From 1b640cb851ad0f26092d78466d4017b830c2880c Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 19 May 2017 07:21:02 -0400 Subject: [PATCH] Add labels for crio rename Break container_t rules out to use a separate container_domain Allow containers to be able to set namespaced SYCTLS Allow sandbox containers manage fuse files. Fixes to make container_runtimes work on MLS machines Bump version to allow handling of container_file_t filesystems Allow containers to mount, remount and umount container_file_t file systems Fixes to handle cap_userns Give container_t access to XFRM sockets Allow spc_t to dbus chat with init system Allow spc_t to dbus chat with init system Add rules to allow container runtimes to run with unconfined disabled Add rules to support cgroup file systems mounted into container. Fix typebounds entrypoint problems Fix typebounds problems Add typebounds statement for container_t from container_runtime_t We should only label runc not runc* --- .gitignore | 1 + sources | 1 + 2 files changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 323f47a..0caac17 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ /container-selinux-f7333f9.tar.gz /container-selinux-08bb6e0.tar.gz /container-selinux-8f8caa6.tar.gz +/container-selinux-14f7c51.tar.gz diff --git a/sources b/sources index 9f28c00..1617ef4 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ SHA512 (container-selinux-08bb6e0.tar.gz) = bba16bd77c6d34982637e4fc874ef1a741df7ca73a85ad1edfece5ae2838409efbe00ea44653acb63c22c6939c7afc72f7882715c9c4657d4427eff6f77d2a35 SHA512 (container-selinux-8f8caa6.tar.gz) = b273cb85c6afece175d917b043f92d4c126d03eaa4b2ad5c36c0a6430465a127ad25961d26b66730190723a6aefba4a8ffb694ea942c6b4eb5d6ee950b780856 +SHA512 (container-selinux-14f7c51.tar.gz) = 5a1c5f9574005aa714b08f5db429fa3afaa02f64d0694d4ad63dd2976c4a0f7bf1ff2697a0978bbbcd8c566d6453024390dbfc6579d188827dc2593a048695f2