAN_BINARY=/usr/bin/podman go test -v config.go config_amd64.go common_test.go libpod_suite_test.go run_selinux_test.go - popd -fi - -if [[ "$TEST_TYPE" == "system" ]]; then - # Run podman system tests - bats /usr/share/podman/test/system/410-selinux.bats -fi +# Run podman system tests +bats /usr/share/podman/test/system/410-selinux.bats From 67ab29b766617e11fd06df08c1f94f6accba25cd Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 16 Jan 2025 14:27:37 +0000 Subject: [PATCH 368/381] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From 58f6209191b5fe9d0353db218b8cfab135e4a555 Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 24 Feb 2025 10:42:38 +0000 Subject: [PATCH 369/381] Update to 2.235.0 upstream release Upstream tag: v2.235.0 Upstream commit: c9b3eca0 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + .packit.yaml | 17 ++++++++------ README.packit | 2 +- container-selinux.spec | 4 ++-- gating.yaml | 4 +++- plans/main.fmf | 50 +++++++++++++----------------------------- sources | 2 +- test/Makefile | 16 -------------- test/main.fmf | 14 +++++------- test/podman-tests.sh | 2 +- 10 files changed, 40 insertions(+), 72 deletions(-) delete mode 100644 test/Makefile diff --git a/.gitignore b/.gitignore index 2069158..abf490c 100644 --- a/.gitignore +++ b/.gitignore @@ -232,3 +232,4 @@ /v2.233.0.tar.gz /v2.234.1.tar.gz /v2.234.2.tar.gz +/v2.235.0.tar.gz diff --git a/.packit.yaml b/.packit.yaml index c9b56ad..cc1d83b 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -13,9 +13,11 @@ files_to_sync: - src: plans/ dest: plans/ delete: true + mkpath: true - src: test/ dest: test/ delete: true + mkpath: true - src: .fmf/ dest: .fmf/ delete: true @@ -44,10 +46,8 @@ jobs: enable_net: true # container-selinux is noarch so we only need to test on one arch targets: &fedora_copr_targets - - fedora-development - - fedora-latest - - fedora-ltest-stable - - fedora-40 + - fedora-all-x86_64 + - fedora-all-aarch64 - job: copr_build trigger: pull_request @@ -55,7 +55,8 @@ jobs: notifications: *copr_build_failure_notification enable_net: true targets: - - fedora-eln + - fedora-eln-x86_64 + - fedora-eln-aarch64 - job: copr_build trigger: pull_request @@ -63,8 +64,10 @@ jobs: notifications: *copr_build_failure_notification enable_net: true targets: ¢os_copr_targets - - centos-stream-9 - - centos-stream-10 + - centos-stream-9-x86_64 + - centos-stream-9-aarch64 + - centos-stream-10-x86_64 + - centos-stream-10-aarch64 # Run on commit to main branch # Build targets managed in copr settings diff --git a/README.packit b/README.packit index c18262a..2cdc258 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.103.0. +The file was generated using packit 1.1.1.post1.dev1+g7c5e02df. diff --git a/container-selinux.spec b/container-selinux.spec index e34b6fd..6fd90dd 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -30,12 +30,12 @@ Name: container-selinux %if %{defined copr_build} Epoch: 102 %else -Epoch: 2 +Epoch: 4 %endif # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.234.2 +Version: 2.235.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/gating.yaml b/gating.yaml index dbb1d91..8f949e2 100644 --- a/gating.yaml +++ b/gating.yaml @@ -1,7 +1,9 @@ --- !Policy product_versions: - fedora-* -decision_context: bodhi_update_push_stable +decision_context: + - bodhi_update_push_stable + - bodhi_update_push_testing rules: - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} diff --git a/plans/main.fmf b/plans/main.fmf index 2e13af5..baa8b2f 100644 --- a/plans/main.fmf +++ b/plans/main.fmf @@ -2,39 +2,19 @@ discover: how: fmf execute: how: tmt -adjust: +prepare: + - when: distro == centos-stream or distro == rhel + how: shell + script: | + dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm + dnf -y config-manager --set-enabled epel + order: 10 - when: initiator == packit - because: "We need to test with updated packages from rhcontainerbot/podman-next copr" - prepare+: - how: shell - script: | - sed -i -n '/^priority=/!p;$apriority=1' /etc/yum.repos.d/*podman-next*.repo - dnf -y upgrade --allowerasing - # FIXME: Use epel10 once bats is available there - - when: distro == centos-stream-10 or distro == rhel-10 - because: "bats isn't yet available on epel10" - prepare+: - how: install - copr: rhcontainerbot/bats-el10 - package: bats - - when: distro == centos-stream-9 or distro == rhel-9 - because: "bats is present on EPEL on rhel9 / c9s" - prepare+: - how: feature - epel: enabled - -/upstream: - summary: Run SELinux specific Podman tests on upstream PRs - discover+: - filter: tag:upstream - adjust+: - - enabled: false - when: initiator is not defined or initiator != packit - -/downstream: - summary: Run SELinux specific Podman tests on bodhi / errata and dist-git PRs - discover+: - filter: tag:downstream - adjust+: - - enabled: false - when: initiator == packit + how: shell + script: | + COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo" + if compgen -G $COPR_REPO_FILE > /dev/null; then + sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE + fi + dnf -y upgrade --allowerasing + order: 20 diff --git a/sources b/sources index 1703887..1602c69 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.234.2.tar.gz) = 2ec931ca1bf3f62659944389ef9679c6bc283aa001c275ef84e5be0430e79090ec20a993cccd24c4122f7adc3bcf8338489e09b1e5ad548fde1eef840022281c +SHA512 (v2.235.0.tar.gz) = 5d422ffe69e994d2b30460bef39598ccac52d3607a23dd15e300374f1704c6e5883069aa74cb3b362b9545f4dd4e048b6e9893a6086cbba53e9d5f8185b2ffd2 diff --git a/test/Makefile b/test/Makefile deleted file mode 100644 index 9088bd9..0000000 --- a/test/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -.PHONY: basic_check -basic_check: - semodule --list=full | grep container - semodule -B - rpm -Vqf /var/lib/selinux/*/active/modules/200/container - -.PHONY: podman_e2e_test -podman_e2e_test: - bash ./podman-tests.sh e2e - -.PHONY: podman_system_test -podman_system_test: - bash ./podman-tests.sh system - -clean: - rm -rf podman-*dev* podman.spec diff --git a/test/main.fmf b/test/main.fmf index bded6bc..4b186d5 100644 --- a/test/main.fmf +++ b/test/main.fmf @@ -1,19 +1,17 @@ require: + - attr - bats - container-selinux - - cpio - - golang - - make - - podman - podman-tests - policycoreutils /basic_check: - tag: [ upstream, downstream ] summary: Run basic checks - test: make basic_check + test: | + semodule --list=full | grep container + semodule -B + rpm -Vqf /var/lib/selinux/*/active/modules/200/container /podman_system_test: - tag: [ upstream, downstream ] summary: Run SELinux specific Podman system tests - test: make podman_system_test + test: bash ./podman-tests.sh diff --git a/test/podman-tests.sh b/test/podman-tests.sh index 0033d25..faa504b 100644 --- a/test/podman-tests.sh +++ b/test/podman-tests.sh @@ -10,7 +10,7 @@ if [[ "$(id -u)" -ne 0 ]];then fi # Print versions of distro and installed packages -rpm -q bats container-selinux golang podman podman-tests selinux-policy +rpm -q bats container-selinux podman podman-tests policycoreutils selinux-policy # Run podman system tests bats /usr/share/podman/test/system/410-selinux.bats From a15b46699ba2930583bd677a292cfc1ce7df64e5 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 24 Feb 2025 17:01:52 +0530 Subject: [PATCH 370/381] fix gating.yaml --- gating.