rpms
/
container-selinux
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import container-selinux-2.167.0-1.module+el8.5.0+12609+beaa716d

This commit is contained in:
CentOS Sources 2022-03-29 06:32:41 -04:00 committed by Stepan Oksanichenko
parent aa21f54907
commit 04c5fdff57
5 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.container-selinux.metadata
View File

@ -1 +1 @@
bb18101c1ab06b47a88b51df2fd87dcfa3d51412 SOURCES/v2.158.0.tar.gz
98b7f05ef0e86a3c21f9da1c315eb0f9a1c58df4 SOURCES/v2.167.0.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/v2.158.0.tar.gz
SOURCES/v2.167.0.tar.gz

12
SOURCES/container-selinux-1957904.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up container-selinux-2.163.0/container.te.orig container-selinux-2.163.0/container.te
--- container-selinux-2.163.0/container.te.orig 2021-06-16 16:14:04.107700701 +0200
+++ container-selinux-2.163.0/container.te 2021-06-16 16:14:29.756010679 +0200
@@ -454,7 +454,7 @@ modutils_domtrans_kmod(container_runtime
systemd_status_all_unit_files(container_runtime_domain)
systemd_start_systemd_services(container_runtime_domain)
systemd_dbus_chat_logind(container_runtime_domain)
-systemd_chat_resolved(container_runtime_domain)
+#systemd_chat_resolved(container_runtime_domain)
userdom_stream_connect(container_runtime_domain)
userdom_search_user_home_content(container_runtime_domain)

12
SOURCES/rhel-fix.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up container-selinux-2.161.1/container.te.orig container-selinux-2.161.1/container.te
--- container-selinux-2.161.1/container.te.orig 2021-05-06 14:55:57.952216763 +0200
+++ container-selinux-2.161.1/container.te 2021-05-06 14:56:02.027287991 +0200
@@ -114,7 +114,7 @@ mls_trusted_object(container_runtime_t)
#
allow container_runtime_domain self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap sys_resource };
allow container_runtime_domain self:tun_socket { create_socket_perms relabelto };
-allow container_runtime_domain self:lockdown { confidentiality integrity };
+#allow container_runtime_domain self:lockdown { confidentiality integrity };
allow container_runtime_domain self:process ~setcurrent;
allow container_runtime_domain self:passwd rootok;
allow container_runtime_domain self:fd use;

8
SPECS/container-selinux.spec
View File

@ -19,12 +19,14 @@
Epoch: 2
Name: container-selinux
Version: 2.158.0
Version: 2.167.0
Release: 1%{?dist}
License: GPLv2
URL: %{git0}
Summary: SELinux policies for container runtimes
Source0: %{git0}/archive/v%{version}.tar.gz
Patch0: rhel-fix.patch
Patch1: container-selinux-1957904.patch
BuildArch: noarch
BuildRequires: git
BuildRequires: pkgconfig(systemd)
@ -106,6 +108,10 @@ fi
%{_datadir}/containers/selinux/contexts
%changelog
* Mon Aug 30 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.167.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.167.0
- Related: #1934415
* Fri Feb 12 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.158.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0
- Related: #1883490