Compare commits
44 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
cb7d9309bc |
||
|
|
90ca0bef7f |
||
|
|
d9e4e8f3cf |
||
|
|
6760b13f3b |
||
|
|
fd4d04b495 |
||
|
|
983f0edb9a |
||
|
|
ff12c78349 |
||
|
|
86cfbf7fec |
||
|
|
257ab12182 |
||
|
|
8e95799c9f |
||
|
|
40f5d3a997 |
||
|
|
ef386e4859 |
||
|
|
3b465957a6 |
||
|
|
20a70176d8 |
||
|
|
a94f741648 |
||
|
|
c59cf72599 |
||
|
|
cbb35d458f |
||
|
|
9aaa11d503 |
||
|
|
913c2876a8 |
||
|
|
cfa5d8310e |
||
|
|
1146613931 |
||
|
|
042fa3fb2a |
||
|
|
d782494c75 |
||
|
|
02a599cecb |
||
|
|
bf41ee3359 |
||
|
|
00ca04d5ca |
||
|
|
a39f328a87 |
||
|
|
8aa7633b9c |
||
|
|
2cb353eb8d |
||
|
|
6c6c3368e5 |
||
|
|
bc0cb4f1fa |
||
|
|
8e946df4fb | ||
|
|
9fd108e2ff | ||
|
|
1e4522a1fe | ||
|
|
cdb1652176 | ||
|
|
9e4b466b99 | ||
|
|
d59090688e | ||
|
|
7c45987c4d | ||
|
|
756fee0409 | ||
|
|
33199652ef | ||
|
|
bf9a01ccbb | ||
|
|
674c31073e | ||
|
|
86dcbf0729 | ||
|
|
c7cb5127d9 |
3 changed files with 240 additions and 23 deletions
39
.gitignore
vendored
39
.gitignore
vendored
|
|
@ -40,3 +40,42 @@
|
|||
/container-selinux-2377c73.tar.gz
|
||||
/container-selinux-aece4ff.tar.gz
|
||||
/container-selinux-663e003.tar.gz
|
||||
/container-selinux-fd7d508.tar.gz
|
||||
/container-selinux-fd50128.tar.gz
|
||||
/container-selinux-bdc0137.tar.gz
|
||||
/container-selinux-55c7d4d.tar.gz
|
||||
/container-selinux-d248f91.tar.gz
|
||||
/container-selinux-d213769.tar.gz
|
||||
/container-selinux-701557f.tar.gz
|
||||
/container-selinux-97f8dfc.tar.gz
|
||||
/container-selinux-9b55129.tar.gz
|
||||
/container-selinux-1ecf953.tar.gz
|
||||
/container-selinux-284f9e7.tar.gz
|
||||
/container-selinux-d346375.tar.gz
|
||||
/container-selinux-bf5b26b.tar.gz
|
||||
/container-selinux-dfaf8fd.tar.gz
|
||||
/container-selinux-8ecc282.tar.gz
|
||||
/container-selinux-0407867.tar.gz
|
||||
/container-selinux-042f7cf.tar.gz
|
||||
/container-selinux-25277c8.tar.gz
|
||||
/container-selinux-c139a3d.tar.gz
|
||||
/container-selinux-452b90d.tar.gz
|
||||
/container-selinux-4e73492.tar.gz
|
||||
/container-selinux-5721d74.tar.gz
|
||||
/container-selinux-d7a3f33.tar.gz
|
||||
/container-selinux-a62c2db.tar.gz
|
||||
/container-selinux-99e2cfd.tar.gz
|
||||
/container-selinux-87fae85.tar.gz
|
||||
/container-selinux-5133af6.tar.gz
|
||||
/container-selinux-2c57a17.tar.gz
|
||||
/container-selinux-1362777.tar.gz
|
||||
/container-selinux-6f01752.tar.gz
|
||||
/container-selinux-1b655d9.tar.gz
|
||||
/container-selinux-484806a.tar.gz
|
||||
/container-selinux-21c2be6.tar.gz
|
||||
/container-selinux-5e1f62f.tar.gz
|
||||
/container-selinux-ec6fcad.tar.gz
|
||||
/container-selinux-eb60838.tar.gz
|
||||
/container-selinux-92af7fd.tar.gz
|
||||
/container-selinux-c178849.tar.gz
|
||||
/container-selinux-2521d0d.tar.gz
|
||||
|
|
|
|||
|
|
@ -2,12 +2,7 @@
|
|||
|
||||
# container-selinux
|
||||
%global git0 https://github.com/projectatomic/container-selinux
|
||||
%if 0%{?fedora} || 0%{?rhel} > 7
|
||||
%global commit0 663e003b8797564398648b20ad41cf094f87a86e
|
||||
%else
|
||||
# use upstream's RHEL-1.12 branch for CentOS 7
|
||||
%global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1
|
||||
%endif
|
||||
%global commit0 2521d0d6082ea9057d827d257d27291bf6219aba
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# container-selinux stuff (prefix with ds_ for version/release etc.)