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gating.yaml b/gating.yaml index 8f949e2..c692db7 100644 --- a/gating.yaml +++ b/gating.yaml @@ -1,7 +1,7 @@ --- !Policy product_versions: - fedora-* -decision_context: +decision_contexts: - bodhi_update_push_stable - bodhi_update_push_testing rules: From 5c4e72179b5f16ca28ee0d03a08322e6e9d00912 Mon Sep 17 00:00:00 2001 From: Packit Date: Thu, 13 Mar 2025 20:26:37 +0000 Subject: [PATCH 371/381] Update to 2.236.0 upstream release Upstream tag: v2.236.0 Upstream commit: 4244f856 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index abf490c..1dfba9e 100644 --- a/.gitignore +++ b/.gitignore @@ -233,3 +233,4 @@ /v2.234.1.tar.gz /v2.234.2.tar.gz /v2.235.0.tar.gz +/v2.236.0.tar.gz diff --git a/README.packit b/README.packit index 2cdc258..f5cc99f 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 1.1.1.post1.dev1+g7c5e02df. +The file was generated using packit 1.2.0.post1.dev13+g55ed4527. diff --git a/container-selinux.spec b/container-selinux.spec index 6fd90dd..cf61d09 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -35,7 +35,7 @@ Epoch: 4 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.235.0 +Version: 2.236.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 1602c69..f7b9b50 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.235.0.tar.gz) = 5d422ffe69e994d2b30460bef39598ccac52d3607a23dd15e300374f1704c6e5883069aa74cb3b362b9545f4dd4e048b6e9893a6086cbba53e9d5f8185b2ffd2 +SHA512 (v2.236.0.tar.gz) = 02f4cf1549bbe8c647fc2d2af9f239a23b47e67964d2ee66a45578b6494a9257185f210a61a3e666470489698760b6dd336db3e6a867002fdac68f64689d3841 From 1b9c808c738d24f95cfe5d479f4ffc9ce606276f Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 28 Apr 2025 19:06:43 +0000 Subject: [PATCH 372/381] Update to 2.237.0 upstream release Upstream tag: v2.237.0 Upstream commit: d7e420a1 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 5 ++++- sources | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 1dfba9e..b1d1698 100644 --- a/.gitignore +++ b/.gitignore @@ -234,3 +234,4 @@ /v2.234.2.tar.gz /v2.235.0.tar.gz /v2.236.0.tar.gz +/v2.237.0.tar.gz diff --git a/README.packit b/README.packit index f5cc99f..807ffc6 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 1.2.0.post1.dev13+g55ed4527. +The file was generated using packit 1.6.0.post1.dev2+gd5a7662a. diff --git a/container-selinux.spec b/container-selinux.spec index cf61d09..afe8b30 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -35,7 +35,7 @@ Epoch: 4 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.236.0 +Version: 2.237.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} @@ -111,6 +111,9 @@ fi %posttrans %selinux_relabel_post +# Empty placeholder check to silence rpmlint +%check + #define license tag if not already defined %{!?_licensedir:%global license %doc} diff --git a/sources b/sources index f7b9b50..907c8b1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.236.0.tar.gz) = 02f4cf1549bbe8c647fc2d2af9f239a23b47e67964d2ee66a45578b6494a9257185f210a61a3e666470489698760b6dd336db3e6a867002fdac68f64689d3841 +SHA512 (v2.237.0.tar.gz) = 39226dc5474934eb509bde812a7df3647d38c69d33ff3d54d0774286d1bc325dae867280571d3681e23a334aa785acfb6a1c22ca2f3df6031f95d005145930df From 556c1de55498dc30db550ad67f0e63a7d7de4d90 Mon Sep 17 00:00:00 2001 From: Packit Date: Fri, 30 May 2025 18:02:24 +0000 Subject: [PATCH 373/381] Update to 2.238.0 upstream release Upstream tag: v2.238.0 Upstream commit: 36e8f213 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index b1d1698..8101221 100644 --- a/.gitignore +++ b/.gitignore @@ -235,3 +235,4 @@ /v2.235.0.tar.gz /v2.236.0.tar.gz /v2.237.0.tar.gz +/v2.238.0.tar.gz diff --git a/README.packit b/README.packit index 807ffc6..7e268b5 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 1.6.0.post1.dev2+gd5a7662a. +The file was generated using packit 1.8.0.post1.dev15+g39511efc. diff --git a/container-selinux.spec b/container-selinux.spec index afe8b30..76589ec 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -35,7 +35,7 @@ Epoch: 4 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.237.0 +Version: 2.238.