From 7854cd5c3f48e0681d47576e252342d608c21d0e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 23 Aug 2018 04:55:47 -0700 Subject: [PATCH 01/78] Allow unconfined_r to transition to system_r over container_runtime_exec_t Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t --- .gitignore | 2 ++ container-selinux.spec | 15 ++++++++++++--- sources | 2 +- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 60cb8d6..addd98e 100644 --- a/.gitignore +++ b/.gitignore @@ -63,3 +63,5 @@ >>>>>>> Stashed changes /container-selinux-c139a3d.tar.gz /container-selinux-452b90d.tar.gz +/container-selinux-4e73492.tar.gz +/container-selinux-5721d74.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 9f90b25..58d327e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 452b90de0cbc75f0a55defa1d45b7bc337d4f076 +%global commit0 5721d746acccaa840a9af5be6ee30ca3b0c2a2bb %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.69 +Version: 2.71 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -44,6 +44,7 @@ Requires(post): selinux-policy-targeted >= %{selinux_policyver} Requires(post): policycoreutils Requires(post): policycoreutils-python-utils Requires(post): libselinux-utils +Requires(post): libsemanage >= 2.8-2 Requires(post): sed Obsoletes: %{name} <= 2:1.12.5-13 Obsoletes: docker-selinux <= 2:1.12.4-28 @@ -86,11 +87,12 @@ if %{_sbindir}/selinuxenabled ; then %relabel_files if [ $1 -eq 1 ]; then restorecon -R %{_sharedstatedir}/docker &> /dev/null || : + restorecon -R %{_sharedstatedir}/containers &> /dev/null || : fi fi . %{_sysconfdir}/selinux/config sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types - +matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R -v %{_sharedstatedir}/containers &> /dev/null %postun if [ $1 -eq 0 ]; then @@ -109,6 +111,13 @@ fi %{_datadir}/selinux/* %changelog +* Wed Aug 22 2018 Dan Walsh - 2.71-1 +- Allow unconfined_r to transition to system_r over container_runtime_exec_t +- Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t + +* Fri Aug 10 2018 Dan Walsh - 2.69-3 +- Relabel /var/lib/containers if directory is mislabeled +gi * Wed Jul 25 2018 Dan Walsh - 2.69-1 - dontaudit attempts to write to sysctl_kernel_t diff --git a/sources b/sources index dab2d47..c7f4eec 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-452b90d.tar.gz) = f9bc9c9fafd98aca03b755dc44807baec3aec2b0a97bd539be6b49bc2f1f571973bef8e8a716ef990255f4b26ef9650e2c03ce9bf3ee0961f99205e309475944 +SHA512 (container-selinux-5721d74.tar.gz) = 6c965d64022967cffad10fc7f69ef7111998c91dc6a5be4c227f00d82d6af6c4c6b9c86d1f6809204a7ee8bf950483b32efb5ee8ce05a0ad71a5e57c7f3230b3 From 310de3ad414c8dc559d63ec9348ef048d0379dc5 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 27 Aug 2018 09:16:27 -0400 Subject: [PATCH 02/78] Allow unconfined_r to transition to system_r over container_runtime_exec_t Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t --- container-selinux.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 58d327e..52f9078 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -27,7 +27,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.71 -Release: 1.git%{shortcommit0}%{?dist} +Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -92,7 +92,7 @@ if %{_sbindir}/selinuxenabled ; then fi . %{_sysconfdir}/selinux/config sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types -matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R -v %{_sharedstatedir}/containers &> /dev/null +matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || : %postun if [ $1 -eq 0 ]; then From 132a21d67e120144d4f4e1ef1370f8ead3d82d7e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 12 Sep 2018 07:45:49 -0400 Subject: [PATCH 03/78] Allow container_runtimes to setattr on callers fifo_files --- container-selinux.spec | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 52f9078..2b5276c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 5721d746acccaa840a9af5be6ee30ca3b0c2a2bb +%global commit0 f6c7f410ca8bfe20bd0a217dd75b22735a32f212 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.71 -Release: 2.git%{shortcommit0}%{?dist} +Version: 2.72 +Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -44,7 +44,6 @@ Requires(post): selinux-policy-targeted >= %{selinux_policyver} Requires(post): policycoreutils Requires(post): policycoreutils-python-utils Requires(post): libselinux-utils -Requires(post): libsemanage >= 2.8-2 Requires(post): sed Obsoletes: %{name} <= 2:1.12.5-13 Obsoletes: docker-selinux <= 2:1.12.4-28 @@ -94,6 +93,7 @@ fi sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || : + %postun if [ $1 -eq 0 ]; then %{_sbindir}/semodule -n -r %{modulenames} docker &> /dev/null || : @@ -111,13 +111,18 @@ fi %{_datadir}/selinux/* %changelog +* Wed Sep 12 2018 Dan Walsh - 2.72-1 +- Allow container_runtimes to setattr on callers fifo_files + +* Mon Aug 27 2018 Dan Walsh - 2.71-2 +- Fix restorecon to not error on missing directory + * Wed Aug 22 2018 Dan Walsh - 2.71-1 - Allow unconfined_r to transition to system_r over container_runtime_exec_t + +* Wed Aug 22 2018 Dan Walsh - 2.70-1 - Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t -* Fri Aug 10 2018 Dan Walsh - 2.69-3 -- Relabel /var/lib/containers if directory is mislabeled -gi * Wed Jul 25 2018 Dan Walsh - 2.69-1 - dontaudit attempts to write to sysctl_kernel_t From 8c73b4d06d625ec10001a3dacc1f418049048a2b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 13 Sep 2018 09:34:06 -0400 Subject: [PATCH 04/78] Define spc_t as a container_domain, so that container_runtime will transition to spc_t even when setup with nosuid. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index addd98e..5d8f5df 100644 --- a/.gitignore +++ b/.gitignore @@ -65,3 +65,4 @@ /container-selinux-452b90d.tar.gz /container-selinux-4e73492.tar.gz /container-selinux-5721d74.tar.gz +/container-selinux-d7a3f33.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 2b5276c..5445396 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 f6c7f410ca8bfe20bd0a217dd75b22735a32f212 +%global commit0 d7a3f33548ae5c5912006dc2b14270d650f5e52f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.72 +Version: 2.73 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -111,6 +111,10 @@ fi %{_datadir}/selinux/* %changelog +* Wed Sep 12 2018 Dan Walsh - 2.73-1 +- Define spc_t as a container_domain, so that container_runtime will transition +to spc_t even when setup with nosuid. + * Wed Sep 12 2018 Dan Walsh - 2.72-1 - Allow container_runtimes to setattr on callers fifo_files diff --git a/sources b/sources index c7f4eec..22fed4c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5721d74.tar.gz) = 6c965d64022967cffad10fc7f69ef7111998c91dc6a5be4c227f00d82d6af6c4c6b9c86d1f6809204a7ee8bf950483b32efb5ee8ce05a0ad71a5e57c7f3230b3 +SHA512 (container-selinux-d7a3f33.tar.gz) = c2db2bc9e1bc8de49631d8d40210bcb065af21892c4ee4f94f13dcbb1bbd61c18b95b086aa0f83205c060b497581e1ed7bb9dda5c927b32cebc48c456bdfd553 From de32e361ae91233a76a8901c9a33c411d63423ad Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 22 Sep 2018 06:40:42 -0400 Subject: [PATCH 05/78] Remove requires for policycoreutils-python-utils we don't need it. --- container-selinux.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 5445396..a1662c0 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -27,7 +27,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.73 -Release: 1.git%{shortcommit0}%{?dist} +Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -42,7 +42,6 @@ Requires: selinux-policy >= %{selinux_policyver} Requires(post): selinux-policy-base >= %{selinux_policyver} Requires(post): selinux-policy-targeted >= %{selinux_policyver} Requires(post): policycoreutils -Requires(post): policycoreutils-python-utils Requires(post): libselinux-utils Requires(post): sed Obsoletes: %{name} <= 2:1.12.5-13 @@ -111,6 +110,9 @@ fi %{_datadir}/selinux/* %changelog +* Sat Sep 22 2018 Dan Walsh - 2.73-2 +- Remove requires for policycoreutils-python-utils we don't need it. + * Wed Sep 12 2018 Dan Walsh - 2.73-1 - Define spc_t as a container_domain, so that container_runtime will transition to spc_t even when setup with nosuid. From 698486d8d45d1582821238df34a187c1b4f5b24b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 19 Oct 2018 17:45:54 -0400 Subject: [PATCH 06/78] Allow containers to setexec themselves --- .gitignore | 1 + container-selinux.spec | 10 ++++++---- sources | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 5d8f5df..2e1d733 100644 --- a/.gitignore +++ b/.gitignore @@ -66,3 +66,4 @@ /container-selinux-4e73492.tar.gz /container-selinux-5721d74.tar.gz /container-selinux-d7a3f33.tar.gz +/container-selinux-a62c2db.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index a1662c0..b8ebc9c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 d7a3f33548ae5c5912006dc2b14270d650f5e52f +%global commit0 a62c2dbcdbe98d3f975d617f55faabafe7835357 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.73 -Release: 2.git%{shortcommit0}%{?dist} +Version: 2.74 +Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -92,7 +92,6 @@ fi sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || : - %postun if [ $1 -eq 0 ]; then %{_sbindir}/semodule -n -r %{modulenames} docker &> /dev/null || : @@ -110,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Oct 19 2018 Dan Walsh - 2.74-1 +- Allow containers to setexec themselves + * Sat Sep 22 2018 Dan Walsh - 2.73-2 - Remove requires for policycoreutils-python-utils we don't need it. diff --git a/sources b/sources index 22fed4c..f8be47a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-d7a3f33.tar.gz) = c2db2bc9e1bc8de49631d8d40210bcb065af21892c4ee4f94f13dcbb1bbd61c18b95b086aa0f83205c060b497581e1ed7bb9dda5c927b32cebc48c456bdfd553 +SHA512 (container-selinux-a62c2db.tar.gz) = d74911fcb3c4102515c56af2893bbdc03b2e45214a93fd5f1cabc1b55bfa526e3f79da35be3250ab5fb5045a1d4b34809f0965644885844182e166d2f0c1af78 From 9b5b81540750baa6ab5bc6bcf33bf0d0bd883f35 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 30 Oct 2018 08:34:21 -0400 Subject: [PATCH 07/78] Allow containers to use fuse file systems by default --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 2e1d733..2884676 100644 --- a/.gitignore +++ b/.gitignore @@ -67,3 +67,4 @@ /container-selinux-5721d74.tar.gz /container-selinux-d7a3f33.tar.gz /container-selinux-a62c2db.tar.gz +/container-selinux-99e2cfd.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index b8ebc9c..f833f39 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 a62c2dbcdbe98d3f975d617f55faabafe7835357 +%global commit0 99e2cfd56536d1c2463ad7a68c29bb478eb67e8a %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.74 +Version: 2.75 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Oct 30 2018 Dan Walsh - 2.75-1 +- Allow containers to use fuse file systems by default + * Fri Oct 19 2018 Dan Walsh - 2.74-1 - Allow containers to setexec themselves @@ -121,7 +124,7 @@ to spc_t even when setup with nosuid. * Wed Sep 12 2018 Dan Walsh - 2.72-1 - Allow container_runtimes to setattr on callers fifo_files - +github.com/opencontainers/selinux * Mon Aug 27 2018 Dan Walsh - 2.71-2 - Fix restorecon to not error on missing directory diff --git a/sources b/sources index f8be47a..16a8920 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-a62c2db.tar.gz) = d74911fcb3c4102515c56af2893bbdc03b2e45214a93fd5f1cabc1b55bfa526e3f79da35be3250ab5fb5045a1d4b34809f0965644885844182e166d2f0c1af78 +SHA512 (container-selinux-99e2cfd.tar.gz) = 489f420cb14bf6049eab9f2939bb61a98cdae43bc2d78d3607760922158e519d3bf6781b8f652ce6ed74ce03d8f453ee621860471324c932fe723c645b9ef8cd From 3920dceced2f5c73c00369ed9b07756a279ab436 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 12 Nov 2018 15:49:11 -0500 Subject: [PATCH 08/78] Allow containers to sendto dgram socket of container runtimes Needed to run container runtimes in notify socket unit files. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 2884676..f991c91 100644 --- a/.gitignore +++ b/.gitignore @@ -68,3 +68,4 @@ /container-selinux-d7a3f33.tar.gz /container-selinux-a62c2db.tar.gz /container-selinux-99e2cfd.tar.gz +/container-selinux-87fae85.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index f833f39..cb00b61 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 99e2cfd56536d1c2463ad7a68c29bb478eb67e8a +%global commit0 87fae856c438047d472db4e1b083e8a8f8ed3103 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.75 +Version: 2.76 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Mon Nov 12 2018 Dan Walsh - 2.76-1 +- Allow containers to sendto dgram socket of container runtimes +- Needed to run container runtimes in notify socket unit files. + * Tue Oct 30 2018 Dan Walsh - 2.75-1 - Allow containers to use fuse file systems by default diff --git a/sources b/sources index 16a8920..29f4f57 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-99e2cfd.tar.gz) = 489f420cb14bf6049eab9f2939bb61a98cdae43bc2d78d3607760922158e519d3bf6781b8f652ce6ed74ce03d8f453ee621860471324c932fe723c645b9ef8cd +SHA512 (container-selinux-87fae85.tar.gz) = 4ec03e76830fa2dc15602831cda3e9ca846b62d3f806049785bb94004f079314e6a2039987f02251ff54aa4a9ed890d558506861fe0986264cc610920a7f85df From f09ba8519972e3cd9789f69465b17775cdc96b62 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 17 Dec 2018 14:24:35 -0500 Subject: [PATCH 09/78] Allow container-runtime to setattr on fifo_file handed into container runtime. --- .gitignore | 1 + container-selinux.spec | 13 ++++++++++--- sources | 2 +- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index f991c91..13b5e67 100644 --- a/.gitignore +++ b/.gitignore @@ -69,3 +69,4 @@ /container-selinux-a62c2db.tar.gz /container-selinux-99e2cfd.tar.gz /container-selinux-87fae85.tar.gz +/container-selinux-5133af6.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index cb00b61..feb3430 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 87fae856c438047d472db4e1b083e8a8f8ed3103 +%global commit0 5133af638a0b746e1ff3bd6d452038fdad7e7e98 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.76 +Version: 2.77 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,11 +109,18 @@ fi %{_datadir}/selinux/* %changelog +* Mon Dec 17 2018 Dan Walsh - 2.77-1 +- Allow container-runtime to setattr on fifo_file handed into container runtime. + +* Tue Nov 13 2018 Lokesh Mandvekar (Bot) - 2:2.752.75-1.dev.git99e2cfd1 +- bump to 2.75 +- autobuilt 99e2cfd + * Mon Nov 12 2018 Dan Walsh - 2.76-1 - Allow containers to sendto dgram socket of container runtimes - Needed to run container runtimes in notify socket unit files. -* Tue Oct 30 2018 Dan Walsh - 2.75-1 +* Tue Oct 30 2018 Dan Walsh - 2.75-1.dev.git99e2cfd - Allow containers to use fuse file systems by default * Fri Oct 19 2018 Dan Walsh - 2.74-1 diff --git a/sources b/sources index 29f4f57..b350407 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-87fae85.tar.gz) = 4ec03e76830fa2dc15602831cda3e9ca846b62d3f806049785bb94004f079314e6a2039987f02251ff54aa4a9ed890d558506861fe0986264cc610920a7f85df +SHA512 (container-selinux-5133af6.tar.gz) = e4e3c98ad0c8d9b3ed53c5753092505f8a65dfda13138cb238cc288b2d311fb755e900af93e7b7fa84b5824b2cd352eaf11ab1b90353f698b52235fc1af7d063 From 35fbb981e6199e0db0586f8ab567f9922cb27325 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 17 Dec 2018 15:48:11 -0500 Subject: [PATCH 10/78] Allow container-runtime to setattr on fifo_file handed into container runtime. --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 13b5e67..633f42d 100644 --- a/.gitignore +++ b/.gitignore @@ -70,3 +70,4 @@ /container-selinux-99e2cfd.tar.gz /container-selinux-87fae85.tar.gz /container-selinux-5133af6.tar.gz +/container-selinux-2c57a17.