|
||||
|
|
@ -22,26 +17,23 @@
|
|||
%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
|
||||
|
||||
# Relabel files
|
||||
%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || :
|
||||
%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*podman* %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || :
|
||||
|
||||
# Version of SELinux we were using
|
||||
%if 0%{?fedora} >= 22 || 0%{?rhel} > 7
|
||||
%global selinux_policyver 3.13.1-220
|
||||
%else
|
||||
%global selinux_policyver 3.13.1-39
|
||||
%endif
|
||||
|
||||
Name: container-selinux
|
||||
%if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7
|
||||
%if 0%{?fedora}
|
||||
Epoch: 2
|
||||
%endif
|
||||
Version: 2.48
|
||||
Release: 1%{?dist}
|
||||
Version: 2.89
|
||||
Release: 1.git%{shortcommit0}%{?dist}
|
||||
License: GPLv2
|
||||
URL: %{git0}
|
||||
Summary: SELinux policies for container runtimes
|
||||
Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
BuildArch: noarch
|
||||
BuildRequires: git
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
BuildRequires: selinux-policy >= %{selinux_policyver}
|
||||
BuildRequires: selinux-policy-devel >= %{selinux_policyver}
|
||||
|
|
@ -50,12 +42,8 @@ Requires: selinux-policy >= %{selinux_policyver}
|
|||
Requires(post): selinux-policy-base >= %{selinux_policyver}
|
||||
Requires(post): selinux-policy-targeted >= %{selinux_policyver}
|
||||
Requires(post): policycoreutils
|
||||
%if 0%{?fedora} || 0%{?rhel} > 7
|
||||
Requires(post): policycoreutils-python-utils
|
||||
%else
|
||||
Requires(post): policycoreutils-python
|
||||
%endif
|
||||
Requires(post): libselinux-utils
|
||||
Requires(post): sed
|
||||
Obsoletes: %{name} <= 2:1.12.5-13
|
||||
Obsoletes: docker-selinux <= 2:1.12.4-28
|
||||
Provides: docker-selinux = %{epoch}:%{version}-%{release}
|
||||
|
|
@ -64,7 +52,7 @@ Provides: docker-selinux = %{epoch}:%{version}-%{release}
|
|||
SELinux policy modules for use with container runtimes.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{commit0}
|
||||
%autosetup -Sgit -n %{name}-%{commit0}
|
||||
|
||||
%build
|
||||
make
|
||||
|
|
@ -85,7 +73,7 @@ rm -rf container-selinux.spec
|
|||
%post
|
||||
# Install all modules in a single transaction
|
||||
if [ $1 -eq 1 ]; then
|
||||
%{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
|
||||
%{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
|
||||
fi
|
||||
%_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
|
||||
%{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
|
||||
|
|
@ -97,8 +85,12 @@ if %{_sbindir}/selinuxenabled ; then
|
|||
%relabel_files
|
||||
if [ $1 -eq 1 ]; then
|
||||
restorecon -R %{_sharedstatedir}/docker &> /dev/null || :
|
||||
restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
|
||||
fi
|
||||
fi
|
||||
. %{_sysconfdir}/selinux/config
|
||||
sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types
|
||||
matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
|
||||
|
||||
%postun
|
||||
if [ $1 -eq 0 ]; then
|
||||
|
|
@ -117,6 +109,192 @@ fi
|
|||
%{_datadir}/selinux/*
|
||||
|
||||
%changelog
|
||||
* Sat Mar 9 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.89-1
|
||||
- Allow all container domains to have container file types entrypoint
|
||||
- Add new release to fix issues with udica
|
||||
- Allow container_runtime_t to dyntransition to container domains
|
||||
|
||||
* Fri Mar 1 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.86-1
|
||||
- Allow unconfined user and services to dyntrans to container domains, needed for CRIU
|
||||
- Allow containers exectue hugetlb files.