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 907c8b1..866448b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.237.0.tar.gz) = 39226dc5474934eb509bde812a7df3647d38c69d33ff3d54d0774286d1bc325dae867280571d3681e23a334aa785acfb6a1c22ca2f3df6031f95d005145930df +SHA512 (v2.238.0.tar.gz) = f251bab5a5992feb6ce3d295d39a75627bd3c5deddbdb7ad64018c4f3b652637ff27760f40082b1cd31802f500f8927ae96256a4a11aa085b4b84703906f856f From b938868d0dcd742da3f42d4e48a8798e8cff8ac2 Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 7 Jul 2025 16:09:13 +0000 Subject: [PATCH 374/381] Update to 2.239.0 upstream release Upstream tag: v2.239.0 Upstream commit: 229e8d8b Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 8101221..f3b7604 100644 --- a/.gitignore +++ b/.gitignore @@ -236,3 +236,4 @@ /v2.236.0.tar.gz /v2.237.0.tar.gz /v2.238.0.tar.gz +/v2.239.0.tar.gz diff --git a/README.packit b/README.packit index 7e268b5..dde2a46 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 1.8.0.post1.dev15+g39511efc. +The file was generated using packit 1.9.0.post1.dev4+g48b4c222. diff --git a/container-selinux.spec b/container-selinux.spec index 76589ec..c070080 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -35,7 +35,7 @@ Epoch: 4 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.238.0 +Version: 2.239.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 866448b..3280111 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.238.0.tar.gz) = f251bab5a5992feb6ce3d295d39a75627bd3c5deddbdb7ad64018c4f3b652637ff27760f40082b1cd31802f500f8927ae96256a4a11aa085b4b84703906f856f +SHA512 (v2.239.0.tar.gz) = a3bafe979394358c9e0d51816fd92765ff88f2fab4a5aa22e1ce533e8ee4d1ce2b59435891ba39acb795f44509104fc558588ded180bfb3b27c4662a0b5a6643 From ae2bda3b191919740e1e08402c9e7197f95126ed Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 23 Jul 2025 18:38:20 +0000 Subject: [PATCH 375/381] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From 33a94c0fec233beb298dfcdb28d6f60f52fd6c0f Mon Sep 17 00:00:00 2001 From: Packit Date: Thu, 7 Aug 2025 12:54:13 +0000 Subject: [PATCH 376/381] Update to 2.240.0 upstream release Upstream tag: v2.240.0 Upstream commit: 10cc7eca Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index f3b7604..67fd154 100644 --- a/.gitignore +++ b/.gitignore @@ -237,3 +237,4 @@ /v2.237.0.tar.gz /v2.238.0.tar.gz /v2.239.0.tar.gz +/v2.240.0.tar.gz diff --git a/README.packit b/README.packit index dde2a46..3ad54d6 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 1.9.0.post1.dev4+g48b4c222. +The file was generated using packit 1.11.0. diff --git a/container-selinux.spec b/container-selinux.spec index c070080..f874f51 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -35,7 +35,7 @@ Epoch: 4 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.239.0 +Version: 2.240.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 3280111..64f44ff 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.239.0.tar.gz) = a3bafe979394358c9e0d51816fd92765ff88f2fab4a5aa22e1ce533e8ee4d1ce2b59435891ba39acb795f44509104fc558588ded180bfb3b27c4662a0b5a6643 +SHA512 (v2.240.0.tar.gz) = d5077aa547c2d85613eb168348fe01d92c198b72f3d3523c90d587f12ff8d221c9ee63da1ed1d7201f592853e1aa77406d10b751a0cd7ba9203ea0a22fea3f9b From f5e56373a3e582ff84fac2bc4e4874a23230f7be Mon Sep 17 00:00:00 2001 From: Packit Date: Tue, 19 Aug 2025 16:05:32 +0000 Subject: [PATCH 377/381] Update to 2.241.0 upstream release Upstream tag: v2.241.0 Upstream commit: 5997aa52 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 67fd154..a27fbf9 100644 --- a/.gitignore +++ b/.gitignore @@ -238,3 +238,4 @@ /v2.238.0.tar.gz /v2.239.0.tar.gz /v2.240.0.tar.gz +/v2.241.0.tar.gz diff --git a/README.packit b/README.packit index 3ad54d6..2be479e 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 1.11.0. +The file was generated using packit 1.11.0.post1.dev3+g351a3979f. diff --git a/container-selinux.spec b/container-selinux.spec index f874f51..cd7fd8e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -35,7 +35,7 @@ Epoch: 4 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.240.0 +Version: 2.241.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 64f44ff..3211fe3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.240.0.tar.gz) = d5077aa547c2d85613eb168348fe01d92c198b72f3d3523c90d587f12ff8d221c9ee63da1ed1d7201f592853e1aa77406d10b751a0cd7ba9203ea0a22fea3f9b +SHA512 (v2.241.0.tar.gz) = acab4eb986e494c09a7f01d0263c2908bae8b93039fd0584c0cfa32c44b59e72db2d3f09d1c9213e9640b5f7af2361a460658cd49deafca0a37535f5e8b6fd80 From ac7e099b8e4e99fd11302236418597f6041888ff Mon Sep 17 00:00:00 2001 From: Packit Date: Fri, 5 Sep 2025 14:44:40 +0000 Subject: [PATCH 378/381] Update to 2.242.0 upstream release Upstream tag: v2.242.0 Upstream commit: edfbda46 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + .packit.yaml | 14 +++++++++++++- README.packit | 2 +- container-selinux.spec | 12 ++++++------ sources | 2 +- 5 files changed, 22 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index a27fbf9..9f6dc41 100644 --- a/.gitignore +++ b/.gitignore @@ -239,3 +239,4 @@ /v2.239.0.tar.gz /v2.240.0.tar.gz /v2.241.0.tar.gz +/v2.242.0.tar.gz diff --git a/.packit.yaml b/.packit.yaml index cc1d83b..d25d664 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -54,7 +54,7 @@ jobs: packages: [container-selinux-eln] notifications: *copr_build_failure_notification enable_net: true - targets: + targets: &eln_copr_targets - fedora-eln-x86_64 - fedora-eln-aarch64 @@ -97,6 +97,18 @@ jobs: - type: repository-file id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo + # Tests for Fedora + - job: tests + trigger: pull_request + packages: [container-selinux-eln] + notifications: *test_failure_notification + targets: *eln_copr_targets + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-eln/rhcontainerbot-podman-next-fedora-eln.repo + # Tests for CentOS Stream - job: tests trigger: pull_request diff --git a/README.packit b/README.packit index 2be479e..fb341a1 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 1.11.0.post1.dev3+g351a3979f. +The file was generated using packit 1.11.0.post1.dev7+gfdcdf3a32. diff --git a/container-selinux.spec b/container-selinux.spec index cd7fd8e..273ec70 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -20,14 +20,14 @@ %define no_user_namespace 1 %endif -# copr_build is more intuitive than copr_username -%if %{defined copr_username} -%define copr_build 1 +# set copr_build is more intuitive than copr_username +%if %{defined copr_username} && "%{copr_username}" == "rhcontainerbot" && "%{copr_projectname}" == "podman-next" +%define next_build 1 %endif Name: container-selinux -# Set different Epochs for copr and koji -%if %{defined copr_build} +# Set different Epoch for rhcontainerbot/podman-next copr build +%if %{defined next_build} Epoch: 102 %else Epoch: 4 @@ -35,7 +35,7 @@ Epoch: 4 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.241.0 +Version: 2.242.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 3211fe3..ab44a19 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.241.0.tar.gz) = acab4eb986e494c09a7f01d0263c2908bae8b93039fd0584c0cfa32c44b59e72db2d3f09d1c9213e9640b5f7af2361a460658cd49deafca0a37535f5e8b6fd80 +SHA512 (v2.242.0.tar.gz) = 48ed0644081cd1f52d2e842c46af9c7dd64685aab121a9a275da2ea75eb8b48b7b24ffc45658b6bc78b41a9bad116c3352e1bd540cfba298276519cd6ddea47c From 99f38c064f082eeda912d7da59b822f80d4bbbc6 Mon Sep 17 00:00:00 2001 From: Packit Date: Fri, 7 Nov 2025 19:05:10 +0000 Subject: [PATCH 379/381] Update to 2.243.0 upstream release Upstream tag: v2.243.0 Upstream commit: efdee4df Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- plans/main.fmf | 26 +++++++++++++------ plans/tmt.fmf | 9 +++++++ sources | 2 +- test/main.fmf | 23 +++++++++++++--- ...odman-tests.sh => podman-rootful-tests.sh} | 0 test/podman-rootless-tests.sh | 15 +++++++++++ 9 files changed, 66 insertions(+), 14 deletions(-) create mode 100644 plans/tmt.fmf rename test/{podman-tests.sh => podman-rootful-tests.sh} (100%) create mode 100644 test/podman-rootless-tests.sh diff --git a/.gitignore b/.gitignore index 9f6dc41..9ae95ce 100644 --- a/.gitignore +++ b/.gitignore @@ -240,3 +240,4 @@ /v2.240.0.tar.gz /v2.241.0.tar.gz /v2.242.0.tar.gz +/v2.243.0.tar.gz diff --git a/README.packit b/README.packit index fb341a1..2511bf4 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 1.11.0.post1.dev7+gfdcdf3a32. +The file was generated using packit 1.12.0. diff --git a/container-selinux.spec b/container-selinux.spec index 273ec70..fa68c27 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -35,7 +35,7 @@ Epoch: 4 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.242.0 +Version: 2.243.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/plans/main.fmf b/plans/main.fmf index baa8b2f..c758669 100644 --- a/plans/main.fmf +++ b/plans/main.fmf @@ -3,12 +3,12 @@ discover: execute: how: tmt prepare: - - when: distro == centos-stream or distro == rhel - how: shell - script: | - dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm - dnf -y config-manager --set-enabled epel - order: 10 + - how: feature + epel: enabled + # TODO: Revisit this once https://github.com/teemtee/tmt/issues/3990 is in place. + # FIXME: For whatever reason, CentOS Stream envs end up upgrading container-selinux + # from podman-next instead of using the one installed by Packit. This apparently should + # be easier to handle once tmt#3990 is done. Things work as expected on Fedora already. - when: initiator == packit how: shell script: | @@ -16,5 +16,15 @@ prepare: if compgen -G $COPR_REPO_FILE > /dev/null; then sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE fi - dnf -y upgrade --allowerasing - order: 20 + +/basic_check: + discover+: + test: /test/basic_check + +/podman_rootful_system: + discover+: + test: /test/podman_rootful_system + +/podman_rootless_system: + discover+: + test: /test/podman_rootless_system diff --git a/plans/tmt.fmf b/plans/tmt.fmf new file mode 100644 index 0000000..1941978 --- /dev/null +++ b/plans/tmt.fmf @@ -0,0 +1,9 @@ +/: + inherit: false + +summary: Run tmt's integration tests +plan: + import: + url: https://github.com/teemtee/tmt + path: /plans/friends + name: /podman diff --git a/sources b/sources index ab44a19..06d448c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.242.0.tar.gz) = 48ed0644081cd1f52d2e842c46af9c7dd64685aab121a9a275da2ea75eb8b48b7b24ffc45658b6bc78b41a9bad116c3352e1bd540cfba298276519cd6ddea47c +SHA512 (v2.243.0.tar.gz) = 8ed193e467d247a277f1d21b6f1f2044273e15301e27ed33e0240af27f8d6ade4585a6fa9953a05bf11298d3a4ef2ea4fdc7f6e43abddd7e03c9c38835ad4429 diff --git a/test/main.fmf b/test/main.fmf index 4b186d5..13b8104 100644 --- a/test/main.fmf +++ b/test/main.fmf @@ -1,9 +1,10 @@ require: - attr - - bats - container-selinux - podman-tests - policycoreutils +recommend: + - bats /basic_check: summary: Run basic checks @@ -12,6 +13,22 @@ require: semodule -B rpm -Vqf /var/lib/selinux/*/active/modules/200/container -/podman_system_test: +/podman_rootful_system: summary: Run SELinux specific Podman system tests - test: bash ./podman-tests.sh + test: bash ./podman-rootful-tests.sh + +/podman_rootless_system: + summary: Run rootless Podman system tests + test: bash ./podman-rootless-tests.sh + require+: + - passt + - passt-selinux + environment: + ROOTLESS_USER: "fedora" + adjust: + - when: distro == centos-stream + environment+: + ROOTLESS_USER: "ec2-user" + - when: distro == fedora-eln or distro == rhel + environment+: + ROOTLESS_USER: "cloud-user" diff --git a/test/podman-tests.sh b/test/podman-rootful-tests.sh similarity index 100% rename from test/podman-tests.sh rename to test/podman-rootful-tests.sh diff --git a/test/podman-rootless-tests.sh b/test/podman-rootless-tests.sh new file mode 100644 index 0000000..e5583e0 --- /dev/null +++ b/test/podman-rootless-tests.