import container-selinux-2.178.0-1.module+el8.6.0+14198+f035405d

2022-03-29 09:48:40 -04:00 · 2022-03-29 09:48:40 -04:00 · 69586d1d74
parent 1a712b8809
commit 69586d1d74
4 changed files with 73 additions and 17 deletions
--- a/.container-selinux.metadata
+++ b/.container-selinux.metadata
@ -1 +1 @@
-98b7f05ef0e86a3c21f9da1c315eb0f9a1c58df4 SOURCES/v2.167.0.tar.gz
+e1b5561b027c73ebf83355a623599c4de4f11184 SOURCES/v2.178.0.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/v2.167.0.tar.gz
+SOURCES/v2.178.0.tar.gz
--- a/SOURCES/rhel-fix.patch
+++ b/SOURCES/rhel-fix.patch
@ -1,12 +0,0 @@
-diff -up container-selinux-2.161.1/container.te.orig container-selinux-2.161.1/container.te
--- container-selinux-2.161.1/container.te.orig	2021-05-06 14:55:57.952216763 +0200
-+++ container-selinux-2.161.1/container.te	2021-05-06 14:56:02.027287991 +0200
-@@ -114,7 +114,7 @@ mls_trusted_object(container_runtime_t)
- #
- allow container_runtime_domain self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap sys_resource };
- allow container_runtime_domain self:tun_socket { create_socket_perms relabelto };
-allow container_runtime_domain self:lockdown { confidentiality integrity };
-+#allow container_runtime_domain self:lockdown { confidentiality integrity };
- allow container_runtime_domain self:process ~setcurrent;
- allow container_runtime_domain self:passwd rootok;
- allow container_runtime_domain self:fd use;
--- a/SPECS/container-selinux.spec
+++ b/SPECS/container-selinux.spec
@ -15,17 +15,16 @@
 %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;

 # Version of SELinux we were using
-%global selinux_policyver 3.14.3-9.el8
+%global selinux_policyver 3.14.3-80.el8

 Epoch: 2
 Name: container-selinux
-Version: 2.167.0
+Version: 2.178.0
 Release: 1%{?dist}
 License: GPLv2
 URL: %{git0}
 Summary: SELinux policies for container runtimes
 Source0: %{git0}/archive/v%{version}.tar.gz
-Patch0: rhel-fix.patch
 Patch1: container-selinux-1957904.patch
 BuildArch: noarch
 BuildRequires: git
@ -48,6 +47,7 @@ Obsoletes: %{name} <= 2:1.12.5-14
 Obsoletes: docker-selinux <= 2:1.12.4-28
 Provides: docker-selinux = %{epoch}:%{version}-%{release}
 Provides: docker-engine-selinux = %{epoch}:%{version}-%{release}
+Conflicts: udica < 0.2.6-1

 %description
 SELinux policy modules for use with container runtimes.
@ -67,6 +67,8 @@ install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/ser
 install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
 install -d %{buildroot}/%{_datadir}/containers/selinux
 install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts
+install -d %{buildroot}%{_datadir}/udica/templates
+install -m 0644 udica-templates/*.cil %{buildroot}%{_datadir}/udica/templates

 # remove spec file
 rm -rf %{name}.spec
@ -106,8 +108,74 @@ fi
 %{_datadir}/selinux/*
 %dir %{_datadir}/containers/selinux
 %{_datadir}/containers/selinux/contexts
+%dir %{_datadir}/udica/templates/
+%{_datadir}/udica/templates/*

 %changelog
+* Fri Feb 11 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.178.0-1
+- update to https://github.com/containers/container-selinux/releases/tag/v2.178.0
+- Related: #2001445
+
+* Thu Feb 10 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.177.0-1
+- update to https://github.com/containers/container-selinux/releases/tag/v2.177.0
+- Related: #2001445
+
+* Thu Feb 03 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.176.0-1
+- update to https://github.com/containers/container-selinux/releases/tag/v2.176.0
+- Related: #2001445
+
+* Wed Feb 02 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.174.0-1
+- update to https://github.com/containers/container-selinux/releases/tag/v2.174.0
+- Related: #2001445
+
+* Thu Jan 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.2-1
+- update to https://github.com/containers/container-selinux/releases/tag/v2.173.2
+- Related: #2001445
+
+* Fri Jan 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.1-2
+- update minimal selinux_policy dependency
+- Related: #2001445
+
+* Wed Jan 19 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.1-1
+- update to https://github.com/containers/container-selinux/releases/tag/v2.173.1
+- Related: #2001445
+
+* Wed Jan 12 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.0-2
+- lockdown allow rule was removed
+- Related: #2001445
+
+* Wed Jan 12 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.0-1
+- update to https://github.com/containers/container-selinux/releases/tag/v2.173.0
+- Related: #2001445
+
+* Fri Jan 07 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.172.1-1
+- update to https://github.com/containers/container-selinux/releases/tag/v2.172.1
+- Related: #2001445
+
+* Tue Nov 23 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.172.0-1
+- update to https://github.com/containers/container-selinux/releases/tag/v2.172.0
+- Related: #2001445
+
+* Thu Nov 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.171.0-1
+- update to https://github.com/containers/container-selinux/releases/tag/v2.171.0
+- Related: #2001445
+
+* Wed Oct 06 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.170.0-1
+- update to https://github.com/containers/container-selinux/releases/tag/v2.170.0
+- Related: #2001445
+
+* Mon Sep 27 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.169.0-1
+- update to https://github.com/containers/container-selinux/releases/tag/v2.169.0
+- Related: #2001445
+
+* Tue Sep 21 2021 Vit Mojzis <vmojzis@redhat.com> - 2:2.168.0-2
+- Start shipping udica templates
+- Related: #2001445
+
+* Wed Sep 15 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.168.0-1
+- update to https://github.com/containers/container-selinux/releases/tag/v2.168.0
+- Related: #2001445
+
 * Thu Aug 26 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.167.0-1
 - update to https://github.com/containers/container-selinux/releases/tag/v2.167.0
 - Related: #1934415