|
||||
|
||||
* Thu Feb 28 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.85-1
|
||||
- More allow rules to allow containers to run within containers
|
||||
|
||||
* Thu Feb 28 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.84-1
|
||||
- More allow rules to allow containers to run within containers
|
||||
|
||||
* Tue Feb 26 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.82-2.git5e1f62f
|
||||
- bump to 2.82
|
||||
- autobuilt 5e1f62f
|
||||
|
||||
* Mon Feb 25 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.83-1
|
||||
- Allow containers to mounton cgroup and container_file_t
|
||||
|
||||
* Sun Feb 10 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.82-1.nightly.git5e1f62f
|
||||
- Allow confined users to use containers
|
||||
|
||||
* Fri Feb 08 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.80-3.git21c2be6
|
||||
- bump to 2.80
|
||||
- autobuilt 21c2be6
|
||||
|
||||
* Thu Feb 7 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.81-1
|
||||
- Add new labels for paths for containerd
|
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.80-2.git1b655d9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Tue Jan 22 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.80-1.nightly.git21c2be6
|
||||
- Don't allow containers to talk to contianer runtime sockets
|
||||
|
||||
* Fri Jan 11 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.79-1
|
||||
- Fix labeling on /var/lib/registries
|
||||
|
||||
* Thu Jan 10 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.78-1
|
||||
- Fix labeling for images in docker daemon user namespace
|
||||
|
||||
* Mon Dec 17 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.77-1
|
||||
- Allow container-runtime to setattr on fifo_file handed into container runtime.
|
||||
|
||||
* Tue Nov 13 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.752.75-1.dev.git99e2cfd1
|
||||
- bump to 2.75
|
||||
- autobuilt 99e2cfd
|
||||
|
||||
* Mon Nov 12 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.76-1
|
||||
- Allow containers to sendto dgram socket of container runtimes
|
||||
- Needed to run container runtimes in notify socket unit files.
|
||||
|
||||
* Tue Oct 30 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.75-1.dev.git99e2cfd
|
||||
- Allow containers to use fuse file systems by default
|
||||
|
||||
* Fri Oct 19 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.74-1
|
||||
- Allow containers to setexec themselves
|
||||
|
||||
* Sat Sep 22 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.73-2
|
||||
- Remove requires for policycoreutils-python-utils we don't need it.
|
||||
|
||||
* Wed Sep 12 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.73-1
|
||||
- Define spc_t as a container_domain, so that container_runtime will transition
|
||||
to spc_t even when setup with nosuid.
|
||||
|
||||
* Wed Sep 12 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.72-1
|
||||
- Allow container_runtimes to setattr on callers fifo_files
|
||||
github.com/opencontainers/selinux
|
||||
* Mon Aug 27 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.71-2
|
||||
- Fix restorecon to not error on missing directory
|
||||
|
||||
* Wed Aug 22 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.71-1
|
||||
- Allow unconfined_r to transition to system_r over container_runtime_exec_t
|
||||
|
||||
* Wed Aug 22 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.70-1
|
||||
- Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t
|
||||
|
||||
* Wed Jul 25 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.69-1
|
||||
- dontaudit attempts to write to sysctl_kernel_t
|
||||
|
||||
* Wed Jul 18 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.68-2.gitc139a3d
|
||||
- autobuilt c139a3d
|
||||
|
||||
* Mon Jul 16 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.67-1
|
||||
- Add label for /var/lib/origin
|
||||
- Add customizable_file_t to customizable_types
|
||||
|
||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.67-3.dev.git042f7cf
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Mon Jul 09 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.67-2.git042f7cf
|
||||
- autobuilt 042f7cf
|
||||
|
||||
* Sat Jul 07 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.67-1.git0407867
|
||||
- bump to 2.67
|
||||
- autobuilt 0407867
|
||||
|
||||
* Sat Jun 30 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.66-1
|
||||
- Allow container runtimes to dbus chat with systemd-resolved
|
||||
|
||||
* Tue Jun 12 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.64-1.gitdfaf8fd
|
||||
- bump to 2.64
|
||||
- autobuilt dfaf8fd
|
||||
|
||||
* Mon Jun 11 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.65-1
|
||||
- Add new type to handle containers running with a non priv user in a userns
|
||||
- allow containers to map all sockets
|
||||
|
||||
* Sun Jun 3 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.64-1.gitdfaf8fd
|
||||
- Allow containers to create all socket classes
|
||||
|
||||
* Wed May 30 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.63-1
|
||||
- Allow containers to create icmp packets
|
||||
|
||||
* Fri May 25 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.62-1.git1ecf953
|
||||
- bump to 2.62
|
||||
- autobuilt 1ecf953
|
||||
|
||||
* Mon May 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.61-1
|
||||
- Allow spc_t to load kernel modules from inside of container
|
||||
|
||||
* Mon May 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.60-1
|
||||
- Allow containers to list cgroup directories
|
||||
|
||||
* Mon May 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.59-1
|
||||
- Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.
