import container-selinux-2.178.0-1.module+el8.6.0+14198+f035405d

This commit is contained in:
CentOS Sources 2022-03-29 09:48:40 -04:00 committed by Stepan Oksanichenko
parent 1a712b8809
commit 69586d1d74
4 changed files with 73 additions and 17 deletions

View File

@ -1 +1 @@
98b7f05ef0e86a3c21f9da1c315eb0f9a1c58df4 SOURCES/v2.167.0.tar.gz
e1b5561b027c73ebf83355a623599c4de4f11184 SOURCES/v2.178.0.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/v2.167.0.tar.gz
SOURCES/v2.178.0.tar.gz

View File

@ -1,12 +0,0 @@
diff -up container-selinux-2.161.1/container.te.orig container-selinux-2.161.1/container.te
--- container-selinux-2.161.1/container.te.orig 2021-05-06 14:55:57.952216763 +0200
+++ container-selinux-2.161.1/container.te 2021-05-06 14:56:02.027287991 +0200
@@ -114,7 +114,7 @@ mls_trusted_object(container_runtime_t)
#
allow container_runtime_domain self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap sys_resource };
allow container_runtime_domain self:tun_socket { create_socket_perms relabelto };
-allow container_runtime_domain self:lockdown { confidentiality integrity };
+#allow container_runtime_domain self:lockdown { confidentiality integrity };
allow container_runtime_domain self:process ~setcurrent;
allow container_runtime_domain self:passwd rootok;
allow container_runtime_domain self:fd use;

View File

@ -15,17 +15,16 @@
%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
# Version of SELinux we were using
%global selinux_policyver 3.14.3-9.el8
%global selinux_policyver 3.14.3-80.el8
Epoch: 2
Name: container-selinux
Version: 2.167.0
Version: 2.178.0
Release: 1%{?dist}
License: GPLv2
URL: %{git0}
Summary: SELinux policies for container runtimes
Source0: %{git0}/archive/v%{version}.tar.gz
Patch0: rhel-fix.patch
Patch1: container-selinux-1957904.patch
BuildArch: noarch
BuildRequires: git
@ -48,6 +47,7 @@ Obsoletes: %{name} <= 2:1.12.5-14
Obsoletes: docker-selinux <= 2:1.12.4-28
Provides: docker-selinux = %{epoch}:%{version}-%{release}
Provides: docker-engine-selinux = %{epoch}:%{version}-%{release}
Conflicts: udica < 0.2.6-1
%description
SELinux policy modules for use with container runtimes.
@ -67,6 +67,8 @@ install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/ser
install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
install -d %{buildroot}/%{_datadir}/containers/selinux
install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts
install -d %{buildroot}%{_datadir}/udica/templates
install -m 0644 udica-templates/*.cil %{buildroot}%{_datadir}/udica/templates
# remove spec file
rm -rf %{name}.spec
@ -106,8 +108,74 @@ fi
%{_datadir}/selinux/*
%dir %{_datadir}/containers/selinux
%{_datadir}/containers/selinux/contexts
%dir %{_datadir}/udica/templates/
%{_datadir}/udica/templates/*
%changelog
* Fri Feb 11 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.178.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.178.0
- Related: #2001445
* Thu Feb 10 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.177.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.177.0
- Related: #2001445
* Thu Feb 03 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.176.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.176.0
- Related: #2001445
* Wed Feb 02 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.174.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.174.0
- Related: #2001445
* Thu Jan 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.2-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.173.2
- Related: #2001445
* Fri Jan 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.1-2
- update minimal selinux_policy dependency
- Related: #2001445
* Wed Jan 19 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.1-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.173.1
- Related: #2001445
* Wed Jan 12 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.0-2
- lockdown allow rule was removed
- Related: #2001445
* Wed Jan 12 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.173.0
- Related: #2001445
* Fri Jan 07 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.172.1-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.172.1
- Related: #2001445
* Tue Nov 23 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.172.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.172.0
- Related: #2001445
* Thu Nov 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.171.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.171.0
- Related: #2001445
* Wed Oct 06 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.170.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.170.0
- Related: #2001445
* Mon Sep 27 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.169.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.169.0
- Related: #2001445
* Tue Sep 21 2021 Vit Mojzis <vmojzis@redhat.com> - 2:2.168.0-2
- Start shipping udica templates
- Related: #2001445
* Wed Sep 15 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.168.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.168.0
- Related: #2001445
* Thu Aug 26 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.167.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.167.0
- Related: #1934415