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index feb3430..6424576 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 5133af638a0b746e1ff3bd6d452038fdad7e7e98 +%global commit0 2c57a17ab66c245a86dd00e03ec2b8e70ff76203 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) diff --git a/sources b/sources index b350407..4ba60f5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5133af6.tar.gz) = e4e3c98ad0c8d9b3ed53c5753092505f8a65dfda13138cb238cc288b2d311fb755e900af93e7b7fa84b5824b2cd352eaf11ab1b90353f698b52235fc1af7d063 +SHA512 (container-selinux-2c57a17.tar.gz) = a136937d766f2727d4ca51dd2ca73b16c484bf7a6ccd09634ce2b29d46620a8152b7535e5b4663fe10d9ac502493c680e0d35b2b0eea7bbec8d54fb7de12eef2 From c42736f2128984050364f9600cdeaae8bf03fe03 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 10 Jan 2019 15:18:09 -0500 Subject: [PATCH 11/78] Fix labeling for images in docker daemon user namespace --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 633f42d..9e4f3dc 100644 --- a/.gitignore +++ b/.gitignore @@ -71,3 +71,4 @@ /container-selinux-87fae85.tar.gz /container-selinux-5133af6.tar.gz /container-selinux-2c57a17.tar.gz +/container-selinux-1362777.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 6424576..0998d68 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 2c57a17ab66c245a86dd00e03ec2b8e70ff76203 +%global commit0 13627777f8398d68d7de180ee4c07d454dc2d69b %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.77 +Version: 2.78 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Jan 10 2019 Dan Walsh - 2.78-1 +- Fix labeling for images in docker daemon user namespace + * Mon Dec 17 2018 Dan Walsh - 2.77-1 - Allow container-runtime to setattr on fifo_file handed into container runtime. diff --git a/sources b/sources index 4ba60f5..c5af941 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-2c57a17.tar.gz) = a136937d766f2727d4ca51dd2ca73b16c484bf7a6ccd09634ce2b29d46620a8152b7535e5b4663fe10d9ac502493c680e0d35b2b0eea7bbec8d54fb7de12eef2 +SHA512 (container-selinux-1362777.tar.gz) = 2bbf208a2c0995ce5133e6846ad6f080efd6ca809bf21c3839214d6758f3c19bec0ee9d4f4cd03a4cf036300abd78502f7aeacdfc2dfcf09aa97893d6a86fbb1 From f5e4a39baa7cd84897cf2e66de0366e2d2e8d68a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 11 Jan 2019 11:08:03 -0500 Subject: [PATCH 12/78] Fix labeling on /var/lib/registries --- .gitignore | 4 +--- container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 9e4f3dc..a593471 100644 --- a/.gitignore +++ b/.gitignore @@ -56,11 +56,8 @@ /container-selinux-dfaf8fd.tar.gz /container-selinux-8ecc282.tar.gz /container-selinux-0407867.tar.gz -<<<<<<< Updated upstream /container-selinux-042f7cf.tar.gz -======= /container-selinux-25277c8.tar.gz ->>>>>>> Stashed changes /container-selinux-c139a3d.tar.gz /container-selinux-452b90d.tar.gz /container-selinux-4e73492.tar.gz @@ -72,3 +69,4 @@ /container-selinux-5133af6.tar.gz /container-selinux-2c57a17.tar.gz /container-selinux-1362777.tar.gz +/container-selinux-6f01752.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 0998d68..11005b1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 13627777f8398d68d7de180ee4c07d454dc2d69b +%global commit0 6f01752858c0ee79dddf0e4c1bf845fb35d9eaf6 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.78 +Version: 2.79 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Jan 11 2019 Dan Walsh - 2.79-1 +- Fix labeling on /var/lib/registries + * Thu Jan 10 2019 Dan Walsh - 2.78-1 - Fix labeling for images in docker daemon user namespace diff --git a/sources b/sources index c5af941..f70aa72 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-1362777.tar.gz) = 2bbf208a2c0995ce5133e6846ad6f080efd6ca809bf21c3839214d6758f3c19bec0ee9d4f4cd03a4cf036300abd78502f7aeacdfc2dfcf09aa97893d6a86fbb1 +SHA512 (container-selinux-6f01752.tar.gz) = eedd30e77a39667b0352279975858febe7f1eb9910a663de2ad7c12076ab5f345d2350c51c870778009047141dfbcfdd17fa11c105f6ea23f2dde0b6885d31c2 From bd927ea0745a5822e50885d6fafcf28e9ec80508 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 22 Jan 2019 14:56:03 +0100 Subject: [PATCH 13/78] Don't allow containers to talk to contianer runtime sockets --- container-selinux.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 11005b1..4ee743d 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 6f01752858c0ee79dddf0e4c1bf845fb35d9eaf6 +%global commit0 1b655d9aae4ec9859101b87d693566531b3dc4ff %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.79 +Version: 2.80 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -73,7 +73,7 @@ rm -rf container-selinux.spec %post # Install all modules in a single transaction if [ $1 -eq 1 ]; then - %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 + %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Jan 22 2019 Dan Walsh - 2.80-1 +- Don't allow containers to talk to contianer runtime sockets + * Fri Jan 11 2019 Dan Walsh - 2.79-1 - Fix labeling on /var/lib/registries From e165376b3c071d5567380c1d75cdbcb82389bd48 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 22 Jan 2019 15:06:02 +0100 Subject: [PATCH 14/78] Don't allow containers to talk to contianer runtime sockets --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index a593471..01cef0a 100644 --- a/.gitignore +++ b/.gitignore @@ -70,3 +70,4 @@ /container-selinux-2c57a17.tar.gz /container-selinux-1362777.tar.gz /container-selinux-6f01752.tar.gz +/container-selinux-1b655d9.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 4ee743d..03831dc 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -109,7 +109,7 @@ fi %{_datadir}/selinux/* %changelog -* Fri Jan 22 2019 Dan Walsh - 2.80-1 +* Tue Jan 22 2019 Dan Walsh - 2.80-1 - Don't allow containers to talk to contianer runtime sockets * Fri Jan 11 2019 Dan Walsh - 2.79-1 diff --git a/sources b/sources index f70aa72..ed72e9c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-6f01752.tar.gz) = eedd30e77a39667b0352279975858febe7f1eb9910a663de2ad7c12076ab5f345d2350c51c870778009047141dfbcfdd17fa11c105f6ea23f2dde0b6885d31c2 +SHA512 (container-selinux-1b655d9.tar.gz) = a6b7747d7fa769e4e90898c8b6b465785d21cd22e9b30bfa874aff15091ea0c577e1f245242b3d25814190e6b00e0e54da5bb59ae26239e8aacb3da1f375e16e From fdbe3a120375fe874f84dd205e8d62c258ae490a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 7 Feb 2019 10:02:27 -0700 Subject: [PATCH 15/78] Add new labels for paths for containerd --- .gitignore | 1 + container-selinux.spec | 12 +++++++++--- sources | 1 + 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 01cef0a..3280214 100644 --- a/.gitignore +++ b/.gitignore @@ -71,3 +71,4 @@ /container-selinux-1362777.tar.gz /container-selinux-6f01752.tar.gz /container-selinux-1b655d9.tar.gz +/container-selinux-484806a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 03831dc..72c6fa8 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 1b655d9aae4ec9859101b87d693566531b3dc4ff +%global commit0 484806a3fb3235827dcad0ac65a2b87a1a964a48 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.80 -Release: 1.git%{shortcommit0}%{?dist} +Version: 2.81 +Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,6 +109,12 @@ fi %{_datadir}/selinux/* %changelog +* Thu Feb 7 2019 Dan Walsh - 2.81-1 +- Add new labels for paths for containerd + +* Thu Jan 31 2019 Fedora Release Engineering - 2:2.80-2.git1b655d9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Tue Jan 22 2019 Dan Walsh - 2.80-1 - Don't allow containers to talk to contianer runtime sockets diff --git a/sources b/sources index ed72e9c..636ff3b 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (container-selinux-1b655d9.tar.gz) = a6b7747d7fa769e4e90898c8b6b465785d21cd22e9b30bfa874aff15091ea0c577e1f245242b3d25814190e6b00e0e54da5bb59ae26239e8aacb3da1f375e16e +SHA512 (container-selinux-484806a.tar.gz) = abda91a9690694fc4a862fd11a386887740c5ffba60bd69b436fd02cd9fc85392e959b88bcff4d7e15b3e5cd0e32f1489d6294180628a953e2738ae86fb127ea From f40e7dd0aeaa4d6a6e90f239d03be866014fd774 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 10 Feb 2019 07:37:12 -0700 Subject: [PATCH 16/78] Allow confined users to use containers --- .gitignore | 2 ++ container-selinux.spec | 15 +++++++++++---- sources | 3 +-- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 3280214..b8974bb 100644 --- a/.gitignore +++ b/.gitignore @@ -72,3 +72,5 @@ /container-selinux-6f01752.tar.gz /container-selinux-1b655d9.tar.gz /container-selinux-484806a.tar.gz +/container-selinux-21c2be6.tar.gz +/container-selinux-5e1f62f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 72c6fa8..5e01e51 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 484806a3fb3235827dcad0ac65a2b87a1a964a48 +%global commit0 5e1f62fe319ebbef46bcabc8cc5e22d209411dda %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.81 -Release: 2.git%{shortcommit0}%{?dist} +Version: 2.82 +Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,13 +109,20 @@ fi %{_datadir}/selinux/* %changelog +* Sun Feb 10 2019 Dan Walsh - 2.82-1 +- Allow confined users to use containers + +* Fri Feb 08 2019 Lokesh Mandvekar (Bot) - 2:2.80-3.git21c2be6 +- bump to 2.80 +- autobuilt 21c2be6 + * Thu Feb 7 2019 Dan Walsh - 2.81-1 - Add new labels for paths for containerd * Thu Jan 31 2019 Fedora Release Engineering - 2:2.80-2.git1b655d9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -* Tue Jan 22 2019 Dan Walsh - 2.80-1 +* Tue Jan 22 2019 Dan Walsh - 2.80-1.nightly.git21c2be6 - Don't allow containers to talk to contianer runtime sockets * Fri Jan 11 2019 Dan Walsh - 2.79-1 diff --git a/sources b/sources index 636ff3b..e46329b 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (container-selinux-1b655d9.tar.gz) = a6b7747d7fa769e4e90898c8b6b465785d21cd22e9b30bfa874aff15091ea0c577e1f245242b3d25814190e6b00e0e54da5bb59ae26239e8aacb3da1f375e16e -SHA512 (container-selinux-484806a.tar.gz) = abda91a9690694fc4a862fd11a386887740c5ffba60bd69b436fd02cd9fc85392e959b88bcff4d7e15b3e5cd0e32f1489d6294180628a953e2738ae86fb127ea +SHA512 (container-selinux-5e1f62f.tar.gz) = 8184e4191cbce80e8ecf65f82e64f6b85eeda0b7b958be099b97100aaa78c71e3d0adec642eafb7e58037ba0a5b0452da7674d7e6c02a8f3c125f67629425ea7 From 9b467bea5bf333879588b4f4c35ef39c5890f5b5 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 25 Feb 2019 10:08:48 -0500 Subject: [PATCH 17/78] Allow containers to mounton cgroup and container_file_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index b8974bb..794e800 100644 --- a/.gitignore +++ b/.gitignore @@ -74,3 +74,4 @@ /container-selinux-484806a.tar.gz /container-selinux-21c2be6.tar.gz /container-selinux-5e1f62f.tar.gz +/container-selinux-ec6fcad.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 5e01e51..da57321 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 5e1f62fe319ebbef46bcabc8cc5e22d209411dda +%global commit0 ec6fcadf8820fefd8d231375a5648856323a3fba %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.82 +Version: 2.83 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Feb 25 2019 Dan Walsh - 2.83-1 +- Allow containers to mounton cgroup and container_file_t + * Sun Feb 10 2019 Dan Walsh - 2.82-1 - Allow confined users to use containers diff --git a/sources b/sources index e46329b..06e646f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5e1f62f.tar.gz) = 8184e4191cbce80e8ecf65f82e64f6b85eeda0b7b958be099b97100aaa78c71e3d0adec642eafb7e58037ba0a5b0452da7674d7e6c02a8f3c125f67629425ea7 +SHA512 (container-selinux-ec6fcad.tar.gz) = cd7308534a58d5bdf75431c64b8d5b0ea75fac4d032a171c156c5350805299d97afee7971fee9e51653081025027e6d4db31c78023a1f2420a34db151b536e42 From e82ea4f074156433010dd937172f4c26e326e9e4 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 28 Feb 2019 08:16:13 -0500 Subject: [PATCH 18/78] More allow rules to allow containers to run within containers --- .gitignore | 1 + container-selinux.spec | 13 ++++++++++--- sources | 2 +- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 794e800..5a95dfc 100644 --- a/.gitignore +++ b/.gitignore @@ -75,3 +75,4 @@ /container-selinux-21c2be6.tar.gz /container-selinux-5e1f62f.tar.gz /container-selinux-ec6fcad.tar.gz +/container-selinux-eb60838.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index da57321..24f448c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 ec6fcadf8820fefd8d231375a5648856323a3fba +%global commit0 eb60838b8e9b88aeb1c3a7f68c93ccfd8a67fbdd %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.83 +Version: 2.84 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,10 +109,17 @@ fi %{_datadir}/selinux/* %changelog +* Thu Feb 28 2019 Dan Walsh - 2.84-1 +- More allow rules to allow containers to run within containers + +* Tue Feb 26 2019 Lokesh Mandvekar (Bot) - 2:2.82-2.git5e1f62f +- bump to 2.82 +- autobuilt 5e1f62f + * Mon Feb 25 2019 Dan Walsh - 2.83-1 - Allow containers to mounton cgroup and container_file_t -* Sun Feb 10 2019 Dan Walsh - 2.82-1 +* Sun Feb 10 2019 Dan Walsh - 2.82-1.nightly.git5e1f62f - Allow confined users to use containers * Fri Feb 08 2019 Lokesh Mandvekar (Bot) - 2:2.80-3.git21c2be6 diff --git a/sources b/sources index 06e646f..c285974 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-ec6fcad.tar.gz) = cd7308534a58d5bdf75431c64b8d5b0ea75fac4d032a171c156c5350805299d97afee7971fee9e51653081025027e6d4db31c78023a1f2420a34db151b536e42 +SHA512 (container-selinux-eb60838.tar.gz) = b4a4ae04d48de49dac9d588be5efc7abfaee7a8a82dd6186f51485e1e63a857fa84145a75aef265bbf66a089d818619b912f6a27bba064c45758dd15ae3fde44 From 405723dce8c93f6bce5a04de96b5630d44e16c26 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 28 Feb 2019 14:52:18 -0500 Subject: [PATCH 19/78] More allow rules to allow containers to run within containers --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 5a95dfc..d72e619 100644 --- a/.gitignore +++ b/.gitignore @@ -76,3 +76,4 @@ /container-selinux-5e1f62f.tar.gz /container-selinux-ec6fcad.tar.gz /container-selinux-eb60838.tar.gz +/container-selinux-92af7fd.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 24f448c..def291f 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 eb60838b8e9b88aeb1c3a7f68c93ccfd8a67fbdd +%global commit0 92af7fdb6d11c4c28c1b9bc2711766ef0acd031b %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.84 +Version: 2.85 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Thu Feb 28 2019 Dan Walsh - 2.85-1 +- More allow rules to allow containers to run within containers + * Thu Feb 28 2019 Dan Walsh - 2.84-1 - More allow rules to allow containers to run within containers diff --git a/sources b/sources index c285974..aa7b869 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-eb60838.tar.gz) = b4a4ae04d48de49dac9d588be5efc7abfaee7a8a82dd6186f51485e1e63a857fa84145a75aef265bbf66a089d818619b912f6a27bba064c45758dd15ae3fde44 +SHA512 (container-selinux-92af7fd.tar.gz) = 2ac368ec88cb5ddd4d16db2d5d5f8bc45674aa797a30e5c92993ebc898a273592c2ef58662b45d44f2e42e9794151df6c62c01cc41f658bdeedbbdcb66f2bcc6 From b967ec8e86cb7042cd0fb779e007ea4f499b56ad Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 1 Mar 2019 09:01:52 -0500 Subject: [PATCH 20/78] Allow unconfined user and services to dyntrans to container domains, needed for CRIU Allow containers exectue hugetlb files. --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index d72e619..52b3488 100644 --- a/.gitignore +++ b/.gitignore @@ -77,3 +77,4 @@ /container-selinux-ec6fcad.tar.gz /container-selinux-eb60838.tar.gz /container-selinux-92af7fd.tar.gz +/container-selinux-c178849.