|
||||
|
||||
* Mon May 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.58-2
|
||||
- Run restorecon /usr/bin/podman in postinstall
|
||||
|
||||
* Fri May 18 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.58-1
|
||||
- Add labels to allow podman to be run from a systemd unit file
|
||||
|
||||
* Tue Apr 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-12.gitd248f91
|
||||
- autobuilt commit d248f91
|
||||
|
||||
* Tue Apr 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-11.gitd248f91
|
||||
- autobuilt commit d248f91
|
||||
|
||||
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-10.gitd248f91
|
||||
- autobuilt commit d248f91
|
||||
|
||||
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-9.gitd248f91
|
||||
- autobuilt commit d248f91
|
||||
|
||||
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-8
|
||||
- autobuilt commit d248f91
|
||||
|
||||
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-7
|
||||
- autobuilt commit d248f91
|
||||
|
||||
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-6
|
||||
- autobuilt commit d248f91
|
||||
|
||||
* Mon Apr 09 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-5
|
||||
- autobuilt commit d248f91
|
||||
|
||||
* Mon Apr 09 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-4
|
||||
- autobuilt commit d248f91
|
||||
|
||||
* Mon Apr 09 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.55-3
|
||||
- autobuilt commit d248f91
|
||||
|
||||
* Mon Apr 09 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.55-2
|
||||
- autobuilt commit d248f91
|
||||
|
||||
* Thu Mar 15 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.55-1
|
||||
- Dontaudit attempts by containers to write to /proc/self
|
||||
|
||||
* Wed Mar 14 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.54-1
|
||||
- Add rules for container domains to make writing custom policy easier
|
||||
- Allow shell_exec_t as a container_runtime_t entrypoint
|
||||
|
||||
* Thu Mar 8 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.52-1
|
||||
- Add rules for container domains to make writing custom policy easier
|
||||
|
||||
* Thu Mar 8 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.51-1
|
||||
- Allow shell_exec_t as a container_runtime_t entrypoint
|
||||
|
||||
* Wed Mar 7 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.50-1
|
||||
- Allow bin_t as a container_runtime_t entrypoint
|
||||
- Add rules for running container runtimes on mls
|
||||
|
||||
* Thu Feb 15 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.48-1
|
||||
- Allow container domains to map container_file_t directories
|
||||
|
||||
|
|
@ -124,7 +302,7 @@ fi
|
|||
- Change default label of /exports to container_var_lib_t
|
||||
|
||||
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2:2.46-3
|
||||
- Escape macros in %%changelog
|
||||
- Escape macros in %%CHANGELOG
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.46-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
SHA512 (container-selinux-663e003.tar.gz) = e81b7b8e61e09ddb0ffdfe95b7135b3cf9d10719e325b9349364aad7c805e0944ee5baddb8763bf19202537ed8439c255259ec87cc32457da867a10d97cd8d4a
|
||||
SHA512 (container-selinux-2521d0d.tar.gz) = 316c85c5b7d061d7691047f09c721dd85fd65ed306991b8c49b2ba4aa88d25ed8ef68a8a8d8a38d331066beab79918253df93e7daf246d5de7bb76741e082115
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue