Fix labeling on /usr/bin/runc.*

Add sandbox_net_domain access to container.te Remove containers ability to look at /etc content
2017-01-17 17:10:15 -05:00 · 2017-01-17 17:10:15 -05:00 · c8e82ceefa
commit c8e82ceefa
parent dc5c3985ab
3 changed files with 8 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 /container-selinux-513572d.tar.gz
 /container-selinux-bcdcb9a.tar.gz
+/container-selinux-3bbbad5.tar.gz
--- a/container-selinux.spec
+++ b/container-selinux.spec
@ -3,7 +3,7 @@
 # container-selinux
 %global git0 https://github.com/projectatomic/container-selinux
 %if 0%{?fedora}
-%global commit0 bcdcb9a0aa3476e9f17fd383cf61a91921d7782c
+%global commit0 3bbbad57f5827b02f91f847eb559a59cca7967af
 %else
 # use upstream's RHEL-1.12 branch for CentOS 7
 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1
@ -118,6 +118,11 @@ fi
 %{_datadir}/selinux/*

 %changelog
+* Tue Jan 17 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:3.1-1
+- Fix labeling on /usr/bin/runc.*
+- Add sandbox_net_domain access to container.te
+- Remove containers ability to look at /etc content
+
 * Wed Jan 11 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.2-4
 - use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7

--- a/1
+++ b/1
@ -1 +1,2 @@
 SHA512 (container-selinux-bcdcb9a.tar.gz) = 382ed177ac878e56a7a4819b30362f0f797657ae4b87847e624124d06e4f56463a44c8a4d0ba60ebe02bf53128b43ec5d0ce5a6f9e0d6450594a9cef60531806
+SHA512 (container-selinux-3bbbad5.tar.gz) = d255c5993bff90fb90030d6d0ced11eeed9a620878e24b99fdba7e8c66e130fcc88ac6f839fd84a96863f3d0fb57a41d4d4a59e30eb383ad999a75d22d8533a2