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index def291f..4b74727 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 92af7fdb6d11c4c28c1b9bc2711766ef0acd031b +%global commit0 c1788491847627d39266b5b22e85c8b094f76d77 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.85 +Version: 2.86 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Fri Mar 1 2019 Dan Walsh - 2.86-1 +- Allow unconfined user and services to dyntrans to container domains, needed for CRIU +- Allow containers exectue hugetlb files. + * Thu Feb 28 2019 Dan Walsh - 2.85-1 - More allow rules to allow containers to run within containers diff --git a/sources b/sources index aa7b869..81063d9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-92af7fd.tar.gz) = 2ac368ec88cb5ddd4d16db2d5d5f8bc45674aa797a30e5c92993ebc898a273592c2ef58662b45d44f2e42e9794151df6c62c01cc41f658bdeedbbdcb66f2bcc6 +SHA512 (container-selinux-c178849.tar.gz) = cb5234b21c61236d81ea8532629633f5a635496c70c20d6969f303ab476adaec3e64d67f8eb56c3ae1672698486281679fe8b4c6dda3c3f80556df317c23ff48 From b59726170462773bb7f7beb9c79829a525829058 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 9 Mar 2019 08:46:04 -0500 Subject: [PATCH 21/78] Allow all container domains to have container file types entrypoint Add new release to fix issues with udica Allow container_runtime_t to dyntransition to container domains --- .gitignore | 1 + container-selinux.spec | 9 +++++++-- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 52b3488..4d3f6eb 100644 --- a/.gitignore +++ b/.gitignore @@ -78,3 +78,4 @@ /container-selinux-eb60838.tar.gz /container-selinux-92af7fd.tar.gz /container-selinux-c178849.tar.gz +/container-selinux-2521d0d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 4b74727..850dc4c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 c1788491847627d39266b5b22e85c8b094f76d77 +%global commit0 2521d0d6082ea9057d827d257d27291bf6219aba %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.86 +Version: 2.89 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,11 @@ fi %{_datadir}/selinux/* %changelog +* Sat Mar 9 2019 Dan Walsh - 2.89-1 +- Allow all container domains to have container file types entrypoint +- Add new release to fix issues with udica +- Allow container_runtime_t to dyntransition to container domains + * Fri Mar 1 2019 Dan Walsh - 2.86-1 - Allow unconfined user and services to dyntrans to container domains, needed for CRIU - Allow containers exectue hugetlb files. diff --git a/sources b/sources index 81063d9..c9c3a02 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-c178849.tar.gz) = cb5234b21c61236d81ea8532629633f5a635496c70c20d6969f303ab476adaec3e64d67f8eb56c3ae1672698486281679fe8b4c6dda3c3f80556df317c23ff48 +SHA512 (container-selinux-2521d0d.tar.gz) = 316c85c5b7d061d7691047f09c721dd85fd65ed306991b8c49b2ba4aa88d25ed8ef68a8a8d8a38d331066beab79918253df93e7daf246d5de7bb76741e082115 From 6cd57ed97322c658115e4a70c9faf887dc076494 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 20 Mar 2019 15:41:20 -0400 Subject: [PATCH 22/78] Allow containers to mount and umount fuse file systems. This will allow us to use buidlah within a user namespace separated container. --- .gitignore | 4 ++++ container-selinux.spec | 23 +++++++++++++++++++++-- sources | 2 +- 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 4d3f6eb..5833226 100644 --- a/.gitignore +++ b/.gitignore @@ -78,4 +78,8 @@ /container-selinux-eb60838.tar.gz /container-selinux-92af7fd.tar.gz /container-selinux-c178849.tar.gz +/container-selinux-891a85f.tar.gz +/container-selinux-2c1a2ab.tar.gz +/container-selinux-5c98b56.tar.gz /container-selinux-2521d0d.tar.gz +/container-selinux-619db17.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 850dc4c..3b292fe 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 2521d0d6082ea9057d827d257d27291bf6219aba +%global commit0 619db17b743ec8c75dabb0b08563f9ddad899ff2 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.89 +Version: 2.90 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,11 +109,30 @@ fi %{_datadir}/selinux/* %changelog +* Wed Mar 20 2019 Dan Walsh - 2.90-1 +- Allow containers to mount and umount fuse file systems. This will allow us +- to use buidlah within a user namespace separated container. + * Sat Mar 9 2019 Dan Walsh - 2.89-1 - Allow all container domains to have container file types entrypoint - Add new release to fix issues with udica - Allow container_runtime_t to dyntransition to container domains +* Sat Mar 09 2019 Lokesh Mandvekar (Bot) - 2:2.89-5.git2521d0d +- bump to 2.89 +- autobuilt 2521d0d + +* Thu Mar 07 2019 Lokesh Mandvekar (Bot) - 2:2.88-4.git5c98b56 +- bump to 2.88 +- autobuilt 5c98b56 + +* Wed Mar 06 2019 Lokesh Mandvekar (Bot) - 2:2.87-3.git2c1a2ab +- autobuilt 2c1a2ab + +* Sat Mar 02 2019 Lokesh Mandvekar (Bot) - 2:2.87-2.git891a85f +- bump to 2.87 +- autobuilt 891a85f + * Fri Mar 1 2019 Dan Walsh - 2.86-1 - Allow unconfined user and services to dyntrans to container domains, needed for CRIU - Allow containers exectue hugetlb files. diff --git a/sources b/sources index c9c3a02..fca6816 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-2521d0d.tar.gz) = 316c85c5b7d061d7691047f09c721dd85fd65ed306991b8c49b2ba4aa88d25ed8ef68a8a8d8a38d331066beab79918253df93e7daf246d5de7bb76741e082115 +SHA512 (container-selinux-619db17.tar.gz) = 958e7672a8a173b7b5d28c4a504d6c733292dfed7a850d81f8243c406eef497232dbaa7f6c6520054ef02e2d14a3a66b6e75035fa8177e145e94497f71ccaa40 From 3d40f2c2af15e724580030aaff9d690fa17507bf Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 20 Mar 2019 16:24:08 -0400 Subject: [PATCH 23/78] Allow containers to mount and umount fuse file systems. This will allow us to use buidlah within a user namespace separated container. --- .gitignore | 9 ++++++++ container-selinux.spec | 47 +++++++++++++++++++++++++++++++++++++++--- sources | 2 +- 3 files changed, 54 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index b8974bb..5833226 100644 --- a/.gitignore +++ b/.gitignore @@ -74,3 +74,12 @@ /container-selinux-484806a.tar.gz /container-selinux-21c2be6.tar.gz /container-selinux-5e1f62f.tar.gz +/container-selinux-ec6fcad.tar.gz +/container-selinux-eb60838.tar.gz +/container-selinux-92af7fd.tar.gz +/container-selinux-c178849.tar.gz +/container-selinux-891a85f.tar.gz +/container-selinux-2c1a2ab.tar.gz +/container-selinux-5c98b56.tar.gz +/container-selinux-2521d0d.tar.gz +/container-selinux-619db17.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 5e01e51..3b292fe 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 5e1f62fe319ebbef46bcabc8cc5e22d209411dda +%global commit0 619db17b743ec8c75dabb0b08563f9ddad899ff2 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.82 +Version: 2.90 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,7 +109,48 @@ fi %{_datadir}/selinux/* %changelog -* Sun Feb 10 2019 Dan Walsh - 2.82-1 +* Wed Mar 20 2019 Dan Walsh - 2.90-1 +- Allow containers to mount and umount fuse file systems. This will allow us +- to use buidlah within a user namespace separated container. + +* Sat Mar 9 2019 Dan Walsh - 2.89-1 +- Allow all container domains to have container file types entrypoint +- Add new release to fix issues with udica +- Allow container_runtime_t to dyntransition to container domains + +* Sat Mar 09 2019 Lokesh Mandvekar (Bot) - 2:2.89-5.git2521d0d +- bump to 2.89 +- autobuilt 2521d0d + +* Thu Mar 07 2019 Lokesh Mandvekar (Bot) - 2:2.88-4.git5c98b56 +- bump to 2.88 +- autobuilt 5c98b56 + +* Wed Mar 06 2019 Lokesh Mandvekar (Bot) - 2:2.87-3.git2c1a2ab +- autobuilt 2c1a2ab + +* Sat Mar 02 2019 Lokesh Mandvekar (Bot) - 2:2.87-2.git891a85f +- bump to 2.87 +- autobuilt 891a85f + +* Fri Mar 1 2019 Dan Walsh - 2.86-1 +- Allow unconfined user and services to dyntrans to container domains, needed for CRIU +- Allow containers exectue hugetlb files. + +* Thu Feb 28 2019 Dan Walsh - 2.85-1 +- More allow rules to allow containers to run within containers + +* Thu Feb 28 2019 Dan Walsh - 2.84-1 +- More allow rules to allow containers to run within containers + +* Tue Feb 26 2019 Lokesh Mandvekar (Bot) - 2:2.82-2.git5e1f62f +- bump to 2.82 +- autobuilt 5e1f62f + +* Mon Feb 25 2019 Dan Walsh - 2.83-1 +- Allow containers to mounton cgroup and container_file_t + +* Sun Feb 10 2019 Dan Walsh - 2.82-1.nightly.git5e1f62f - Allow confined users to use containers * Fri Feb 08 2019 Lokesh Mandvekar (Bot) - 2:2.80-3.git21c2be6 diff --git a/sources b/sources index e46329b..fca6816 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-5e1f62f.tar.gz) = 8184e4191cbce80e8ecf65f82e64f6b85eeda0b7b958be099b97100aaa78c71e3d0adec642eafb7e58037ba0a5b0452da7674d7e6c02a8f3c125f67629425ea7 +SHA512 (container-selinux-619db17.tar.gz) = 958e7672a8a173b7b5d28c4a504d6c733292dfed7a850d81f8243c406eef497232dbaa7f6c6520054ef02e2d14a3a66b6e75035fa8177e145e94497f71ccaa40 From 59cd74ea4aa9d4724c686f9514ccca45eb7801a2 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 26 Mar 2019 08:15:36 -0400 Subject: [PATCH 24/78] Allow container runtimes to create unlabeled keyrings --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 5833226..603f304 100644 --- a/.gitignore +++ b/.gitignore @@ -83,3 +83,4 @@ /container-selinux-5c98b56.tar.gz /container-selinux-2521d0d.tar.gz /container-selinux-619db17.tar.gz +/container-selinux-acc6941.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 3b292fe..26ec77b 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 619db17b743ec8c75dabb0b08563f9ddad899ff2 +%global commit0 acc6941b2b35d7e44718bb986492d808906d9d8c %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.90 +Version: 2.91 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Mar 26 2019 Dan Walsh - 2.91-1 +- Allow container runtimes to create unlabeled keyrings + * Wed Mar 20 2019 Dan Walsh - 2.90-1 - Allow containers to mount and umount fuse file systems. This will allow us - to use buidlah within a user namespace separated container. diff --git a/sources b/sources index fca6816..05d5018 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-619db17.tar.gz) = 958e7672a8a173b7b5d28c4a504d6c733292dfed7a850d81f8243c406eef497232dbaa7f6c6520054ef02e2d14a3a66b6e75035fa8177e145e94497f71ccaa40 +SHA512 (container-selinux-acc6941.tar.gz) = 0086f8187095444deb8ed1b6b8396266aaf8f4f0f9d46b3bb82d89ba0208b174955fdf72e7c622e5f4d6f63ad6750318823f50f29ad73f72907b4da9b45ce39b From 5da44fd7476afd244893069dbda30b3862539773 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 26 Mar 2019 08:15:58 -0400 Subject: [PATCH 25/78] Allow container runtimes to create unlabeled keyrings --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 5833226..603f304 100644 --- a/.gitignore +++ b/.gitignore @@ -83,3 +83,4 @@ /container-selinux-5c98b56.tar.gz /container-selinux-2521d0d.tar.gz /container-selinux-619db17.tar.gz +/container-selinux-acc6941.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 3b292fe..26ec77b 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 619db17b743ec8c75dabb0b08563f9ddad899ff2 +%global commit0 acc6941b2b35d7e44718bb986492d808906d9d8c %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.90 +Version: 2.91 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Mar 26 2019 Dan Walsh - 2.91-1 +- Allow container runtimes to create unlabeled keyrings + * Wed Mar 20 2019 Dan Walsh - 2.90-1 - Allow containers to mount and umount fuse file systems. This will allow us - to use buidlah within a user namespace separated container. diff --git a/sources b/sources index fca6816..05d5018 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-619db17.tar.gz) = 958e7672a8a173b7b5d28c4a504d6c733292dfed7a850d81f8243c406eef497232dbaa7f6c6520054ef02e2d14a3a66b6e75035fa8177e145e94497f71ccaa40 +SHA512 (container-selinux-acc6941.tar.gz) = 0086f8187095444deb8ed1b6b8396266aaf8f4f0f9d46b3bb82d89ba0208b174955fdf72e7c622e5f4d6f63ad6750318823f50f29ad73f72907b4da9b45ce39b From 18fb4db2c3de03d7db0170719bbacba25989a363 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 28 Mar 2019 08:01:02 -0400 Subject: [PATCH 26/78] Allow init_t to manage container content Allow container domains to create fifo_files on fusefs file systems Add boolean to allow containers to use ceph file systems --- .gitignore | 1 + container-selinux.spec | 9 +++++++-- sources | 1 + 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 603f304..7961c2f 100644 --- a/.gitignore +++ b/.gitignore @@ -84,3 +84,4 @@ /container-selinux-2521d0d.tar.gz /container-selinux-619db17.tar.gz /container-selinux-acc6941.tar.gz +/container-selinux-1e99f1d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 26ec77b..5c6a6ae 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 acc6941b2b35d7e44718bb986492d808906d9d8c +%global commit0 1e99f1d53ac4b311c6020971f580fceee0d8cbfa %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.91 +Version: 2.94 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,11 @@ fi %{_datadir}/selinux/* %changelog +* Thu Mar 28 2019 Dan Walsh - 2.94-1 +- Allow init_t to manage container content +- Allow container domains to create fifo_files on fusefs file systems +- Add boolean to allow containers to use ceph file systems + * Tue Mar 26 2019 Dan Walsh - 2.91-1 - Allow container runtimes to create unlabeled keyrings diff --git a/sources b/sources index 05d5018..438452a 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (container-selinux-acc6941.tar.gz) = 0086f8187095444deb8ed1b6b8396266aaf8f4f0f9d46b3bb82d89ba0208b174955fdf72e7c622e5f4d6f63ad6750318823f50f29ad73f72907b4da9b45ce39b +SHA512 (container-selinux-1e99f1d.tar.gz) = ff485831a1912e0bb51346f8bc02d1d6dff9f4b97406d1c770c5cbfb6982b77fd82f92db62039adc8933e87b9035ea40a910e12f7b0c884ff75b8cf8892be97b From b81c797cc4a1bfa30b9d0dc5fcee2cef444dd6c4 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 28 Mar 2019 08:01:33 -0400 Subject: [PATCH 27/78] Allow init_t to manage container content Allow container domains to create fifo_files on fusefs file systems Add boolean to allow containers to use ceph file systems --- .gitignore | 1 + container-selinux.spec | 9 +++++++-- sources | 1 + 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 603f304..7961c2f 100644 --- a/.gitignore +++ b/.gitignore @@ -84,3 +84,4 @@ /container-selinux-2521d0d.tar.gz /container-selinux-619db17.tar.gz /container-selinux-acc6941.tar.gz +/container-selinux-1e99f1d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 26ec77b..5c6a6ae 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 acc6941b2b35d7e44718bb986492d808906d9d8c +%global commit0 1e99f1d53ac4b311c6020971f580fceee0d8cbfa %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.91 +Version: 2.94 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,11 @@ fi %{_datadir}/selinux/* %changelog +* Thu Mar 28 2019 Dan Walsh - 2.94-1 +- Allow init_t to manage container content +- Allow container domains to create fifo_files on fusefs file systems +- Add boolean to allow containers to use ceph file systems + * Tue Mar 26 2019 Dan Walsh - 2.91-1 - Allow container runtimes to create unlabeled keyrings diff --git a/sources b/sources index 05d5018..438452a 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (container-selinux-acc6941.tar.gz) = 0086f8187095444deb8ed1b6b8396266aaf8f4f0f9d46b3bb82d89ba0208b174955fdf72e7c622e5f4d6f63ad6750318823f50f29ad73f72907b4da9b45ce39b +SHA512 (container-selinux-1e99f1d.tar.gz) = ff485831a1912e0bb51346f8bc02d1d6dff9f4b97406d1c770c5cbfb6982b77fd82f92db62039adc8933e87b9035ea40a910e12f7b0c884ff75b8cf8892be97b From 09ee3421bff3c20de860e06e562111148ad55699 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 1 Apr 2019 17:46:44 -0400 Subject: [PATCH 28/78] Allow containers to create fusefs sockets and named pipes --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 5c6a6ae..d183cce 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 1e99f1d53ac4b311c6020971f580fceee0d8cbfa +%global commit0 e3ebc6845ce8a5427b521e3f4087dab8e383a550 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.94 +Version: 2.95 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 1 2019 Dan Walsh - 2.95-1 +- Allow containers to create fusefs sockets and named pipes + * Thu Mar 28 2019 Dan Walsh - 2.94-1 - Allow init_t to manage container content - Allow container domains to create fifo_files on fusefs file systems From 097783d175bf7b1cf35e1e8f4b685bcd2c79faff Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 1 Apr 2019 17:46:59 -0400 Subject: [PATCH 29/78] Allow containers to create fusefs sockets and named pipes --- container-selinux.