Allow container runtimes to work with the netfilter sockets

Allow container_file_t to be an entrypoint for VM's
 Allow spc_t domains to transition to svirt_t

.gitignore

@@ -19,3 +19,4 @@
 /container-selinux-58324f3.tar.gz
 /container-selinux-81ff96c.tar.gz
 /container-selinux-a9260d4.tar.gz
+/container-selinux-e37e93d.tar.gz

container-selinux.spec

@@ -3,7 +3,7 @@
 # container-selinux
 %global git0 https://github.com/projectatomic/container-selinux
 %if 0%{?fedora} || 0%{?rhel} > 7
-%global commit0 a9260d44ecb10cc824ad0e18bcd22cb93a5dbdaf
+%global commit0 e37e93dbe6cb058fc89c9c5de5ecd4c3be4354fb
 %else
 # use upstream's RHEL-1.12 branch for CentOS 7
 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1
@@ -35,7 +35,7 @@ Name: container-selinux
 %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7
 Epoch: 2
 %endif
-Version: 2.24
+Version: 2.27
 Release: 1%{?dist}
 License: GPLv2
 URL: %{git0}
@@ -118,6 +118,11 @@ fi
 %{_datadir}/selinux/*
 
 %changelog
+* Fri Sep 22 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.27-1
+-  Allow container runtimes to work with the netfilter sockets
+-  Allow container_file_t to be an entrypoint for VM's
+-  Allow spc_t domains to transition to svirt_t
+
 * Fri Sep 22 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.24-1
 -     Make sure container_runtime_t has all access of container_t
 

sources

@@ -1 +1 @@
-SHA512 (container-selinux-a9260d4.tar.gz) = a28462bdbedd1ad8b94d8da8cb8577f1e2b7ddf441b689ae71d97e0152adb5b75f0f4601e5c2f2311642ec65605e1440b56bb07317246a18206964717af4d981
+SHA512 (container-selinux-e37e93d.tar.gz) = faf644a4a13c0ffa1198d798390147f815d90aa27ca9af49df71575da1be8678bcbe12f0281f83b345945a29330c10df7c86f79f6862829902f71dc7e7431058