From 4e9b7c333a31bfc8d9158206585424f9514a3e48 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 22 Nov 2017 15:35:20 +0000 Subject: [PATCH] Dontaudit container processes getattr on kernel file systems --- .gitignore | 1 + container-selinux.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 8d57c63..30cc055 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ /container-selinux-47e0448.tar.gz /container-selinux-b430a71.tar.gz /container-selinux-0b666c4.tar.gz +/container-selinux-7fe0136.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 4ecf83a..930259e 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -3,7 +3,7 @@ # container-selinux %global git0 https://github.com/projectatomic/container-selinux %if 0%{?fedora} || 0%{?rhel} > 7 -%global commit0 0b666c4f1422d60dde6ffac69a919872385e289d +%global commit0 7fe0136a943ef5428869ad930e5384b185ade39a %else # use upstream's RHEL-1.12 branch for CentOS 7 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 @@ -35,7 +35,7 @@ Name: container-selinux %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7 Epoch: 2 %endif -Version: 2.33 +Version: 2.34 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -118,6 +118,9 @@ fi %{_datadir}/selinux/* %changelog +* Wed Nov 22 2017 Dan Walsh - 2.34-1 +- Dontaudit container processes getattr on kernel file systems + * Sun Nov 19 2017 Dan Walsh - 2.33-1 - Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container. diff --git a/sources b/sources index d591a60..67ca532 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (container-selinux-0b666c4.tar.gz) = 46833377d09ecd57d743f2277b225b6b381c55ac0b6f2331bc455f9e51cdd55774703d854735d98f9f4db54e0db7e14e29e4fb0229afd554cbe9efbd026bf20d +SHA512 (container-selinux-7fe0136.tar.gz) = 93c80da31f8a6f4e333baed39d75f329467d3b4b9b499b486a2d635be62df072fedc28cd50c5cb005d4dbc2ae352d073b611b7d33b183c183f7ca551f307c39b