Allow unconfined user and services to dyntrans to container domains, needed for CRIU

Allow containers exectue hugetlb files.
2019-03-01 09:00:53 -05:00 · 2019-03-01 09:00:53 -05:00 · 7ef0bf8d6f
commit 7ef0bf8d6f
parent cdbdbb8ff6
3 changed files with 8 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -77,3 +77,4 @@
 /container-selinux-ec6fcad.tar.gz
 /container-selinux-eb60838.tar.gz
 /container-selinux-92af7fd.tar.gz
+/container-selinux-c178849.tar.gz
--- a/container-selinux.spec
+++ b/container-selinux.spec
@ -2,7 +2,7 @@

 # container-selinux
 %global git0 https://github.com/projectatomic/container-selinux
-%global commit0 92af7fdb6d11c4c28c1b9bc2711766ef0acd031b
+%global commit0 c1788491847627d39266b5b22e85c8b094f76d77
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # container-selinux stuff (prefix with ds_ for version/release etc.)
@ -26,7 +26,7 @@ Name: container-selinux
 %if 0%{?fedora}
 Epoch: 2
 %endif
-Version: 2.85
+Version: 2.86
 Release: 1.git%{shortcommit0}%{?dist}
 License: GPLv2
 URL: %{git0}
@ -109,6 +109,10 @@ fi
 %{_datadir}/selinux/*

 %changelog
+* Fri Mar 1 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.86-1
+- Allow unconfined user and services to dyntrans to container domains, needed for CRIU
+- Allow containers exectue hugetlb files.
+
 * Thu Feb 28 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.85-1
 - More allow rules to allow containers to run within containers

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (container-selinux-92af7fd.tar.gz) = 2ac368ec88cb5ddd4d16db2d5d5f8bc45674aa797a30e5c92993ebc898a273592c2ef58662b45d44f2e42e9794151df6c62c01cc41f658bdeedbbdcb66f2bcc6
+SHA512 (container-selinux-c178849.tar.gz) = cb5234b21c61236d81ea8532629633f5a635496c70c20d6969f303ab476adaec3e64d67f8eb56c3ae1672698486281679fe8b4c6dda3c3f80556df317c23ff48