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 5c6a6ae..d183cce 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 1e99f1d53ac4b311c6020971f580fceee0d8cbfa +%global commit0 e3ebc6845ce8a5427b521e3f4087dab8e383a550 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.94 +Version: 2.95 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 1 2019 Dan Walsh - 2.95-1 +- Allow containers to create fusefs sockets and named pipes + * Thu Mar 28 2019 Dan Walsh - 2.94-1 - Allow init_t to manage container content - Allow container domains to create fifo_files on fusefs file systems From 029e334ac68ef5e76cc35bd75da86453af07ed09 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 1 Apr 2019 17:48:12 -0400 Subject: [PATCH 30/78] Allow containers to create fusefs sockets and named pipes --- .gitignore | 1 + sources | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 7961c2f..c4af282 100644 --- a/.gitignore +++ b/.gitignore @@ -85,3 +85,4 @@ /container-selinux-619db17.tar.gz /container-selinux-acc6941.tar.gz /container-selinux-1e99f1d.tar.gz +/container-selinux-e3ebc68.tar.gz diff --git a/sources b/sources index 438452a..52e8f73 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (container-selinux-acc6941.tar.gz) = 0086f8187095444deb8ed1b6b8396266aaf8f4f0f9d46b3bb82d89ba0208b174955fdf72e7c622e5f4d6f63ad6750318823f50f29ad73f72907b4da9b45ce39b -SHA512 (container-selinux-1e99f1d.tar.gz) = ff485831a1912e0bb51346f8bc02d1d6dff9f4b97406d1c770c5cbfb6982b77fd82f92db62039adc8933e87b9035ea40a910e12f7b0c884ff75b8cf8892be97b +SHA512 (container-selinux-e3ebc68.tar.gz) = 0487c6d1163c956c47cfc158ca3c41501c080428324d8dddc8cda31af282cd4cdc2f2eb9dcfd64e49dda59b26df6d9c9a253e00fcb91b36f1c8fa1a3ec272d2a From c116579b5db9338d78da79bb8960163ed7d834c2 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 1 Apr 2019 17:48:27 -0400 Subject: [PATCH 31/78] Allow containers to create fusefs sockets and named pipes --- .gitignore | 1 + sources | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 7961c2f..c4af282 100644 --- a/.gitignore +++ b/.gitignore @@ -85,3 +85,4 @@ /container-selinux-619db17.tar.gz /container-selinux-acc6941.tar.gz /container-selinux-1e99f1d.tar.gz +/container-selinux-e3ebc68.tar.gz diff --git a/sources b/sources index 438452a..52e8f73 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (container-selinux-acc6941.tar.gz) = 0086f8187095444deb8ed1b6b8396266aaf8f4f0f9d46b3bb82d89ba0208b174955fdf72e7c622e5f4d6f63ad6750318823f50f29ad73f72907b4da9b45ce39b -SHA512 (container-selinux-1e99f1d.tar.gz) = ff485831a1912e0bb51346f8bc02d1d6dff9f4b97406d1c770c5cbfb6982b77fd82f92db62039adc8933e87b9035ea40a910e12f7b0c884ff75b8cf8892be97b +SHA512 (container-selinux-e3ebc68.tar.gz) = 0487c6d1163c956c47cfc158ca3c41501c080428324d8dddc8cda31af282cd4cdc2f2eb9dcfd64e49dda59b26df6d9c9a253e00fcb91b36f1c8fa1a3ec272d2a From 7dccc24169009ecaabb3ffcc8f46ee60b0e409cd Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 1 Apr 2019 18:05:40 -0400 Subject: [PATCH 32/78] Allow containers to create fusefs sockets and named pipes --- container-selinux.spec | 1 + named_pipes.patch | 13 +++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 named_pipes.patch diff --git a/container-selinux.spec b/container-selinux.spec index d183cce..a41cd2a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -32,6 +32,7 @@ License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +Patch1: named_pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) diff --git a/named_pipes.patch b/named_pipes.patch new file mode 100644 index 0000000..3d88feb --- /dev/null +++ b/named_pipes.patch @@ -0,0 +1,13 @@ +diff --git a/container.te b/container.te +index dbf3cdc..6472d1d 100644 +--- a/container.te ++++ b/container.te +@@ -850,7 +850,7 @@ fs_manage_fusefs_dirs(container_domain) + fs_manage_fusefs_files(container_domain) + fs_manage_fusefs_symlinks(container_domain) + fs_manage_fusefs_named_sockets(container_domain) +-fs_manage_fusefs_named_pipes(container_domain) ++#fs_manage_fusefs_named_pipes(container_domain) + fs_exec_fusefs_files(container_domain) + fs_unmount_xattr_fs(container_domain) + fs_mount_fusefs(container_domain) From 6b6fe26acb00fc32e90a8e4e373a967092bb6735 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 12 Apr 2019 12:49:18 -0400 Subject: [PATCH 33/78] Allow containers to read/write sysctl_kernel_ns_last_pid_t Allow containers to manage fusefs sockets and named pipes --- .gitignore | 1 + container-selinux.spec | 11 +++++++++-- sources | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index c4af282..ff3c090 100644 --- a/.gitignore +++ b/.gitignore @@ -86,3 +86,4 @@ /container-selinux-acc6941.tar.gz /container-selinux-1e99f1d.tar.gz /container-selinux-e3ebc68.tar.gz +/container-selinux-a6c9822.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index d183cce..2256278 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 e3ebc6845ce8a5427b521e3f4087dab8e383a550 +%global commit0 a6c98225aa149b432c0b752c15da760d5559647d %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.95 +Version: 2.97 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,13 @@ fi %{_datadir}/selinux/* %changelog +* Fri Apr 12 2019 Dan Walsh - 2.97-1 +- Allow containers to read/write sysctl_kernel_ns_last_pid_t +- Allow containers to manage fusefs sockets and named pipes + +* Thu Apr 4 2019 Dan Walsh - 2.96-1 +- Allow containers to read/write sysctl_kernel_ns_last_pid_t + * Mon Apr 1 2019 Dan Walsh - 2.95-1 - Allow containers to create fusefs sockets and named pipes diff --git a/sources b/sources index 52e8f73..c467ad6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-e3ebc68.tar.gz) = 0487c6d1163c956c47cfc158ca3c41501c080428324d8dddc8cda31af282cd4cdc2f2eb9dcfd64e49dda59b26df6d9c9a253e00fcb91b36f1c8fa1a3ec272d2a +SHA512 (container-selinux-a6c9822.tar.gz) = 285c481a04ebc0697270d7f3c0f4e02c8f2da305e256fbebd1b8e9f689d27a0adb1129a50181e98036d87e20eb7440844ce30168649f6b19deacd844205a5a4e From 808867257b40d00622c9667f4897aed0085fb279 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 12 Apr 2019 12:49:36 -0400 Subject: [PATCH 34/78] Allow containers to read/write sysctl_kernel_ns_last_pid_t Allow containers to manage fusefs sockets and named pipes --- .gitignore | 1 + container-selinux.spec | 12 +++++++++--- sources | 2 +- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index c4af282..ff3c090 100644 --- a/.gitignore +++ b/.gitignore @@ -86,3 +86,4 @@ /container-selinux-acc6941.tar.gz /container-selinux-1e99f1d.tar.gz /container-selinux-e3ebc68.tar.gz +/container-selinux-a6c9822.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index a41cd2a..2256278 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 e3ebc6845ce8a5427b521e3f4087dab8e383a550 +%global commit0 a6c98225aa149b432c0b752c15da760d5559647d %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,13 +26,12 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.95 +Version: 2.97 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz -Patch1: named_pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) @@ -110,6 +109,13 @@ fi %{_datadir}/selinux/* %changelog +* Fri Apr 12 2019 Dan Walsh - 2.97-1 +- Allow containers to read/write sysctl_kernel_ns_last_pid_t +- Allow containers to manage fusefs sockets and named pipes + +* Thu Apr 4 2019 Dan Walsh - 2.96-1 +- Allow containers to read/write sysctl_kernel_ns_last_pid_t + * Mon Apr 1 2019 Dan Walsh - 2.95-1 - Allow containers to create fusefs sockets and named pipes diff --git a/sources b/sources index 52e8f73..c467ad6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-e3ebc68.tar.gz) = 0487c6d1163c956c47cfc158ca3c41501c080428324d8dddc8cda31af282cd4cdc2f2eb9dcfd64e49dda59b26df6d9c9a253e00fcb91b36f1c8fa1a3ec272d2a +SHA512 (container-selinux-a6c9822.tar.gz) = 285c481a04ebc0697270d7f3c0f4e02c8f2da305e256fbebd1b8e9f689d27a0adb1129a50181e98036d87e20eb7440844ce30168649f6b19deacd844205a5a4e From 0e9558002d07c4f8b72f26dadd4fbce5d35f1d81 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 15 Apr 2019 09:15:06 -0400 Subject: [PATCH 35/78] Allow iptables to append to container_file_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index ff3c090..759e0ee 100644 --- a/.gitignore +++ b/.gitignore @@ -87,3 +87,4 @@ /container-selinux-1e99f1d.tar.gz /container-selinux-e3ebc68.tar.gz /container-selinux-a6c9822.tar.gz +/container-selinux-aa7b807.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 2256278..7066869 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 a6c98225aa149b432c0b752c15da760d5559647d +%global commit0 aa7b8073fc449efad54710b0325a0e5eaf7b3479 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.97 +Version: 2.98 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 15 2019 Dan Walsh - 2.98-1 +- Allow iptables to append to container_file_t + * Fri Apr 12 2019 Dan Walsh - 2.97-1 - Allow containers to read/write sysctl_kernel_ns_last_pid_t - Allow containers to manage fusefs sockets and named pipes diff --git a/sources b/sources index c467ad6..291237d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-a6c9822.tar.gz) = 285c481a04ebc0697270d7f3c0f4e02c8f2da305e256fbebd1b8e9f689d27a0adb1129a50181e98036d87e20eb7440844ce30168649f6b19deacd844205a5a4e +SHA512 (container-selinux-aa7b807.tar.gz) = 65e754254a81985f60fc54502e179c772d48d43a9fef007fbd85842df844e4d3ccaeb679edff332cd22583163e79d21c5bf062b04f960b833fc100c85fb0a169 From ff634aad591e5a5bbceb735e0687a019f0ba4a90 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 15 Apr 2019 09:15:42 -0400 Subject: [PATCH 36/78] Allow iptables to append to container_file_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index ff3c090..759e0ee 100644 --- a/.gitignore +++ b/.gitignore @@ -87,3 +87,4 @@ /container-selinux-1e99f1d.tar.gz /container-selinux-e3ebc68.tar.gz /container-selinux-a6c9822.tar.gz +/container-selinux-aa7b807.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 2256278..7066869 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 a6c98225aa149b432c0b752c15da760d5559647d +%global commit0 aa7b8073fc449efad54710b0325a0e5eaf7b3479 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.97 +Version: 2.98 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 15 2019 Dan Walsh - 2.98-1 +- Allow iptables to append to container_file_t + * Fri Apr 12 2019 Dan Walsh - 2.97-1 - Allow containers to read/write sysctl_kernel_ns_last_pid_t - Allow containers to manage fusefs sockets and named pipes diff --git a/sources b/sources index c467ad6..291237d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-a6c9822.tar.gz) = 285c481a04ebc0697270d7f3c0f4e02c8f2da305e256fbebd1b8e9f689d27a0adb1129a50181e98036d87e20eb7440844ce30168649f6b19deacd844205a5a4e +SHA512 (container-selinux-aa7b807.tar.gz) = 65e754254a81985f60fc54502e179c772d48d43a9fef007fbd85842df844e4d3ccaeb679edff332cd22583163e79d21c5bf062b04f960b833fc100c85fb0a169 From 9a06fb01049838f59ddb302cf590936b150ff58e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 17 Apr 2019 12:01:36 -0400 Subject: [PATCH 37/78] Allow iptables to append to container_file_t --- container-selinux.spec | 1 + pipes.patch | 13 +++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 pipes.patch diff --git a/container-selinux.spec b/container-selinux.spec index 7066869..98580eb 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -32,6 +32,7 @@ License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +Patch: pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) diff --git a/pipes.patch b/pipes.patch new file mode 100644 index 0000000..19d2141 --- /dev/null +++ b/pipes.patch @@ -0,0 +1,13 @@ +diff --git a/container.te b/container.te +index 04267bd..56d4a6e 100644 +--- a/container.te ++++ b/container.te +@@ -850,7 +850,7 @@ fs_manage_fusefs_dirs(container_domain) + fs_manage_fusefs_files(container_domain) + fs_manage_fusefs_symlinks(container_domain) + fs_manage_fusefs_named_sockets(container_domain) +-fs_manage_fusefs_named_pipes(container_domain) ++#fs_manage_fusefs_named_pipes(container_domain) + fs_exec_fusefs_files(container_domain) + fs_unmount_xattr_fs(container_domain) + fs_mount_fusefs(container_domain) From e4372592164c916f909ac1b081a3155db28e32f7 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 22 Apr 2019 16:53:18 -0400 Subject: [PATCH 38/78] Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 759e0ee..bdc68d7 100644 --- a/.gitignore +++ b/.gitignore @@ -88,3 +88,4 @@ /container-selinux-e3ebc68.tar.gz /container-selinux-a6c9822.tar.gz /container-selinux-aa7b807.tar.gz +/container-selinux-9a53d6c.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 7066869..5971abc 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 aa7b8073fc449efad54710b0325a0e5eaf7b3479 +%global commit0 9a53d6c1b9b5bd2534d94204727e101c49f4fdc2 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.98 +Version: 2.99 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 22 2019 Dan Walsh - 2.99-1 +- Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. + * Mon Apr 15 2019 Dan Walsh - 2.98-1 - Allow iptables to append to container_file_t diff --git a/sources b/sources index 291237d..d991cf6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-aa7b807.tar.gz) = 65e754254a81985f60fc54502e179c772d48d43a9fef007fbd85842df844e4d3ccaeb679edff332cd22583163e79d21c5bf062b04f960b833fc100c85fb0a169 +SHA512 (container-selinux-9a53d6c.tar.gz) = 7b9a35cea07a7a5d2c0c6376b70a9b6bdbe62effee5a0ab5f26d700a23af5c4bbf70fa6c7ac59bbe9c15286bd031eab6f57e0ad0f4155c0df2be0da8c82d8dc1 From 3ed460178cf866892174fa703f717247586a6e22 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 22 Apr 2019 16:53:34 -0400 Subject: [PATCH 39/78] Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. --- .gitignore | 1 + container-selinux.spec | 8 +++++--- sources | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 759e0ee..bdc68d7 100644 --- a/.gitignore +++ b/.gitignore @@ -88,3 +88,4 @@ /container-selinux-e3ebc68.tar.gz /container-selinux-a6c9822.tar.gz /container-selinux-aa7b807.tar.gz +/container-selinux-9a53d6c.