Allow containers to read rpm cache and rpm databse

2019-05-03 15:32:13 -04:00 · 2019-05-03 15:32:13 -04:00 · 5c4855c313
commit 5c4855c313
parent 3cdf9de46f
3 changed files with 8 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -90,3 +90,4 @@
 /container-selinux-aa7b807.tar.gz
 /container-selinux-9a53d6c.tar.gz
 /container-selinux-3b78187.tar.gz
+/container-selinux-b0061dc.tar.gz
--- a/container-selinux.spec
+++ b/container-selinux.spec
@ -2,7 +2,7 @@

 # container-selinux
 %global git0 https://github.com/projectatomic/container-selinux
-%global commit0 3b78187c6f61bd21db58fdd620ce9510515cd864
+%global commit0 b0061dc4182fb90f335f37e8b62c7a3b7e64dd09
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # container-selinux stuff (prefix with ds_ for version/release etc.)
@ -26,7 +26,7 @@ Name: container-selinux
 %if 0%{?fedora}
 Epoch: 2
 %endif
-Version: 2.100
+Version: 2.101
 Release: 1.git%{shortcommit0}%{?dist}
 License: GPLv2
 URL: %{git0}
@ -94,7 +94,7 @@ matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedi

 %postun
 if [ $1 -eq 0 ]; then
-%{_sbindir}/semodule -n -r %{modulenames} docker &> /dev/null || :
+%{_sbindir}/semodule -n -r %{modulenames} &> /dev/null || :
 if %{_sbindir}/selinuxenabled ; then
 %{_sbindir}/load_policy
 %relabel_files
@ -109,6 +109,9 @@ fi
 %{_datadir}/selinux/*

 %changelog
+* Fri May 3 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.101-1
+- Allow containers to read rpm cache and rpm databse
+
 * Tue Apr 23 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.100-1
 - Allow containers running as spc_t to create unlabeled_t kernel keyrings

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (container-selinux-3b78187.tar.gz) = 259812b900cd91197da0df4537aee9885cf2412241f8a5d7d81c1b1ac7481b1e615a1a984e548e2540c8b8705e32c52c0f1ce9bc64161ba38ed873e45beb0fd0
+SHA512 (container-selinux-b0061dc.tar.gz) = 74b8ce388cc6d8b2344f3f9652bba065308b6711f88e71fcb9556413c520be1a11af4fbf399dfd5c61dc608f7e6be5566683d64383cfb46789986bb9c24bb55d