rpms/container-selinux
6
0
Fork 0
Code Issues Pull Requests Releases Activity

container-selinux-2.234.2-1.el10

Browse Source 
- update to https://github.com/containers/container-selinux/releases/tag/v2.234.2
- Related: RHEL-67309

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
This commit is contained in:
Jindrich Novy 2024-11-25 15:40:48 +01:00
parent 89c5d8173b
commit 722aba4e04
2 changed files with 35 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
container-selinux.spec
View File

@ -2,7 +2,6 @@
# container-selinux stuff (prefix with ds_ for version/release etc.) # container-selinux stuff (prefix with ds_ for version/release etc.)
# Some bits borrowed from the openstack-selinux package # Some bits borrowed from the openstack-selinux package
%global selinuxtype targeted
%global moduletype services %global moduletype services
%global modulenames container %global modulenames container
@ -11,21 +10,24 @@
# Format must contain '$x' somewhere to do anything useful # Format must contain '$x' somewhere to do anything useful
%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
# RHEL 8 doesn't allow watch and systemd_chat_resolved # RHEL < 10 and Fedora < 40 use file context entries in /var/run
%if %{defined rhel} && 0%{?rhel} == 8 %if %{defined rhel} && 0%{?rhel} < 10 || %{defined fedora} && 0%{?fedora} < 40
%define no_watch 1 %define legacy_var_run 1
%define no_systemd_chat_resolved 1
%global _selinux_policy_version 3.14.3-80.el8
%endif %endif
# https://github.com/containers/container-selinux/issues/203 # https://github.com/containers/container-selinux/issues/203
%if %{!defined fedora} && %{!defined rhel} || %{defined fedora} && 0%{?fedora} <= 37 || %{defined rhel} && 0%{?rhel} <= 9 %if %{!defined fedora} && %{!defined rhel} || %{defined rhel} && 0%{?rhel} <= 9
%define no_user_namespace 1 %define no_user_namespace 1
%endif %endif
# copr_build is more intuitive than copr_username
%if %{defined copr_username}
%define copr_build 1
%endif
Name: container-selinux Name: container-selinux
# Set different Epochs for copr and koji # Set different Epochs for copr and koji
%if %{defined copr_username} %if %{defined copr_build}
Epoch: 102 Epoch: 102
%else %else
Epoch: 3 Epoch: 3
@ -33,8 +35,8 @@ Epoch: 3
# Keep Version in upstream specfile at 0. It will be automatically set # Keep Version in upstream specfile at 0. It will be automatically set
# to the correct value by Packit for copr and koji builds. # to the correct value by Packit for copr and koji builds.
# IGNORE this comment if you're looking at it in dist-git. # IGNORE this comment if you're looking at it in dist-git.
Version: 2.233.0 Version: 2.234.2
Release: 2%{?dist} Release: 1%{?dist}
License: GPL-2.0-only License: GPL-2.0-only
URL: https://github.com/containers/%{name} URL: https://github.com/containers/%{name}
Summary: SELinux policies for container runtimes Summary: SELinux policies for container runtimes
@ -48,7 +50,8 @@ BuildRequires: selinux-policy-devel >= %_selinux_policy_version
# RE: rhbz#1195804 - ensure min NVR for selinux-policy # RE: rhbz#1195804 - ensure min NVR for selinux-policy
Requires: selinux-policy >= %_selinux_policy_version Requires: selinux-policy >= %_selinux_policy_version
Requires(post): selinux-policy-base >= %_selinux_policy_version Requires(post): selinux-policy-base >= %_selinux_policy_version
Requires(post): selinux-policy-targeted >= %_selinux_policy_version Requires(post): selinux-policy-any >= %_selinux_policy_version
Recommends: selinux-policy-targeted >= %_selinux_policy_version
Requires(post): policycoreutils Requires(post): policycoreutils
Requires(post): libselinux-utils Requires(post): libselinux-utils
Requires(post): sed Requires(post): sed
@ -67,21 +70,14 @@ SELinux policy modules for use with container runtimes.
sed -i 's/^man: install-policy/man:/' Makefile sed -i 's/^man: install-policy/man:/' Makefile
sed -i 's/^install: man/install:/' Makefile sed -i 's/^install: man/install:/' Makefile
%if %{defined no_watch}
sed -i 's/watch watch_reads//' container.if
sed -i 's/watch watch_reads//' container.te
sed -i '/sysfs_t:dir watch/d' container.te
sed -i '/fifo_file watch/d' container.te
%endif