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 98580eb..5971abc 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 aa7b8073fc449efad54710b0325a0e5eaf7b3479 +%global commit0 9a53d6c1b9b5bd2534d94204727e101c49f4fdc2 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,13 +26,12 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.98 +Version: 2.99 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz -Patch: pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) @@ -110,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Apr 22 2019 Dan Walsh - 2.99-1 +- Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. + * Mon Apr 15 2019 Dan Walsh - 2.98-1 - Allow iptables to append to container_file_t diff --git a/sources b/sources index 291237d..d991cf6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-aa7b807.tar.gz) = 65e754254a81985f60fc54502e179c772d48d43a9fef007fbd85842df844e4d3ccaeb679edff332cd22583163e79d21c5bf062b04f960b833fc100c85fb0a169 +SHA512 (container-selinux-9a53d6c.tar.gz) = 7b9a35cea07a7a5d2c0c6376b70a9b6bdbe62effee5a0ab5f26d700a23af5c4bbf70fa6c7ac59bbe9c15286bd031eab6f57e0ad0f4155c0df2be0da8c82d8dc1 From 9526f25a928a0b832a36a27b9a0ba02a8d4088e5 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 23 Apr 2019 07:55:21 -0400 Subject: [PATCH 40/78] Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. --- container-selinux.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/container-selinux.spec b/container-selinux.spec index 5971abc..e38e60a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -32,6 +32,7 @@ License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +Patch: pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) From dcf127b02460dca76f1ec1bfb94c6838005c98ff Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 23 Apr 2019 11:45:15 -0400 Subject: [PATCH 41/78] Allow containers running as spc_t to create unlabeled_t kernel keyrings --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index bdc68d7..6f0c802 100644 --- a/.gitignore +++ b/.gitignore @@ -89,3 +89,4 @@ /container-selinux-a6c9822.tar.gz /container-selinux-aa7b807.tar.gz /container-selinux-9a53d6c.tar.gz +/container-selinux-3b78187.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 5971abc..da849c1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 9a53d6c1b9b5bd2534d94204727e101c49f4fdc2 +%global commit0 3b78187c6f61bd21db58fdd620ce9510515cd864 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.99 +Version: 2.100 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Apr 23 2019 Dan Walsh - 2.100-1 +- Allow containers running as spc_t to create unlabeled_t kernel keyrings + * Mon Apr 22 2019 Dan Walsh - 2.99-1 - Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. diff --git a/sources b/sources index d991cf6..ba8d7ce 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-9a53d6c.tar.gz) = 7b9a35cea07a7a5d2c0c6376b70a9b6bdbe62effee5a0ab5f26d700a23af5c4bbf70fa6c7ac59bbe9c15286bd031eab6f57e0ad0f4155c0df2be0da8c82d8dc1 +SHA512 (container-selinux-3b78187.tar.gz) = 259812b900cd91197da0df4537aee9885cf2412241f8a5d7d81c1b1ac7481b1e615a1a984e548e2540c8b8705e32c52c0f1ce9bc64161ba38ed873e45beb0fd0 From 2a522e50c433d96e2e662f3419da9837216a95fb Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 23 Apr 2019 11:45:43 -0400 Subject: [PATCH 42/78] Allow containers running as spc_t to create unlabeled_t kernel keyrings --- .gitignore | 1 + container-selinux.spec | 8 +++++--- sources | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index bdc68d7..6f0c802 100644 --- a/.gitignore +++ b/.gitignore @@ -89,3 +89,4 @@ /container-selinux-a6c9822.tar.gz /container-selinux-aa7b807.tar.gz /container-selinux-9a53d6c.tar.gz +/container-selinux-3b78187.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e38e60a..da849c1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 9a53d6c1b9b5bd2534d94204727e101c49f4fdc2 +%global commit0 3b78187c6f61bd21db58fdd620ce9510515cd864 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,13 +26,12 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.99 +Version: 2.100 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz -Patch: pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) @@ -110,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Tue Apr 23 2019 Dan Walsh - 2.100-1 +- Allow containers running as spc_t to create unlabeled_t kernel keyrings + * Mon Apr 22 2019 Dan Walsh - 2.99-1 - Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. diff --git a/sources b/sources index d991cf6..ba8d7ce 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-9a53d6c.tar.gz) = 7b9a35cea07a7a5d2c0c6376b70a9b6bdbe62effee5a0ab5f26d700a23af5c4bbf70fa6c7ac59bbe9c15286bd031eab6f57e0ad0f4155c0df2be0da8c82d8dc1 +SHA512 (container-selinux-3b78187.tar.gz) = 259812b900cd91197da0df4537aee9885cf2412241f8a5d7d81c1b1ac7481b1e615a1a984e548e2540c8b8705e32c52c0f1ce9bc64161ba38ed873e45beb0fd0 From 17aec7dc55ef8777248ffe0c0d182f4e01986c16 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 23 Apr 2019 11:46:31 -0400 Subject: [PATCH 43/78] Allow containers running as spc_t to create unlabeled_t kernel keyrings --- container-selinux.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/container-selinux.spec b/container-selinux.spec index da849c1..e0c95aa 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -32,6 +32,7 @@ License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +Patch: named_pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) From fdf3e874a74e61b690a2c2be45ac06500a7603d5 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 3 May 2019 15:32:51 -0400 Subject: [PATCH 44/78] Allow containers to read rpm cache and rpm databse --- .gitignore | 1 + container-selinux.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 6f0c802..dcca350 100644 --- a/.gitignore +++ b/.gitignore @@ -90,3 +90,4 @@ /container-selinux-aa7b807.tar.gz /container-selinux-9a53d6c.tar.gz /container-selinux-3b78187.tar.gz +/container-selinux-b0061dc.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index da849c1..326f5ac 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 3b78187c6f61bd21db58fdd620ce9510515cd864 +%global commit0 b0061dc4182fb90f335f37e8b62c7a3b7e64dd09 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.100 +Version: 2.101 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -94,7 +94,7 @@ matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedi %postun if [ $1 -eq 0 ]; then -%{_sbindir}/semodule -n -r %{modulenames} docker &> /dev/null || : +%{_sbindir}/semodule -n -r %{modulenames} &> /dev/null || : if %{_sbindir}/selinuxenabled ; then %{_sbindir}/load_policy %relabel_files @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri May 3 2019 Dan Walsh - 2.101-1 +- Allow containers to read rpm cache and rpm databse + * Tue Apr 23 2019 Dan Walsh - 2.100-1 - Allow containers running as spc_t to create unlabeled_t kernel keyrings diff --git a/sources b/sources index ba8d7ce..c727f46 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-3b78187.tar.gz) = 259812b900cd91197da0df4537aee9885cf2412241f8a5d7d81c1b1ac7481b1e615a1a984e548e2540c8b8705e32c52c0f1ce9bc64161ba38ed873e45beb0fd0 +SHA512 (container-selinux-b0061dc.tar.gz) = 74b8ce388cc6d8b2344f3f9652bba065308b6711f88e71fcb9556413c520be1a11af4fbf399dfd5c61dc608f7e6be5566683d64383cfb46789986bb9c24bb55d From f0d0d81cd35760b8eaddad3df228639ea995d7a9 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 3 May 2019 15:33:12 -0400 Subject: [PATCH 45/78] Allow containers to read rpm cache and rpm databse --- .gitignore | 1 + container-selinux.spec | 10 ++++++---- sources | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 6f0c802..dcca350 100644 --- a/.gitignore +++ b/.gitignore @@ -90,3 +90,4 @@ /container-selinux-aa7b807.tar.gz /container-selinux-9a53d6c.tar.gz /container-selinux-3b78187.tar.gz +/container-selinux-b0061dc.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e0c95aa..326f5ac 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 3b78187c6f61bd21db58fdd620ce9510515cd864 +%global commit0 b0061dc4182fb90f335f37e8b62c7a3b7e64dd09 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,13 +26,12 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.100 +Version: 2.101 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz -Patch: named_pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) @@ -95,7 +94,7 @@ matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedi %postun if [ $1 -eq 0 ]; then -%{_sbindir}/semodule -n -r %{modulenames} docker &> /dev/null || : +%{_sbindir}/semodule -n -r %{modulenames} &> /dev/null || : if %{_sbindir}/selinuxenabled ; then %{_sbindir}/load_policy %relabel_files @@ -110,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri May 3 2019 Dan Walsh - 2.101-1 +- Allow containers to read rpm cache and rpm databse + * Tue Apr 23 2019 Dan Walsh - 2.100-1 - Allow containers running as spc_t to create unlabeled_t kernel keyrings diff --git a/sources b/sources index ba8d7ce..c727f46 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-3b78187.tar.gz) = 259812b900cd91197da0df4537aee9885cf2412241f8a5d7d81c1b1ac7481b1e615a1a984e548e2540c8b8705e32c52c0f1ce9bc64161ba38ed873e45beb0fd0 +SHA512 (container-selinux-b0061dc.tar.gz) = 74b8ce388cc6d8b2344f3f9652bba065308b6711f88e71fcb9556413c520be1a11af4fbf399dfd5c61dc608f7e6be5566683d64383cfb46789986bb9c24bb55d From 9394b3f69b7d7abaa5e0960d6e1b775ba60aff31 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 3 May 2019 16:23:48 -0400 Subject: [PATCH 46/78] Allow containers to read rpm cache and rpm databse --- container-selinux.spec | 1 + kmod.patch | 13 +++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 kmod.patch diff --git a/container-selinux.spec b/container-selinux.spec index 326f5ac..99f51a1 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -32,6 +32,7 @@ License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +Patch: kmod.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) diff --git a/kmod.patch b/kmod.patch new file mode 100644 index 0000000..244049b --- /dev/null +++ b/kmod.patch @@ -0,0 +1,13 @@ +diff --git a/container.te b/container.te +index a14f0b2..9d9ea34 100644 +--- a/container.te ++++ b/container.te +@@ -422,7 +422,7 @@ term_getattr_pty_fs(container_runtime_t) + term_relabel_pty_fs(container_runtime_t) + term_mounton_unallocated_ttys(container_runtime_t) + +-modutils_domtrans_kmod(container_runtime_t) ++modutils_domtrans_insmod(container_runtime_t) + + systemd_status_all_unit_files(container_runtime_t) + systemd_start_systemd_services(container_runtime_t) From d4c21a815bcf23fbba394ebb8eab6a7119689e2e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 4 May 2019 07:31:14 -0400 Subject: [PATCH 47/78] Allow containers to read rpm cache and rpm databse --- container-selinux.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/container-selinux.spec b/container-selinux.spec index 99f51a1..52b8994 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,6 +33,7 @@ URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Patch: kmod.patch +Patch1: named_pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) From 0016135c46dcf66fb25f56d65a44011286902f25 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 12 May 2019 06:51:22 -0400 Subject: [PATCH 48/78] Allow all container domains to be entered from container_file_t --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index dcca350..af438ef 100644 --- a/.gitignore +++ b/.gitignore @@ -91,3 +91,4 @@ /container-selinux-9a53d6c.tar.gz /container-selinux-3b78187.tar.gz /container-selinux-b0061dc.tar.gz +/container-selinux-1c24dcb.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 326f5ac..1537aef 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 b0061dc4182fb90f335f37e8b62c7a3b7e64dd09 +%global commit0 1c24dcb7f081102acb48e7b95788442ba7b6c57f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.101 +Version: 2.102 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Sun May 12 2019 Dan Walsh - 2.102-1 +- Allow all container domains to be entered from container_file_t + * Fri May 3 2019 Dan Walsh - 2.101-1 - Allow containers to read rpm cache and rpm databse diff --git a/sources b/sources index c727f46..8403962 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-b0061dc.tar.gz) = 74b8ce388cc6d8b2344f3f9652bba065308b6711f88e71fcb9556413c520be1a11af4fbf399dfd5c61dc608f7e6be5566683d64383cfb46789986bb9c24bb55d +SHA512 (container-selinux-1c24dcb.tar.gz) = 884272ffe45054019317a849c7a9b939d368c5dfb71f59d6cf123e4552f8a080dbcda071b85bff279058bad33d5c30a8dc5dca5f8c30d1cac45a03b03ac6bad9 From 9ec0da0096148dfb180390726b5e2c1394c965c3 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 12 May 2019 07:17:15 -0400 Subject: [PATCH 49/78] Allow all container domains to be entered from container_file_t --- .gitignore | 1 + container-selinux.spec | 9 +++++---- sources | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index dcca350..af438ef 100644 --- a/.gitignore +++ b/.gitignore @@ -91,3 +91,4 @@ /container-selinux-9a53d6c.tar.gz /container-selinux-3b78187.tar.gz /container-selinux-b0061dc.tar.gz +/container-selinux-1c24dcb.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 52b8994..1537aef 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 b0061dc4182fb90f335f37e8b62c7a3b7e64dd09 +%global commit0 1c24dcb7f081102acb48e7b95788442ba7b6c57f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,14 +26,12 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.101 +Version: 2.102 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz -Patch: kmod.patch -Patch1: named_pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) @@ -111,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Sun May 12 2019 Dan Walsh - 2.102-1 +- Allow all container domains to be entered from container_file_t + * Fri May 3 2019 Dan Walsh - 2.101-1 - Allow containers to read rpm cache and rpm databse diff --git a/sources b/sources index c727f46..8403962 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-b0061dc.tar.gz) = 74b8ce388cc6d8b2344f3f9652bba065308b6711f88e71fcb9556413c520be1a11af4fbf399dfd5c61dc608f7e6be5566683d64383cfb46789986bb9c24bb55d +SHA512 (container-selinux-1c24dcb.tar.gz) = 884272ffe45054019317a849c7a9b939d368c5dfb71f59d6cf123e4552f8a080dbcda071b85bff279058bad33d5c30a8dc5dca5f8c30d1cac45a03b03ac6bad9 From 1e3a6672c90c6b3b358e835cb19eb1cd45060d6d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 17 May 2019 16:37:40 -0400 Subject: [PATCH 50/78] Set proper labeling for container volumes --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index af438ef..6ae87bb 100644 --- a/.gitignore +++ b/.gitignore @@ -92,3 +92,4 @@ /container-selinux-3b78187.tar.gz /container-selinux-b0061dc.tar.gz /container-selinux-1c24dcb.tar.gz +/container-selinux-b275a1f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1537aef..f62f8f6 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 1c24dcb7f081102acb48e7b95788442ba7b6c57f +%global commit0 b275a1f887c98ff545a22252c39085594cfffca4 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.102 +Version: 2.103 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri May 17 2019 Dan Walsh - 2.103-1 +- Set proper labeling for container volumes + * Sun May 12 2019 Dan Walsh - 2.102-1 - Allow all container domains to be entered from container_file_t diff --git a/sources b/sources index 8403962..d053aa8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-1c24dcb.tar.gz) = 884272ffe45054019317a849c7a9b939d368c5dfb71f59d6cf123e4552f8a080dbcda071b85bff279058bad33d5c30a8dc5dca5f8c30d1cac45a03b03ac6bad9 +SHA512 (container-selinux-b275a1f.tar.gz) = 7a7287cfb0b573bf9784a7c68f04f11c65169dcc6712e8dff567ece159a6c347c6c023043f364ae64ab02ac86288ee7a689b3b16ea0fd06a608138c34b91bee0 From 997fde0ceb7bd155d34d8fd9a9c4b545b7e29cd0 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 17 May 2019 16:38:00 -0400 Subject: [PATCH 51/78] Set proper labeling for container volumes --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index af438ef..6ae87bb 100644 --- a/.gitignore +++ b/.gitignore @@ -92,3 +92,4 @@ /container-selinux-3b78187.tar.gz /container-selinux-b0061dc.tar.gz /container-selinux-1c24dcb.tar.gz +/container-selinux-b275a1f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1537aef..f62f8f6 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 1c24dcb7f081102acb48e7b95788442ba7b6c57f +%global commit0 b275a1f887c98ff545a22252c39085594cfffca4 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.102 +Version: 2.103 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri May 17 2019 Dan Walsh - 2.103-1 +- Set proper labeling for container volumes + * Sun May 12 2019 Dan Walsh - 2.102-1 - Allow all container domains to be entered from container_file_t diff --git a/sources b/sources index 8403962..d053aa8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-1c24dcb.tar.gz) = 884272ffe45054019317a849c7a9b939d368c5dfb71f59d6cf123e4552f8a080dbcda071b85bff279058bad33d5c30a8dc5dca5f8c30d1cac45a03b03ac6bad9 +SHA512 (container-selinux-b275a1f.tar.gz) = 7a7287cfb0b573bf9784a7c68f04f11c65169dcc6712e8dff567ece159a6c347c6c023043f364ae64ab02ac86288ee7a689b3b16ea0fd06a608138c34b91bee0 From 0774c8f1f41c59fcbfcd17ac44cae41e4b182f6f Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 3 Jun 2019 06:52:39 +0200 Subject: [PATCH 52/78] Set proper labeling for container volumes in SilverBlue --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 6ae87bb..19505f1 100644 --- a/.gitignore +++ b/.gitignore @@ -93,3 +93,4 @@ /container-selinux-b0061dc.tar.gz /container-selinux-1c24dcb.tar.gz /container-selinux-b275a1f.tar.gz +/container-selinux-7baad79.