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +set -exo pipefail + +cat /etc/redhat-release + +# Print versions of distro and installed packages +rpm -q bats container-selinux passt passt-selinux podman podman-tests policycoreutils selinux-policy + +loginctl enable-linger "$ROOTLESS_USER" + +# Run podman system tests +su - "$ROOTLESS_USER" -c "bats /usr/share/podman/test/system/410-selinux.bats" +su - "$ROOTLESS_USER" -c "bats /usr/share/podman/test/system/500-networking.bats" +su - "$ROOTLESS_USER" -c "bats /usr/share/podman/test/system/505-networking-pasta.bats" From 3f88bda292ee2de6b5bc847b37f68206c4c009ec Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 1 Dec 2025 15:51:17 +0000 Subject: [PATCH 380/381] Update to 2.244.0 upstream release Upstream tag: v2.244.0 Upstream commit: 9017e1f8 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- test/main.fmf | 2 +- 5 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 9ae95ce..0891100 100644 --- a/.gitignore +++ b/.gitignore @@ -241,3 +241,4 @@ /v2.241.0.tar.gz /v2.242.0.tar.gz /v2.243.0.tar.gz +/v2.244.0.tar.gz diff --git a/README.packit b/README.packit index 2511bf4..b4b46e3 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 1.12.0. +The file was generated using packit 1.12.0.post1.dev20+g7d30dac21. diff --git a/container-selinux.spec b/container-selinux.spec index fa68c27..07c8f41 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -35,7 +35,7 @@ Epoch: 4 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.243.0 +Version: 2.244.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 06d448c..68be440 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.243.0.tar.gz) = 8ed193e467d247a277f1d21b6f1f2044273e15301e27ed33e0240af27f8d6ade4585a6fa9953a05bf11298d3a4ef2ea4fdc7f6e43abddd7e03c9c38835ad4429 +SHA512 (v2.244.0.tar.gz) = 21bb73a226d96a152de53475ad23d1daa119a20d83c835c7c5c2da011a2fd066955db1b4d4e11527883f7ef5dc027937bd9f1f65bc4388b44aed10337936f877 diff --git a/test/main.fmf b/test/main.fmf index 13b8104..741aef1 100644 --- a/test/main.fmf +++ b/test/main.fmf @@ -29,6 +29,6 @@ recommend: - when: distro == centos-stream environment+: ROOTLESS_USER: "ec2-user" - - when: distro == fedora-eln or distro == rhel + - when: distro == rhel environment+: ROOTLESS_USER: "cloud-user" From 615e4619a44c9275352a61d5fc766b77d439b869 Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 15 Dec 2025 15:49:15 +0000 Subject: [PATCH 381/381] Update to 2.245.0 upstream release Upstream tag: v2.245.0 Upstream commit: 3f7c37e9 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 0891100..523a91e 100644 --- a/.gitignore +++ b/.gitignore @@ -242,3 +242,4 @@ /v2.242.0.tar.gz /v2.243.0.tar.gz /v2.244.0.tar.gz +/v2.245.0.tar.gz diff --git a/README.packit b/README.packit index b4b46e3..db537f9 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 1.12.0.post1.dev20+g7d30dac21. +The file was generated using packit 1.13.0. diff --git a/container-selinux.spec b/container-selinux.spec index 07c8f41..6348202 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -35,7 +35,7 @@ Epoch: 4 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.244.0 +Version: 2.245.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 68be440..ce107a4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.244.0.tar.gz) = 21bb73a226d96a152de53475ad23d1daa119a20d83c835c7c5c2da011a2fd066955db1b4d4e11527883f7ef5dc027937bd9f1f65bc4388b44aed10337936f877 +SHA512 (v2.245.0.tar.gz) = 0bc85980780631ceccb38f2fde64ff7f3792be18d4501806532f097deedde70f446e2389c543dd78e9087b45cd1a6916c0e096e6ea42dd77ac377ad4111b7db2