%if %{defined no_systemd_chat_resolved}
sed -i '/^systemd_chat_resolved/d' container.te
%endif
%if %{defined no_user_namespace} %if %{defined no_user_namespace}
sed -i '/user_namespace/d' container.te sed -i '/user_namespace/d' container.te
%endif %endif
%if %{defined legacy_var_run}
sed -i 's|^/run/|/var/run/|' container.fc
%endif
%build %build
make make
@ -90,11 +86,8 @@ make
%_format MODULES $x.pp.bz2 %_format MODULES $x.pp.bz2
%{__make} DATADIR=%{buildroot}%{_datadir} SYSCONFDIR=%{buildroot}%{_sysconfdir} install install.udica-templates install.selinux-user %{__make} DATADIR=%{buildroot}%{_datadir} SYSCONFDIR=%{buildroot}%{_sysconfdir} install install.udica-templates install.selinux-user
# Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120
rm %{buildroot}%{_mandir}/man8/container_selinux.8
%pre %pre
%selinux_relabel_pre -s %{selinuxtype} %selinux_relabel_pre
%post %post
# Install all modules in a single transaction # Install all modules in a single transaction
@ -102,21 +95,21 @@ if [ $1 -eq 1 ]; then
%{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
fi fi
%_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2 %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
%{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
%{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null
%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
%selinux_modules_install -s %{selinuxtype} $MODULES
. %{_sysconfdir}/selinux/config . %{_sysconfdir}/selinux/config
%{_sbindir}/semodule -n -s ${SELINUXTYPE} -r container 2> /dev/null
%{_sbindir}/semodule -n -s ${SELINUXTYPE} -d docker 2> /dev/null
%{_sbindir}/semodule -n -s ${SELINUXTYPE} -d gear 2> /dev/null
%selinux_modules_install -s ${SELINUXTYPE} $MODULES
sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types
matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || : matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
%postun %postun
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker %selinux_modules_uninstall %{modulenames} docker
fi fi
%posttrans %posttrans
%selinux_relabel_post -s %{selinuxtype} %selinux_relabel_post
#define license tag if not already defined #define license tag if not already defined
%{!?_licensedir:%global license %doc} %{!?_licensedir:%global license %doc}
@ -126,12 +119,14 @@ fi
%{_datadir}/selinux/* %{_datadir}/selinux/*
%dir %{_datadir}/containers/selinux %dir %{_datadir}/containers/selinux
%{_datadir}/containers/selinux/contexts %{_datadir}/containers/selinux/contexts
%dir %{_datadir}/udica
%dir %{_datadir}/udica/templates/ %dir %{_datadir}/udica/templates/
%{_datadir}/udica/templates/* %{_datadir}/udica/templates/*
# Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120 # Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120
#%%{_mandir}/man8/container_selinux.8.gz %{_mandir}/man8/container_selinux.8.gz
%{_sysconfdir}/selinux/targeted/contexts/users/* %{_sysconfdir}/selinux/targeted/contexts/users/container_u
%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulenames} %ghost %verify(not mode) %{_selinux_store_path}/targeted/active/modules/200/%{modulenames}
%ghost %verify(not mode) %{_selinux_store_path}/mls/active/modules/200/%{modulenames}
%triggerpostun -- container-selinux < 2:2.162.1-3 %triggerpostun -- container-selinux < 2:2.162.1-3
if %{_sbindir}/selinuxenabled ; then if %{_sbindir}/selinuxenabled ; then
@ -140,6 +135,10 @@ if %{_sbindir}/selinuxenabled ; then
fi fi
%changelog %changelog
* Mon Nov 25 2024 Jindrich Novy <jnovy@redhat.com> - 3:2.234.2-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.234.2
- Related: RHEL-67309
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3:2.233.0-2 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3:2.233.0-2
- Bump release for October 2024 mass rebuild: - Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018 Resolves: RHEL-64018

2
sources
View File

@ -1 +1 @@
SHA512 (v2.233.0.tar.gz) = f79380a3312cb57953bc1286ba7dcdbf29ab95ce72de79c5bac1eb6c4401d2bcb0c9875802c7198a9680af19affb34170581c609180408b21cc27cf680c3feb4 SHA512 (v2.234.2.tar.gz) = 2ec931ca1bf3f62659944389ef9679c6bc283aa001c275ef84e5be0430e79090ec20a993cccd24c4122f7adc3bcf8338489e09b1e5ad548fde1eef840022281c