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index f62f8f6..e1875fe 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 b275a1f887c98ff545a22252c39085594cfffca4 +%global commit0 7baad79ed099c333465157a8c981d4393a381304 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.103 +Version: 2.104 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jun 3 2019 Dan Walsh - 2.104-1 +- Set proper labeling for container volumes in SilverBlue + * Fri May 17 2019 Dan Walsh - 2.103-1 - Set proper labeling for container volumes diff --git a/sources b/sources index d053aa8..bd36024 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-b275a1f.tar.gz) = 7a7287cfb0b573bf9784a7c68f04f11c65169dcc6712e8dff567ece159a6c347c6c023043f364ae64ab02ac86288ee7a689b3b16ea0fd06a608138c34b91bee0 +SHA512 (container-selinux-7baad79.tar.gz) = 9ac2e28bd0f435b24f1705c06875b94d6a4e4cebe7db4a2c3ad23b8dbda4f96e114acf963065f85327102ec7b179bd21d6b54d1c47b9ca04b06c811f714952da From ae2f548c26169924ee3f71c78c5c62fecde795e8 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 3 Jun 2019 06:53:01 +0200 Subject: [PATCH 53/78] Set proper labeling for container volumes in SilverBlue --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 6ae87bb..19505f1 100644 --- a/.gitignore +++ b/.gitignore @@ -93,3 +93,4 @@ /container-selinux-b0061dc.tar.gz /container-selinux-1c24dcb.tar.gz /container-selinux-b275a1f.tar.gz +/container-selinux-7baad79.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index f62f8f6..e1875fe 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 b275a1f887c98ff545a22252c39085594cfffca4 +%global commit0 7baad79ed099c333465157a8c981d4393a381304 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.103 +Version: 2.104 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jun 3 2019 Dan Walsh - 2.104-1 +- Set proper labeling for container volumes in SilverBlue + * Fri May 17 2019 Dan Walsh - 2.103-1 - Set proper labeling for container volumes diff --git a/sources b/sources index d053aa8..bd36024 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-b275a1f.tar.gz) = 7a7287cfb0b573bf9784a7c68f04f11c65169dcc6712e8dff567ece159a6c347c6c023043f364ae64ab02ac86288ee7a689b3b16ea0fd06a608138c34b91bee0 +SHA512 (container-selinux-7baad79.tar.gz) = 9ac2e28bd0f435b24f1705c06875b94d6a4e4cebe7db4a2c3ad23b8dbda4f96e114acf963065f85327102ec7b179bd21d6b54d1c47b9ca04b06c811f714952da From 34aadca2534ac2383500379e7c0ef737b11af460 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 3 Jun 2019 18:56:12 +0200 Subject: [PATCH 54/78] Set proper labeling for container volumes in SilverBlue --- container-selinux.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/container-selinux.spec b/container-selinux.spec index e1875fe..b7158f0 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -32,6 +32,8 @@ License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +Patch: kmod.patch +Patch1: named_pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) From 2518497b73b3b3a782ab9fac35a57c76062a0313 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 11 Jun 2019 15:05:00 -0400 Subject: [PATCH 55/78] Allow all unconfined domains to manage unlabeled keyrings Add labeling for kubernetes pods --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 19505f1..a747661 100644 --- a/.gitignore +++ b/.gitignore @@ -94,3 +94,4 @@ /container-selinux-1c24dcb.tar.gz /container-selinux-b275a1f.tar.gz /container-selinux-7baad79.tar.gz +/container-selinux-fc7111d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e1875fe..fc2a771 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 7baad79ed099c333465157a8c981d4393a381304 +%global commit0 fc7111d5a9649a3fd21972e190be505c1efdd8be %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.104 +Version: 2.106 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Tue Jun 11 2019 Dan Walsh - 2.106-1 +- Allow all unconfined domains to manage unlabeled keyrings +- Add labeling for kubernetes pods + * Mon Jun 3 2019 Dan Walsh - 2.104-1 - Set proper labeling for container volumes in SilverBlue diff --git a/sources b/sources index bd36024..27ec454 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-7baad79.tar.gz) = 9ac2e28bd0f435b24f1705c06875b94d6a4e4cebe7db4a2c3ad23b8dbda4f96e114acf963065f85327102ec7b179bd21d6b54d1c47b9ca04b06c811f714952da +SHA512 (container-selinux-fc7111d.tar.gz) = 4e72112d708d0c3693918aa4bbfb0a6362d393be31350195c18ef72ef2eef29e5b2ae0c91f3c882cd3c000cd03d475fb1443d52213ba20b6eb5add90b2ef1e54 From 50cf650f1f62ed87e5a2336151232f71ea224560 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 11 Jun 2019 15:05:34 -0400 Subject: [PATCH 56/78] Allow all unconfined domains to manage unlabeled keyrings Add labeling for kubernetes pods --- .gitignore | 1 + container-selinux.spec | 10 ++++++---- sources | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 19505f1..a747661 100644 --- a/.gitignore +++ b/.gitignore @@ -94,3 +94,4 @@ /container-selinux-1c24dcb.tar.gz /container-selinux-b275a1f.tar.gz /container-selinux-7baad79.tar.gz +/container-selinux-fc7111d.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index b7158f0..fc2a771 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 7baad79ed099c333465157a8c981d4393a381304 +%global commit0 fc7111d5a9649a3fd21972e190be505c1efdd8be %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,14 +26,12 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.104 +Version: 2.106 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz -Patch: kmod.patch -Patch1: named_pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) @@ -111,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Tue Jun 11 2019 Dan Walsh - 2.106-1 +- Allow all unconfined domains to manage unlabeled keyrings +- Add labeling for kubernetes pods + * Mon Jun 3 2019 Dan Walsh - 2.104-1 - Set proper labeling for container volumes in SilverBlue diff --git a/sources b/sources index bd36024..27ec454 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-7baad79.tar.gz) = 9ac2e28bd0f435b24f1705c06875b94d6a4e4cebe7db4a2c3ad23b8dbda4f96e114acf963065f85327102ec7b179bd21d6b54d1c47b9ca04b06c811f714952da +SHA512 (container-selinux-fc7111d.tar.gz) = 4e72112d708d0c3693918aa4bbfb0a6362d393be31350195c18ef72ef2eef29e5b2ae0c91f3c882cd3c000cd03d475fb1443d52213ba20b6eb5add90b2ef1e54 From ed41321f64cfd3e99eff1892363a6e643864a10d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 11 Jun 2019 15:06:46 -0400 Subject: [PATCH 57/78] Allow all unconfined domains to manage unlabeled keyrings Add labeling for kubernetes pods --- container-selinux.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/container-selinux.spec b/container-selinux.spec index fc2a771..fafbd61 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -32,6 +32,8 @@ License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +PATCH0: kmod.patch +PATCH1: pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) From c0ee28ad0faab0e2680864eca366d45df23c379c Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 19 Jun 2019 13:34:06 -0400 Subject: [PATCH 58/78] Allow containers to manipulate Onload files. --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index a747661..9548df9 100644 --- a/.gitignore +++ b/.gitignore @@ -95,3 +95,4 @@ /container-selinux-b275a1f.tar.gz /container-selinux-7baad79.tar.gz /container-selinux-fc7111d.tar.gz +/container-selinux-453b816.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index fc2a771..e1075fc 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 fc7111d5a9649a3fd21972e190be505c1efdd8be +%global commit0 453b816c74ca17ca891d44a4036a38ea8b3c6593 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.106 +Version: 2.107 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Jun 14 2019 Dan Walsh - 2.107-1 +- Allow containers to manipulate Onload files. + * Tue Jun 11 2019 Dan Walsh - 2.106-1 - Allow all unconfined domains to manage unlabeled keyrings - Add labeling for kubernetes pods diff --git a/sources b/sources index 27ec454..698dc99 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-fc7111d.tar.gz) = 4e72112d708d0c3693918aa4bbfb0a6362d393be31350195c18ef72ef2eef29e5b2ae0c91f3c882cd3c000cd03d475fb1443d52213ba20b6eb5add90b2ef1e54 +SHA512 (container-selinux-453b816.tar.gz) = 99c36aca1fd5ac71802892bcdfde74ae194dcb2b9b51cc99df86b5b7c80440478110d778e407b8a3dc167f3ad4b0aa8d753cd8878ef15bad2e6c0f8b4d98f2f6 From 609ba9a2a082319cf61d7e72fcaab7c38a66e23b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 19 Jun 2019 13:35:03 -0400 Subject: [PATCH 59/78] Allow containers to manipulate Onload files. --- .gitignore | 1 + container-selinux.spec | 9 +++++---- sources | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index a747661..9548df9 100644 --- a/.gitignore +++ b/.gitignore @@ -95,3 +95,4 @@ /container-selinux-b275a1f.tar.gz /container-selinux-7baad79.tar.gz /container-selinux-fc7111d.tar.gz +/container-selinux-453b816.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index fafbd61..e1075fc 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 fc7111d5a9649a3fd21972e190be505c1efdd8be +%global commit0 453b816c74ca17ca891d44a4036a38ea8b3c6593 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,14 +26,12 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.106 +Version: 2.107 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz -PATCH0: kmod.patch -PATCH1: pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) @@ -111,6 +109,9 @@ fi %{_datadir}/selinux/* %changelog +* Fri Jun 14 2019 Dan Walsh - 2.107-1 +- Allow containers to manipulate Onload files. + * Tue Jun 11 2019 Dan Walsh - 2.106-1 - Allow all unconfined domains to manage unlabeled keyrings - Add labeling for kubernetes pods diff --git a/sources b/sources index 27ec454..698dc99 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-fc7111d.tar.gz) = 4e72112d708d0c3693918aa4bbfb0a6362d393be31350195c18ef72ef2eef29e5b2ae0c91f3c882cd3c000cd03d475fb1443d52213ba20b6eb5add90b2ef1e54 +SHA512 (container-selinux-453b816.tar.gz) = 99c36aca1fd5ac71802892bcdfde74ae194dcb2b9b51cc99df86b5b7c80440478110d778e407b8a3dc167f3ad4b0aa8d753cd8878ef15bad2e6c0f8b4d98f2f6 From 0a6de2faa0cadbb6db2fd8f960f67b7c92684e4d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 8 Jul 2019 13:40:35 -0400 Subject: [PATCH 60/78] Allow containers to accept connections on all socket types Allow containers to connect to gssproxy stream sockets if added to container --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 9548df9..16379be 100644 --- a/.gitignore +++ b/.gitignore @@ -96,3 +96,4 @@ /container-selinux-7baad79.tar.gz /container-selinux-fc7111d.tar.gz /container-selinux-453b816.tar.gz +/container-selinux-db771da.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e1075fc..5b20d9b 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 453b816c74ca17ca891d44a4036a38ea8b3c6593 +%global commit0 db771da27119098fe9aefb1c02033e496d5c8760 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.107 +Version: 2.109 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jul 8 2019 Dan Walsh - 2.109-1 +- Allow containers to accept connections on all socket types +- Allow containers to connect to gssproxy stream sockets if added to container + * Fri Jun 14 2019 Dan Walsh - 2.107-1 - Allow containers to manipulate Onload files. diff --git a/sources b/sources index 698dc99..2ad7730 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-453b816.tar.gz) = 99c36aca1fd5ac71802892bcdfde74ae194dcb2b9b51cc99df86b5b7c80440478110d778e407b8a3dc167f3ad4b0aa8d753cd8878ef15bad2e6c0f8b4d98f2f6 +SHA512 (container-selinux-db771da.tar.gz) = 880d656b56e94d4045073cfaf4738bbcf5bcd91f451bafa523ca4df6aed20f7fa2074f8b9bb2dc28bf33a3acd981e6fc349919bf6e7f3c946cc046dc66014a89 From fe77e5f73a43e975279f0c977af1536c6dc12e4d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 8 Jul 2019 13:40:54 -0400 Subject: [PATCH 61/78] Allow containers to accept connections on all socket types Allow containers to connect to gssproxy stream sockets if added to container --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 9548df9..16379be 100644 --- a/.gitignore +++ b/.gitignore @@ -96,3 +96,4 @@ /container-selinux-7baad79.tar.gz /container-selinux-fc7111d.tar.gz /container-selinux-453b816.tar.gz +/container-selinux-db771da.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e1075fc..5b20d9b 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 453b816c74ca17ca891d44a4036a38ea8b3c6593 +%global commit0 db771da27119098fe9aefb1c02033e496d5c8760 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.107 +Version: 2.109 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jul 8 2019 Dan Walsh - 2.109-1 +- Allow containers to accept connections on all socket types +- Allow containers to connect to gssproxy stream sockets if added to container + * Fri Jun 14 2019 Dan Walsh - 2.107-1 - Allow containers to manipulate Onload files. diff --git a/sources b/sources index 698dc99..2ad7730 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-453b816.tar.gz) = 99c36aca1fd5ac71802892bcdfde74ae194dcb2b9b51cc99df86b5b7c80440478110d778e407b8a3dc167f3ad4b0aa8d753cd8878ef15bad2e6c0f8b4d98f2f6 +SHA512 (container-selinux-db771da.tar.gz) = 880d656b56e94d4045073cfaf4738bbcf5bcd91f451bafa523ca4df6aed20f7fa2074f8b9bb2dc28bf33a3acd981e6fc349919bf6e7f3c946cc046dc66014a89 From df05b5d9fba4169205e203cb30f0c6acf824692b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 8 Jul 2019 16:31:41 -0400 Subject: [PATCH 62/78] Allow containers to accept connections on all socket types Allow containers to connect to gssproxy stream sockets if added to container --- container-selinux.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/container-selinux.spec b/container-selinux.spec index 5b20d9b..e4bd4c3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -32,6 +32,8 @@ License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +PATCH0: kmod.patch +PATCH1: pipes.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) From 42c03a171f7db5994311b55b1e0b9c88f09664ce Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Mon, 15 Jul 2019 02:25:08 +0000 Subject: [PATCH 63/78] container-selinux-2:2.109.0-2.gitdb771da - bump to 2.109.0 - autobuilt db771da Signed-off-by: Lokesh Mandvekar (Bot) --- container-selinux.