diff --git a/.container-selinux.metadata b/.container-selinux.metadata index 6c05f0b..39ccbed 100644 --- a/.container-selinux.metadata +++ b/.container-selinux.metadata @@ -1 +1 @@ -5964cc236c3aa8f5822d43ff0a18af173664cbf5 SOURCES/v2.205.0.tar.gz +d64bfe52d0334626bc66843427b3b27cb69047cc SOURCES/v2.229.0.tar.gz diff --git a/.gitignore b/.gitignore index d4d313d..75c8977 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/v2.205.0.tar.gz +SOURCES/v2.229.0.tar.gz diff --git a/SOURCES/container-selinux-1957904.patch b/SOURCES/container-selinux-1957904.patch deleted file mode 100644 index 9efeeea..0000000 --- a/SOURCES/container-selinux-1957904.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up container-selinux-2.163.0/container.te.orig container-selinux-2.163.0/container.te ---- container-selinux-2.163.0/container.te.orig 2021-06-16 16:14:04.107700701 +0200 -+++ container-selinux-2.163.0/container.te 2021-06-16 16:14:29.756010679 +0200 -@@ -454,7 +454,7 @@ modutils_domtrans_kmod(container_runtime - systemd_status_all_unit_files(container_runtime_domain) - systemd_start_systemd_services(container_runtime_domain) - systemd_dbus_chat_logind(container_runtime_domain) --systemd_chat_resolved(container_runtime_domain) -+#systemd_chat_resolved(container_runtime_domain) - - userdom_stream_connect(container_runtime_domain) - userdom_search_user_home_content(container_runtime_domain) diff --git a/SPECS/container-selinux.spec b/SPECS/container-selinux.spec index 8091ee9..92e0c56 100644 --- a/SPECS/container-selinux.spec +++ b/SPECS/container-selinux.spec @@ -19,13 +19,12 @@ Epoch: 2 Name: container-selinux -Version: 2.205.0 -Release: 2%{?dist} +Version: 2.229.0 +Release: 1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/v%{version}.tar.gz -Patch1: container-selinux-1957904.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) @@ -36,11 +35,6 @@ Requires: selinux-policy >= %{selinux_policyver} Requires(post): selinux-policy-base >= %{selinux_policyver} Requires(post): selinux-policy-targeted >= %{selinux_policyver} Requires(post): policycoreutils >= 2.5-11 -%if 0%{?rhel} > 7 || 0%{?fedora} -Requires(post): policycoreutils-python-utils -%else -Requires(post): policycoreutils-python -%endif Requires(post): libselinux-utils Requires(post): sed Obsoletes: %{name} <= 2:1.12.5-14 @@ -55,10 +49,22 @@ SELinux policy modules for use with container runtimes. %prep %autosetup -Sgit -# Not present on old RHEL kernels +# Remove some lines for RHEL 8 build +%if ! 0%{?fedora} && 0%{?rhel} <= 8 +sed -i 's/watch watch_reads//' container.if +sed -i 's/watch watch_reads//' container.te +sed -i '/watch;/d' container.te +sed -i '/watch;/d' container.if +sed -i '/systemd_chat_resolved/d' container.te +%endif + +sed -i 's/man: install-policy/man:/' Makefile +sed -i 's/install: man/install:/' Makefile + +# https://github.com/containers/container-selinux/issues/203 +%if 0%{?fedora} <= 37 || 0%{?rhel} <= 9 sed -i '/user_namespace/d' container.te -sed -i '/watch/d' container.te -sed -i 's/watch\ watch_reads//g' container.if +%endif %build make @@ -117,35 +123,51 @@ fi %{_datadir}/udica/templates/* %changelog -* Tue Mar 21 2023 Jindrich Novy - 2:2.205.0-2 -- remove watch statements breaking the build on RHEL8.8 -- Related: #2179466 +* Wed Mar 13 2024 Jindrich Novy - 2:2.229.0-1 +- update to https://github.com/containers/container-selinux/releases/tag/v2.229.0 +- Resolves: RHEL-28923 + +* Tue Aug 15 2023 Jindrich Novy - 2:2.221.0-1 +- update to https://github.com/containers/container-selinux/releases/tag/v2.221.0 +- Related: #2176055 + +* Mon Jul 03 2023 Jindrich Novy - 2:2.219.0-1 +- update to https://github.com/containers/container-selinux/releases/tag/v2.219.0 +- Related: #2176055 + +* Thu Jun 08 2023 Jindrich Novy - 2:2.218.0-1 +- update to https://github.com/containers/container-selinux/releases/tag/v2.218.0 +- Related: #2176055 + +* Wed May 24 2023 Jindrich Novy - 2:2.215.0-1 +- update to https://github.com/containers/container-selinux/releases/tag/v2.215.0 +- Related: #2176055 + +* Tue May 16 2023 Jindrich Novy - 2:2.213.0-2 +- add watch statement removal from container.te +- Related: #2176055 + +* Mon May 15 2023 Jindrich Novy - 2:2.213.0-1 +- update to https://github.com/containers/container-selinux/releases/tag/v2.213.0 +- Related: #2176055 + +* Wed May 03 2023 Jindrich Novy - 2:2.211.1-1 +- update to https://github.com/containers/container-selinux/releases/tag/v2.211.1 +- Related: #2176055 + +* Fri Mar 24 2023 Jindrich Novy - 2:2.205.0-2 +- use conditionals from https://github.com/containers/container-selinux/blob/main/container-selinux.spec.rpkg +- Related: #2176055 * Tue Mar 21 2023 Jindrich Novy - 2:2.205.0-1 - update to https://github.com/containers/container-selinux/releases/tag/v2.205.0 - remove user_namespace class, thanks to Lokesh Mandvekar -- Resolves: #2179466 +- Related: #2176055 -* Tue Feb 07 2023 Jindrich Novy - 2:2.199.0-2 +* Thu Mar 09 2023 Jindrich Novy - 2:2.199.0-1 - revert back to https://github.com/containers/container-selinux/releases/tag/v2.199.0 (2.200.0 fails to build as it relies on the new selinux-policy which is not there yet) -- Related: #2123641 - -* Tue Feb 07 2023 Jindrich Novy - 2:2.200.0-1 -- update to https://github.com/containers/container-selinux/releases/tag/v2.200.0 -- Related: #2123641 - -* Mon Jan 30 2023 Jindrich Novy - 2:2.199.0-1 -- update to https://github.com/containers/container-selinux/releases/tag/v2.199.0 -- Related: #2123641 - -* Fri Jan 06 2023 Jindrich Novy - 2:2.198.0-1 -- update to https://github.com/containers/container-selinux/releases/tag/v2.198.0 -- Related: #2123641 - -* Thu Jan 05 2023 Jindrich Novy - 2:2.197.0-1 -- update to https://github.com/containers/container-selinux/releases/tag/v2.197.0 -- Related: #2123641 +- Related: #2176055 * Thu Dec 15 2022 Jindrich Novy - 2:2.195.1-1 - update to https://github.com/containers/container-selinux/releases/tag/v2.195.1