Dontaudit attempts by containers to write to /proc/self

2018-03-15 07:14:36 -04:00 · 2018-03-15 07:14:36 -04:00 · c46266a878
commit c46266a878
parent 37b78d28ce
3 changed files with 7 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -44,3 +44,4 @@
 /container-selinux-fd50128.tar.gz
 /container-selinux-bdc0137.tar.gz
 /container-selinux-55c7d4d.tar.gz
+/container-selinux-d248f91.tar.gz
--- a/container-selinux.spec
+++ b/container-selinux.spec
@ -3,7 +3,7 @@
 # container-selinux
 %global git0 https://github.com/projectatomic/container-selinux
 %if 0%{?fedora} || 0%{?rhel} > 7
-%global commit0 55c7d4dfeb063bd6177ebe2e4c5b8c466facdb16
+%global commit0 d248f9197acde3e7c489f2ee09c10f8b29ef1a68
 %else
 # use upstream's RHEL-1.12 branch for CentOS 7
 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1
@ -35,7 +35,7 @@ Name: container-selinux
 %if 0%{?fedora} || 0%{?centos} || 0%{?rhel} > 7
 Epoch: 2
 %endif
-Version: 2.54
+Version: 2.55
 Release: 1%{?dist}
 License: GPLv2
 URL: %{git0}
@ -117,6 +117,9 @@ fi
 %{_datadir}/selinux/*

 %changelog
+* Thu Mar 15 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.55-1
+- Dontaudit attempts by containers to write to /proc/self
+
 * Wed Mar 14 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.54-1
 -  Add rules for container domains to make writing custom policy easier
 -  Allow shell_exec_t as a container_runtime_t entrypoint
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (container-selinux-55c7d4d.tar.gz) = d148367e0e1112cb7430e891e5e6d29ca2edfe4af8ad7ca495938b2e1aed4354f41e5e0426c3ff96bf8f8c06a86ae6ef7f88207970009fe0cb1a6b67a5e75e3a
+SHA512 (container-selinux-d248f91.tar.gz) = 28f7a36228581fce097f3c0a3798a727300f609dc927d976c4cf0d8c10834a3695503b1f340bc73ba86fdca4906cd12cf0c73804a40dfd1e99aecaa9e2bc3917