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 5b20d9b..e5b88ce 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -26,8 +26,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.109 -Release: 1.git%{shortcommit0}%{?dist} +Version: 2.109.0 +Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Mon Jul 15 2019 Lokesh Mandvekar (Bot) - 2:2.109.0-2.gitdb771da +- bump to 2.109.0 +- autobuilt db771da + * Mon Jul 8 2019 Dan Walsh - 2.109-1 - Allow containers to accept connections on all socket types - Allow containers to connect to gssproxy stream sockets if added to container From 800ae5382208235bf6b91fb89f42776af1ebbd1d Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Wed, 17 Jul 2019 13:15:43 +0000 Subject: [PATCH 64/78] container-selinux-2:2.110.0-2.git544d71f - bump to 2.110.0 - autobuilt 544d71f Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 16379be..0536b0f 100644 --- a/.gitignore +++ b/.gitignore @@ -97,3 +97,4 @@ /container-selinux-fc7111d.tar.gz /container-selinux-453b816.tar.gz /container-selinux-db771da.tar.gz +/container-selinux-544d71f.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index e5b88ce..83bc3df 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux -%global commit0 db771da27119098fe9aefb1c02033e496d5c8760 +%global commit0 544d71ff87f427664ff65cfb94b6ad068af689a7 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -26,7 +26,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.109.0 +Version: 2.110.0 Release: 2.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,10 @@ fi %{_datadir}/selinux/* %changelog +* Wed Jul 17 2019 Lokesh Mandvekar (Bot) - 2:2.110.0-2.git544d71f +- bump to 2.110.0 +- autobuilt 544d71f + * Mon Jul 15 2019 Lokesh Mandvekar (Bot) - 2:2.109.0-2.gitdb771da - bump to 2.109.0 - autobuilt db771da diff --git a/sources b/sources index 2ad7730..eb69337 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-db771da.tar.gz) = 880d656b56e94d4045073cfaf4738bbcf5bcd91f451bafa523ca4df6aed20f7fa2074f8b9bb2dc28bf33a3acd981e6fc349919bf6e7f3c946cc046dc66014a89 +SHA512 (container-selinux-544d71f.tar.gz) = ef4e58d33f095899c75a880cdb8e4fb2dc9523f717666af702e4d87a6ddccf7d9695b009872f42bd4dfae01944ee0335aa4688d6ffd6199efb38aaf29f997d73 From 18222fd21f85a26109b8b585924f9c3ab7457029 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 18 Jul 2019 18:15:41 +0530 Subject: [PATCH 65/78] build for centos 7 and formatting updates Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/container-selinux.spec b/container-selinux.spec index 83bc3df..c100b88 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -1,8 +1,12 @@ -%global debug_package %{nil} +%global debug_package %{nil} # container-selinux -%global git0 https://github.com/projectatomic/container-selinux +%global git0 https://github.com/containers/container-selinux +%if 0%{?fedora} %global commit0 544d71ff87f427664ff65cfb94b6ad068af689a7 +%else +%global commit0 014f8664b9df323e9a49761c54249afa520839af +%endif %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -19,7 +23,7 @@ # Relabel files %global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*podman* %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : -# Version of SELinux we were using +# Version of SELinux we are using %global selinux_policyver 3.13.1-220 Name: container-selinux @@ -73,7 +77,7 @@ rm -rf container-selinux.spec %post # Install all modules in a single transaction if [ $1 -eq 1 ]; then - %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 + %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null @@ -84,8 +88,8 @@ if %{_sbindir}/selinuxenabled ; then %{_sbindir}/load_policy %relabel_files if [ $1 -eq 1 ]; then - restorecon -R %{_sharedstatedir}/docker &> /dev/null || : - restorecon -R %{_sharedstatedir}/containers &> /dev/null || : + restorecon -R %{_sharedstatedir}/docker &> /dev/null || : + restorecon -R %{_sharedstatedir}/containers &> /dev/null || : fi fi . %{_sysconfdir}/selinux/config From 09de749476829f57db1c44015506bac2fa18334a Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 18 Jul 2019 18:20:16 +0530 Subject: [PATCH 66/78] update release tag Signed-off-by: Lokesh Mandvekar --- container-selinux.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-selinux.spec b/container-selinux.spec index c100b88..9caf9da 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -31,7 +31,7 @@ Name: container-selinux Epoch: 2 %endif Version: 2.110.0 -Release: 2.git%{shortcommit0}%{?dist} +Release: 2%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes From 4fe4bb10ff9a3a44ebc112a3782206b46452c81b Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Thu, 18 Jul 2019 13:40:16 +0000 Subject: [PATCH 67/78] container-selinux-2:2.111.0-1 - bump to 2.111.0 - autobuilt 9a75deb for fedora - autobuilt 014f866 for centos Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 11 ++++++++--- sources | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 0536b0f..5d34d21 100644 --- a/.gitignore +++ b/.gitignore @@ -98,3 +98,4 @@ /container-selinux-453b816.tar.gz /container-selinux-db771da.tar.gz /container-selinux-544d71f.tar.gz +/container-selinux-9a75deb.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 9caf9da..1070b3a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux %if 0%{?fedora} -%global commit0 544d71ff87f427664ff65cfb94b6ad068af689a7 +%global commit0 9a75deb315f10ca3cf1295e6cd56cec2e62dbf6e %else %global commit0 014f8664b9df323e9a49761c54249afa520839af %endif @@ -30,8 +30,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.110.0 -Release: 2%{?dist} +Version: 2.111.0 +Release: 1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -113,6 +113,11 @@ fi %{_datadir}/selinux/* %changelog +* Thu Jul 18 2019 Lokesh Mandvekar (Bot) - 2:2.111.0-1 +- bump to 2.111.0 +- autobuilt 9a75deb for fedora +- autobuilt 014f866 for centos + * Wed Jul 17 2019 Lokesh Mandvekar (Bot) - 2:2.110.0-2.git544d71f - bump to 2.110.0 - autobuilt 544d71f diff --git a/sources b/sources index eb69337..622439c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-544d71f.tar.gz) = ef4e58d33f095899c75a880cdb8e4fb2dc9523f717666af702e4d87a6ddccf7d9695b009872f42bd4dfae01944ee0335aa4688d6ffd6199efb38aaf29f997d73 +SHA512 (container-selinux-9a75deb.tar.gz) = 0d6d69f49048a118e40fd6c06b8785e3eed5381ae4fe7d70e836fb61659df748b548deaaaff91eeb7ed466e70114b3c614b88218a58e286df091381706623dec From 9376ad7ceff7fd2026f60eddf2dd35c01a92bb80 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Sat, 20 Jul 2019 04:39:41 +0530 Subject: [PATCH 68/78] ensure sources file records centos branch commit Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + container-selinux.spec | 5 +++++ sources | 1 + 3 files changed, 7 insertions(+) diff --git a/.gitignore b/.gitignore index 5d34d21..5769123 100644 --- a/.gitignore +++ b/.gitignore @@ -99,3 +99,4 @@ /container-selinux-db771da.tar.gz /container-selinux-544d71f.tar.gz /container-selinux-9a75deb.tar.gz +/container-selinux-014f866.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1070b3a..fef120c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -4,6 +4,10 @@ %global git0 https://github.com/containers/container-selinux %if 0%{?fedora} %global commit0 9a75deb315f10ca3cf1295e6cd56cec2e62dbf6e +# record centos commit here as well so it can be added +# to sources file for centos cbs build +%global commit_centos 014f8664b9df323e9a49761c54249afa520839af +%global shortcommit_centos %(c=%{commit_centos}; echo ${c:0:7}) %else %global commit0 014f8664b9df323e9a49761c54249afa520839af %endif @@ -36,6 +40,7 @@ License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +Source1: %{git0}/archive/%{commit_centos}/%{name}-%{shortcommit_centos}.tar.gz BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) diff --git a/sources b/sources index 622439c..798e929 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ +SHA512 (container-selinux-014f866.tar.gz) = 2772e1549283b95bed98e3c189dc8d96b71ae0b7b4ab54dc5882439bf7a9703916ae71a1162154b99834179bb9327741e3393f3c0b95179c3ea271bd4bd6fa20 SHA512 (container-selinux-9a75deb.tar.gz) = 0d6d69f49048a118e40fd6c06b8785e3eed5381ae4fe7d70e836fb61659df748b548deaaaff91eeb7ed466e70114b3c614b88218a58e286df091381706623dec From 54a19b5516b71f48049824fdf667298162a10f44 Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Thu, 8 Aug 2019 21:26:40 +0000 Subject: [PATCH 69/78] container-selinux-2:2.112.0-2 - bump to v2.112.0 - autobuilt b68cf19 for fedora - autobuilt 014f866 for centos Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 11 ++++++++--- sources | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 5769123..6e5f5a3 100644 --- a/.gitignore +++ b/.gitignore @@ -100,3 +100,4 @@ /container-selinux-544d71f.tar.gz /container-selinux-9a75deb.tar.gz /container-selinux-014f866.tar.gz +/container-selinux-b68cf19.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index f2e127a..523fd3c 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux %if 0%{?fedora} -%global commit0 9a75deb315f10ca3cf1295e6cd56cec2e62dbf6e +%global commit0 b68cf19f1c6c920994becf8aa0dc141dec77de2a # record centos commit here as well so it can be added # to sources file for centos cbs build %global commit_centos 014f8664b9df323e9a49761c54249afa520839af @@ -34,8 +34,8 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.111.0 -Release: 1%{?dist} +Version: 2.112.0 +Release: 2%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -120,6 +120,11 @@ fi %{_datadir}/selinux/* %changelog +* Thu Aug 08 2019 Lokesh Mandvekar (Bot) - 2:2.112.0-2 +- bump to v2.112.0 +- autobuilt b68cf19 for fedora +- autobuilt 014f866 for centos + * Thu Jul 18 2019 Lokesh Mandvekar (Bot) - 2:2.111.0-1 - bump to 2.111.0 - autobuilt 9a75deb for fedora diff --git a/sources b/sources index 798e929..adc696a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (container-selinux-014f866.tar.gz) = 2772e1549283b95bed98e3c189dc8d96b71ae0b7b4ab54dc5882439bf7a9703916ae71a1162154b99834179bb9327741e3393f3c0b95179c3ea271bd4bd6fa20 -SHA512 (container-selinux-9a75deb.tar.gz) = 0d6d69f49048a118e40fd6c06b8785e3eed5381ae4fe7d70e836fb61659df748b548deaaaff91eeb7ed466e70114b3c614b88218a58e286df091381706623dec +SHA512 (container-selinux-b68cf19.tar.gz) = 25c3133277f55935ca19bdb1703079ba245def284d00c749464626d16d9ca2056dc7e9b6d806ccdf65825e3defc32540c7fbf6acdfc50c430c0da5a80a39e20f From 28d9ca3ad5c3dd6765b615ce8ff9ed4a8e64a60b Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Fri, 9 Aug 2019 19:26:10 +0000 Subject: [PATCH 70/78] container-selinux-2:2.113.0-2 - bump to v2.113.0 - autobuilt 4f7d6bb for fedora - autobuilt 014f866 for centos Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 9 +++++++-- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 6e5f5a3..ab74f5a 100644 --- a/.gitignore +++ b/.gitignore @@ -101,3 +101,4 @@ /container-selinux-9a75deb.tar.gz /container-selinux-014f866.tar.gz /container-selinux-b68cf19.tar.gz +/container-selinux-4f7d6bb.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 523fd3c..1ce4c77 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux %if 0%{?fedora} -%global commit0 b68cf19f1c6c920994becf8aa0dc141dec77de2a +%global commit0 4f7d6bb78724eb2fccd40bbaf96a668a94acc5ce # record centos commit here as well so it can be added # to sources file for centos cbs build %global commit_centos 014f8664b9df323e9a49761c54249afa520839af @@ -34,7 +34,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.112.0 +Version: 2.113.0 Release: 2%{?dist} License: GPLv2 URL: %{git0} @@ -120,6 +120,11 @@ fi %{_datadir}/selinux/* %changelog +* Fri Aug 09 2019 Lokesh Mandvekar (Bot) - 2:2.113.0-2 +- bump to v2.113.0 +- autobuilt 4f7d6bb for fedora +- autobuilt 014f866 for centos + * Thu Aug 08 2019 Lokesh Mandvekar (Bot) - 2:2.112.0-2 - bump to v2.112.0 - autobuilt b68cf19 for fedora diff --git a/sources b/sources index adc696a..f0526fd 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (container-selinux-014f866.tar.gz) = 2772e1549283b95bed98e3c189dc8d96b71ae0b7b4ab54dc5882439bf7a9703916ae71a1162154b99834179bb9327741e3393f3c0b95179c3ea271bd4bd6fa20 -SHA512 (container-selinux-b68cf19.tar.gz) = 25c3133277f55935ca19bdb1703079ba245def284d00c749464626d16d9ca2056dc7e9b6d806ccdf65825e3defc32540c7fbf6acdfc50c430c0da5a80a39e20f +SHA512 (container-selinux-4f7d6bb.tar.gz) = 74c509d0bec92d693f6673610f09346cb8b82520f178a8713064d020f1428e28e23a36200e40fe8db2fff2d1d6117f6ea33cb823a5114ad3041b222066779061 From 9ea5604865f859bd61c2fb8432a7bc939a057fcb Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Mon, 19 Aug 2019 12:30:07 +0000 Subject: [PATCH 71/78] container-selinux-2:2.114.0-2 - bump to v2.114.0 - autobuilt 028ab00 for fedora - autobuilt 014f866 for centos Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 9 +++++++-- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index ab74f5a..4598e33 100644 --- a/.gitignore +++ b/.gitignore @@ -102,3 +102,4 @@ /container-selinux-014f866.tar.gz /container-selinux-b68cf19.tar.gz /container-selinux-4f7d6bb.tar.gz +/container-selinux-028ab00.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 1ce4c77..a1f46f2 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux %if 0%{?fedora} -%global commit0 4f7d6bb78724eb2fccd40bbaf96a668a94acc5ce +%global commit0 028ab0049681265664a3bbae7501bc5bddcd6cc0 # record centos commit here as well so it can be added # to sources file for centos cbs build %global commit_centos 014f8664b9df323e9a49761c54249afa520839af @@ -34,7 +34,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.113.0 +Version: 2.114.0 Release: 2%{?dist} License: GPLv2 URL: %{git0} @@ -120,6 +120,11 @@ fi %{_datadir}/selinux/* %changelog +* Mon Aug 19 2019 Lokesh Mandvekar (Bot) - 2:2.114.0-2 +- bump to v2.114.0 +- autobuilt 028ab00 for fedora +- autobuilt 014f866 for centos + * Fri Aug 09 2019 Lokesh Mandvekar (Bot) - 2:2.113.0-2 - bump to v2.113.0 - autobuilt 4f7d6bb for fedora diff --git a/sources b/sources index f0526fd..2d5d8aa 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (container-selinux-014f866.tar.gz) = 2772e1549283b95bed98e3c189dc8d96b71ae0b7b4ab54dc5882439bf7a9703916ae71a1162154b99834179bb9327741e3393f3c0b95179c3ea271bd4bd6fa20 -SHA512 (container-selinux-4f7d6bb.tar.gz) = 74c509d0bec92d693f6673610f09346cb8b82520f178a8713064d020f1428e28e23a36200e40fe8db2fff2d1d6117f6ea33cb823a5114ad3041b222066779061 +SHA512 (container-selinux-028ab00.tar.gz) = 96ec9a26a2ceb75431891d5b914921d190df0259443eb245b850d97d5cc8796df3ddc34443d9e144740e43a9540ba295b39f70c3224caf127fa95a532ebb24dc From 437cb0fee6b51c8808428bc682aa5b0fe3c0f4cd Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Wed, 21 Aug 2019 14:37:34 +0000 Subject: [PATCH 72/78] container-selinux-2:2.115.0-2 - bump to v2.115.0 - autobuilt fddfbbb for fedora - autobuilt 42087be for centos Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 2 ++ container-selinux.spec | 13 +++++++++---- sources | 4 ++-- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 4598e33..4fb6eac 100644 --- a/.gitignore +++ b/.gitignore @@ -103,3 +103,5 @@ /container-selinux-b68cf19.tar.gz /container-selinux-4f7d6bb.tar.gz /container-selinux-028ab00.tar.gz +/container-selinux-42087be.tar.gz +/container-selinux-fddfbbb.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index a1f46f2..b58cefe 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,13 +3,13 @@ # container-selinux %global git0 https://github.com/containers/container-selinux %if 0%{?fedora} -%global commit0 028ab0049681265664a3bbae7501bc5bddcd6cc0 +%global commit0 fddfbbb7836cabeb28feffb4602f4a3ae5016cdb # record centos commit here as well so it can be added # to sources file for centos cbs build -%global commit_centos 014f8664b9df323e9a49761c54249afa520839af +%global commit_centos 42087be2482a8453f2217da47186d4c7776567b0 %global shortcommit_centos %(c=%{commit_centos}; echo ${c:0:7}) %else -%global commit0 014f8664b9df323e9a49761c54249afa520839af +%global commit0 42087be2482a8453f2217da47186d4c7776567b0 %endif %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) @@ -34,7 +34,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.114.0 +Version: 2.115.0 Release: 2%{?dist} License: GPLv2 URL: %{git0} @@ -120,6 +120,11 @@ fi %{_datadir}/selinux/* %changelog +* Wed Aug 21 2019 Lokesh Mandvekar (Bot) - 2:2.115.0-2 +- bump to v2.115.0 +- autobuilt fddfbbb for fedora +- autobuilt 42087be for centos + * Mon Aug 19 2019 Lokesh Mandvekar (Bot) - 2:2.114.0-2 - bump to v2.114.0 - autobuilt 028ab00 for fedora diff --git a/sources b/sources index 2d5d8aa..ed796a6 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (container-selinux-014f866.tar.gz) = 2772e1549283b95bed98e3c189dc8d96b71ae0b7b4ab54dc5882439bf7a9703916ae71a1162154b99834179bb9327741e3393f3c0b95179c3ea271bd4bd6fa20 -SHA512 (container-selinux-028ab00.tar.gz) = 96ec9a26a2ceb75431891d5b914921d190df0259443eb245b850d97d5cc8796df3ddc34443d9e144740e43a9540ba295b39f70c3224caf127fa95a532ebb24dc +SHA512 (container-selinux-42087be.tar.gz) = 8af6b2cc71f7619e2e994e88e42fd754cdfb5fcbc081b28633aaa6236e3c588ab30edf8307d17eddcf9d6fe9acb93b9ca2397038370bd1c0f9d91bd75cf2afd8 +SHA512 (container-selinux-fddfbbb.tar.gz) = 54b17ee82861163633afd44ae6db65a91a6b9b2ebed86df55d0378611b571118c9ef24788d2ad67b730516454fd264e44333f9cb94ff63621ee54586bf5c6eb4 From 51bea707b983469fc08ffad099c90b75a13229ce Mon Sep 17 00:00:00 2001 From: "Lokesh Mandvekar (Bot)" Date: Thu, 5 Sep 2019 14:15:58 +0000 Subject: [PATCH 73/78] container-selinux-2:2.116.0-2 - bump to v2.116.0 - autobuilt c5ef5ac for fedora - autobuilt 42087be for centos Signed-off-by: Lokesh Mandvekar (Bot) --- .gitignore | 1 + container-selinux.spec | 9 +++++++-- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 4fb6eac..40f3c2a 100644 --- a/.gitignore +++ b/.gitignore @@ -105,3 +105,4 @@ /container-selinux-028ab00.tar.gz /container-selinux-42087be.tar.gz /container-selinux-fddfbbb.tar.gz +/container-selinux-c5ef5ac.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index b58cefe..03078d3 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux %if 0%{?fedora} -%global commit0 fddfbbb7836cabeb28feffb4602f4a3ae5016cdb +%global commit0 c5ef5ac658a0d616d53b81272694e778a2115b29 # record centos commit here as well so it can be added # to sources file for centos cbs build %global commit_centos 42087be2482a8453f2217da47186d4c7776567b0 @@ -34,7 +34,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.115.0 +Version: 2.116.0 Release: 2%{?dist} License: GPLv2 URL: %{git0} @@ -120,6 +120,11 @@ fi %{_datadir}/selinux/* %changelog +* Thu Sep 05 2019 Lokesh Mandvekar (Bot) - 2:2.116.0-2 +- bump to v2.116.0 +- autobuilt c5ef5ac for fedora +- autobuilt 42087be for centos + * Wed Aug 21 2019 Lokesh Mandvekar (Bot) - 2:2.115.0-2 - bump to v2.115.0 - autobuilt fddfbbb for fedora diff --git a/sources b/sources index ed796a6..dccf0fc 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (container-selinux-42087be.tar.gz) = 8af6b2cc71f7619e2e994e88e42fd754cdfb5fcbc081b28633aaa6236e3c588ab30edf8307d17eddcf9d6fe9acb93b9ca2397038370bd1c0f9d91bd75cf2afd8 -SHA512 (container-selinux-fddfbbb.tar.gz) = 54b17ee82861163633afd44ae6db65a91a6b9b2ebed86df55d0378611b571118c9ef24788d2ad67b730516454fd264e44333f9cb94ff63621ee54586bf5c6eb4 +SHA512 (container-selinux-c5ef5ac.tar.gz) = cb31fb2aa891a21d47cb1f67caf51e39a14f3269155e9881499d8c325f2f9acfa9d49c5e283db99dcc3333eee0cc3798b33bf5bf7cc54701f450cf35762501fb From 4364da5d9193be3f2c2f0743755efdaa03379e8d Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 25 Sep 2019 19:53:59 +0000 Subject: [PATCH 74/78] container-selinux-2:2.117.0-2 - bump to v2.117.0 - autobuilt bfde70a for fedora - autobuilt 42087be for centos Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 9 +++++++-- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 40f3c2a..60e9cf8 100644 --- a/.gitignore +++ b/.gitignore @@ -106,3 +106,4 @@ /container-selinux-42087be.tar.gz /container-selinux-fddfbbb.tar.gz /container-selinux-c5ef5ac.tar.gz +/container-selinux-bfde70a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 03078d3..380e03a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux %if 0%{?fedora} -%global commit0 c5ef5ac658a0d616d53b81272694e778a2115b29 +%global commit0 bfde70abeab100e944dcfd439859fbae967d8b39 # record centos commit here as well so it can be added # to sources file for centos cbs build %global commit_centos 42087be2482a8453f2217da47186d4c7776567b0 @@ -34,7 +34,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.116.0 +Version: 2.117.0 Release: 2%{?dist} License: GPLv2 URL: %{git0} @@ -120,6 +120,11 @@ fi %{_datadir}/selinux/* %changelog +* Wed Sep 25 2019 RH Container Bot - 2:2.117.0-2 +- bump to v2.117.0 +- autobuilt bfde70a for fedora +- autobuilt 42087be for centos + * Thu Sep 05 2019 Lokesh Mandvekar (Bot) - 2:2.116.0-2 - bump to v2.116.0 - autobuilt c5ef5ac for fedora diff --git a/sources b/sources index dccf0fc..d8602a0 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (container-selinux-42087be.tar.gz) = 8af6b2cc71f7619e2e994e88e42fd754cdfb5fcbc081b28633aaa6236e3c588ab30edf8307d17eddcf9d6fe9acb93b9ca2397038370bd1c0f9d91bd75cf2afd8 -SHA512 (container-selinux-c5ef5ac.tar.gz) = cb31fb2aa891a21d47cb1f67caf51e39a14f3269155e9881499d8c325f2f9acfa9d49c5e283db99dcc3333eee0cc3798b33bf5bf7cc54701f450cf35762501fb +SHA512 (container-selinux-bfde70a.tar.gz) = f8e963b9688f65b768e6b0dcb427fe9f47397e70f4889166d8c6eeccbeb9dd393acfa19586870e367ce5eea1d1d2d15ec9acb6fdb7e108c772be137a76ff4b45 From e887e254246d40ef5bf6a74313e5dc37ef35eac7 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 11 Oct 2019 14:32:08 +0000 Subject: [PATCH 75/78] container-selinux-2:2.118.0-2 - bump to v2.118.0 - autobuilt 79bdcb5 for fedora - autobuilt 42087be for centos Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 9 +++++++-- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 60e9cf8..75282f4 100644 --- a/.gitignore +++ b/.gitignore @@ -107,3 +107,4 @@ /container-selinux-fddfbbb.tar.gz /container-selinux-c5ef5ac.tar.gz /container-selinux-bfde70a.tar.gz +/container-selinux-79bdcb5.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 380e03a..03db84d 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux %if 0%{?fedora} -%global commit0 bfde70abeab100e944dcfd439859fbae967d8b39 +%global commit0 79bdcb5e74af7036479b61160e4dadf670f1097e # record centos commit here as well so it can be added # to sources file for centos cbs build %global commit_centos 42087be2482a8453f2217da47186d4c7776567b0 @@ -34,7 +34,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.117.0 +Version: 2.118.0 Release: 2%{?dist} License: GPLv2 URL: %{git0} @@ -120,6 +120,11 @@ fi %{_datadir}/selinux/* %changelog +* Fri Oct 11 2019 RH Container Bot - 2:2.118.0-2 +- bump to v2.118.0 +- autobuilt 79bdcb5 for fedora +- autobuilt 42087be for centos + * Wed Sep 25 2019 RH Container Bot - 2:2.117.0-2 - bump to v2.117.0 - autobuilt bfde70a for fedora diff --git a/sources b/sources index d8602a0..84bd386 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (container-selinux-42087be.tar.gz) = 8af6b2cc71f7619e2e994e88e42fd754cdfb5fcbc081b28633aaa6236e3c588ab30edf8307d17eddcf9d6fe9acb93b9ca2397038370bd1c0f9d91bd75cf2afd8 -SHA512 (container-selinux-bfde70a.tar.gz) = f8e963b9688f65b768e6b0dcb427fe9f47397e70f4889166d8c6eeccbeb9dd393acfa19586870e367ce5eea1d1d2d15ec9acb6fdb7e108c772be137a76ff4b45 +SHA512 (container-selinux-79bdcb5.tar.gz) = 2c0cf0c2996acb156899d543f4139e2530eb07499765f3bd777e29250f726a7affa894e35408d619b557dff368af643184953cf7b8e3c873cf699fda8c38daae From 4192bb6e7a4ecd60e7f173345511739def127246 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 24 Oct 2019 15:59:43 +0000 Subject: [PATCH 76/78] container-selinux-2:2.119.0-2 - bump to v2.119.0 - autobuilt b383f07 for fedora - autobuilt 46c7e70 for centos Signed-off-by: RH Container Bot --- .gitignore | 2 ++ container-selinux.spec | 13 +++++++++---- sources | 4 ++-- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 75282f4..504df4f 100644 --- a/.gitignore +++ b/.gitignore @@ -108,3 +108,5 @@ /container-selinux-c5ef5ac.tar.gz /container-selinux-bfde70a.tar.gz /container-selinux-79bdcb5.tar.gz +/container-selinux-46c7e70.tar.gz +/container-selinux-b383f07.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 03db84d..ee06ced 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,13 +3,13 @@ # container-selinux %global git0 https://github.com/containers/container-selinux %if 0%{?fedora} -%global commit0 79bdcb5e74af7036479b61160e4dadf670f1097e +%global commit0 b383f07f547c3ae491edcd116133f79d6f50a6e7 # record centos commit here as well so it can be added # to sources file for centos cbs build -%global commit_centos 42087be2482a8453f2217da47186d4c7776567b0 +%global commit_centos 46c7e70e6c12f97f676379c64ff1a74c11e44e79 %global shortcommit_centos %(c=%{commit_centos}; echo ${c:0:7}) %else -%global commit0 42087be2482a8453f2217da47186d4c7776567b0 +%global commit0 46c7e70e6c12f97f676379c64ff1a74c11e44e79 %endif %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) @@ -34,7 +34,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.118.0 +Version: 2.119.0 Release: 2%{?dist} License: GPLv2 URL: %{git0} @@ -120,6 +120,11 @@ fi %{_datadir}/selinux/* %changelog +* Thu Oct 24 2019 RH Container Bot - 2:2.119.0-2 +- bump to v2.119.0 +- autobuilt b383f07 for fedora +- autobuilt 46c7e70 for centos + * Fri Oct 11 2019 RH Container Bot - 2:2.118.0-2 - bump to v2.118.0 - autobuilt 79bdcb5 for fedora diff --git a/sources b/sources index 84bd386..8837647 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (container-selinux-42087be.tar.gz) = 8af6b2cc71f7619e2e994e88e42fd754cdfb5fcbc081b28633aaa6236e3c588ab30edf8307d17eddcf9d6fe9acb93b9ca2397038370bd1c0f9d91bd75cf2afd8 -SHA512 (container-selinux-79bdcb5.tar.gz) = 2c0cf0c2996acb156899d543f4139e2530eb07499765f3bd777e29250f726a7affa894e35408d619b557dff368af643184953cf7b8e3c873cf699fda8c38daae +SHA512 (container-selinux-46c7e70.tar.gz) = c7c06be6e1cbadca0352d93b94804f68b80350de988a8cfa92914e75fab06f00bf78cd47a2c580042cbc4930fecba45b43c41913c3b9956b655fbac2070b3ca1 +SHA512 (container-selinux-b383f07.tar.gz) = 01c47d12460611229654b5ef9961b7815dfa749241d422e83ec548cd029d1113aea1f7a55e8277f5ebceea4528575efe1e09d853eec09adac15efe88c5394eb7 From e8c0307b72321076bdd3ecab1edd9ccd3ba4afb4 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Sun, 27 Oct 2019 09:30:21 +0000 Subject: [PATCH 77/78] container-selinux-2:2.119.1-2 - bump to v2.119.1 - autobuilt 2ecb2a8 for fedora - autobuilt c57a6f9 for centos Signed-off-by: RH Container Bot --- .gitignore | 2 ++ container-selinux.spec | 13 +++++++++---- sources | 4 ++-- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 504df4f..c1f451c 100644 --- a/.gitignore +++ b/.gitignore @@ -110,3 +110,5 @@ /container-selinux-79bdcb5.tar.gz /container-selinux-46c7e70.tar.gz /container-selinux-b383f07.tar.gz +/container-selinux-2ecb2a8.tar.gz +/container-selinux-c57a6f9.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index ee06ced..946bf10 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,13 +3,13 @@ # container-selinux %global git0 https://github.com/containers/container-selinux %if 0%{?fedora} -%global commit0 b383f07f547c3ae491edcd116133f79d6f50a6e7 +%global commit0 2ecb2a86fb873956344d2dab7334d97bfb0711fc # record centos commit here as well so it can be added # to sources file for centos cbs build -%global commit_centos 46c7e70e6c12f97f676379c64ff1a74c11e44e79 +%global commit_centos c57a6f9dc5ba77606a7ca541065e3a1e9e00f11e %global shortcommit_centos %(c=%{commit_centos}; echo ${c:0:7}) %else -%global commit0 46c7e70e6c12f97f676379c64ff1a74c11e44e79 +%global commit0 c57a6f9dc5ba77606a7ca541065e3a1e9e00f11e %endif %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) @@ -34,7 +34,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.119.0 +Version: 2.119.1 Release: 2%{?dist} License: GPLv2 URL: %{git0} @@ -120,6 +120,11 @@ fi %{_datadir}/selinux/* %changelog +* Sun Oct 27 2019 RH Container Bot - 2:2.119.1-2 +- bump to v2.119.1 +- autobuilt 2ecb2a8 for fedora +- autobuilt c57a6f9 for centos + * Thu Oct 24 2019 RH Container Bot - 2:2.119.0-2 - bump to v2.119.0 - autobuilt b383f07 for fedora diff --git a/sources b/sources index 8837647..4543ec3 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (container-selinux-46c7e70.tar.gz) = c7c06be6e1cbadca0352d93b94804f68b80350de988a8cfa92914e75fab06f00bf78cd47a2c580042cbc4930fecba45b43c41913c3b9956b655fbac2070b3ca1 -SHA512 (container-selinux-b383f07.tar.gz) = 01c47d12460611229654b5ef9961b7815dfa749241d422e83ec548cd029d1113aea1f7a55e8277f5ebceea4528575efe1e09d853eec09adac15efe88c5394eb7 +SHA512 (container-selinux-2ecb2a8.tar.gz) = a4c81a08e2510a9f8db5d203bc038d230e2d114f56bfc1338cade01d4dd9945a2156c227e189cd4975d558675af82e2ecb389c90c368202303860c49b3359540 +SHA512 (container-selinux-c57a6f9.tar.gz) = d807b912b40431ef23e81cdb45a15dac9fa5de5e037652c94d9b5b1e6d02699038507cf0463c0a819d5c4579373bf3b449c4865aa28b53983b85da07c0c6b2ee From c632164e63ab3eec9b34e8556422567769fee009 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 6 Dec 2019 19:14:02 +0000 Subject: [PATCH 78/78] container-selinux-2:2.123.0-2 - bump to v2.123.0 - autobuilt 0b25a4a for fedora - autobuilt c57a6f9 for centos Signed-off-by: RH Container Bot --- .gitignore | 1 + container-selinux.spec | 9 +++++++-- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index c1f451c..14aa0ce 100644 --- a/.gitignore +++ b/.gitignore @@ -112,3 +112,4 @@ /container-selinux-b383f07.tar.gz /container-selinux-2ecb2a8.tar.gz /container-selinux-c57a6f9.tar.gz +/container-selinux-0b25a4a.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 946bf10..27b93bf 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/containers/container-selinux %if 0%{?fedora} -%global commit0 2ecb2a86fb873956344d2dab7334d97bfb0711fc +%global commit0 0b25a4a5f05e1810f6bbeffcc40d89c3db5d2a30 # record centos commit here as well so it can be added # to sources file for centos cbs build %global commit_centos c57a6f9dc5ba77606a7ca541065e3a1e9e00f11e @@ -34,7 +34,7 @@ Name: container-selinux %if 0%{?fedora} Epoch: 2 %endif -Version: 2.119.1 +Version: 2.123.0 Release: 2%{?dist} License: GPLv2 URL: %{git0} @@ -120,6 +120,11 @@ fi %{_datadir}/selinux/* %changelog +* Fri Dec 06 2019 RH Container Bot - 2:2.123.0-2 +- bump to v2.123.0 +- autobuilt 0b25a4a for fedora +- autobuilt c57a6f9 for centos + * Sun Oct 27 2019 RH Container Bot - 2:2.119.1-2 - bump to v2.119.1 - autobuilt 2ecb2a8 for fedora diff --git a/sources b/sources index 4543ec3..463669b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (container-selinux-2ecb2a8.tar.gz) = a4c81a08e2510a9f8db5d203bc038d230e2d114f56bfc1338cade01d4dd9945a2156c227e189cd4975d558675af82e2ecb389c90c368202303860c49b3359540 +SHA512 (container-selinux-0b25a4a.tar.gz) = 50c1f23670a3beb36afd7689c937da26a9ffeb1a75e6e1a73632201193df7f5ec118b8a0cfe8296eb175ac98440a70270353897933d42d7bbea5b1f90f36e770 SHA512 (container-selinux-c57a6f9.tar.gz) = d807b912b40431ef23e81cdb45a15dac9fa5de5e037652c94d9b5b1e6d02699038507cf0463c0a819d5c4579373bf3b449c4865aa28b53983b85da07c0c6b2ee