Don't allow containers to talk to contianer runtime sockets

2019-01-22 14:54:38 +01:00 · 2019-01-22 14:54:38 +01:00 · a562ce586f
commit a562ce586f
parent d4eda46462
1 changed files with 6 additions and 3 deletions
--- a/container-selinux.spec
+++ b/container-selinux.spec
@ -2,7 +2,7 @@

 # container-selinux
 %global git0 https://github.com/projectatomic/container-selinux
-%global commit0 6f01752858c0ee79dddf0e4c1bf845fb35d9eaf6
+%global commit0 1b655d9aae4ec9859101b87d693566531b3dc4ff
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # container-selinux stuff (prefix with ds_ for version/release etc.)
@ -26,7 +26,7 @@ Name: container-selinux
 %if 0%{?fedora}
 Epoch: 2
 %endif
-Version: 2.79
+Version: 2.80
 Release: 1.git%{shortcommit0}%{?dist}
 License: GPLv2
 URL: %{git0}
@ -73,7 +73,7 @@ rm -rf container-selinux.spec
 %post
 # Install all modules in a single transaction
 if [ $1 -eq 1 ]; then
-    %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
+	%{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
 fi
 %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
@ -109,6 +109,9 @@ fi
 %{_datadir}/selinux/*

 %changelog
+* Fri Jan 22 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.80-1
+- Don't allow containers to talk to contianer runtime sockets
+
 * Fri Jan 11 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.79-1
 - Fix labeling on /var/lib/registries