import container-selinux-2.173.0-1.module+el8.5.0+13852+150547f7
This commit is contained in:
parent
110f13865b
commit
db8581320e
|
@ -1 +1 @@
|
||||||
98b7f05ef0e86a3c21f9da1c315eb0f9a1c58df4 SOURCES/v2.167.0.tar.gz
|
e605130ee67af1c4224007eda8cdb19ae33c4df5 SOURCES/v2.173.0.tar.gz
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
SOURCES/v2.167.0.tar.gz
|
SOURCES/v2.173.0.tar.gz
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
diff -up container-selinux-2.161.1/container.te.orig container-selinux-2.161.1/container.te
|
|
||||||
--- container-selinux-2.161.1/container.te.orig 2021-05-06 14:55:57.952216763 +0200
|
|
||||||
+++ container-selinux-2.161.1/container.te 2021-05-06 14:56:02.027287991 +0200
|
|
||||||
@@ -114,7 +114,7 @@ mls_trusted_object(container_runtime_t)
|
|
||||||
#
|
|
||||||
allow container_runtime_domain self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap sys_resource };
|
|
||||||
allow container_runtime_domain self:tun_socket { create_socket_perms relabelto };
|
|
||||||
-allow container_runtime_domain self:lockdown { confidentiality integrity };
|
|
||||||
+#allow container_runtime_domain self:lockdown { confidentiality integrity };
|
|
||||||
allow container_runtime_domain self:process ~setcurrent;
|
|
||||||
allow container_runtime_domain self:passwd rootok;
|
|
||||||
allow container_runtime_domain self:fd use;
|
|
|
@ -19,13 +19,12 @@
|
||||||
|
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
Name: container-selinux
|
Name: container-selinux
|
||||||
Version: 2.167.0
|
Version: 2.173.0
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
URL: %{git0}
|
URL: %{git0}
|
||||||
Summary: SELinux policies for container runtimes
|
Summary: SELinux policies for container runtimes
|
||||||
Source0: %{git0}/archive/v%{version}.tar.gz
|
Source0: %{git0}/archive/v%{version}.tar.gz
|
||||||
Patch0: rhel-fix.patch
|
|
||||||
Patch1: container-selinux-1957904.patch
|
Patch1: container-selinux-1957904.patch
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRequires: git
|
BuildRequires: git
|
||||||
|
@ -48,6 +47,7 @@ Obsoletes: %{name} <= 2:1.12.5-14
|
||||||
Obsoletes: docker-selinux <= 2:1.12.4-28
|
Obsoletes: docker-selinux <= 2:1.12.4-28
|
||||||
Provides: docker-selinux = %{epoch}:%{version}-%{release}
|
Provides: docker-selinux = %{epoch}:%{version}-%{release}
|
||||||
Provides: docker-engine-selinux = %{epoch}:%{version}-%{release}
|
Provides: docker-engine-selinux = %{epoch}:%{version}-%{release}
|
||||||
|
Conflicts: udica < 0.2.6-1
|
||||||
|
|
||||||
%description
|
%description
|
||||||
SELinux policy modules for use with container runtimes.
|
SELinux policy modules for use with container runtimes.
|
||||||
|
@ -67,6 +67,8 @@ install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/ser
|
||||||
install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
|
install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
|
||||||
install -d %{buildroot}/%{_datadir}/containers/selinux
|
install -d %{buildroot}/%{_datadir}/containers/selinux
|
||||||
install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts
|
install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts
|
||||||
|
install -d %{buildroot}%{_datadir}/udica/templates
|
||||||
|
install -m 0644 udica-templates/*.cil %{buildroot}%{_datadir}/udica/templates
|
||||||
|
|
||||||
# remove spec file
|
# remove spec file
|
||||||
rm -rf %{name}.spec
|
rm -rf %{name}.spec
|
||||||
|
@ -106,8 +108,30 @@ fi
|
||||||
%{_datadir}/selinux/*
|
%{_datadir}/selinux/*
|
||||||
%dir %{_datadir}/containers/selinux
|
%dir %{_datadir}/containers/selinux
|
||||||
%{_datadir}/containers/selinux/contexts
|
%{_datadir}/containers/selinux/contexts
|
||||||
|
%dir %{_datadir}/udica/templates/
|
||||||
|
%{_datadir}/udica/templates/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jan 12 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.0-1
|
||||||
|
- lockdown allow rule was removed
|
||||||
|
- Related: #2021990
|
||||||
|
|
||||||
|
* Fri Jan 07 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.172.1-1
|
||||||
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.172.1
|
||||||
|
- Related: #2021990
|
||||||
|
|
||||||
|
* Tue Nov 23 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.172.0-1
|
||||||
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.172.0
|
||||||
|
- Related: #2021990
|
||||||
|
|
||||||
|
* Thu Nov 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.171.0-1
|
||||||
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.171.0
|
||||||
|
- Related: #2021990
|
||||||
|
|
||||||
|
* Wed Nov 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.170.0-1
|
||||||
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.170.0
|
||||||
|
- Related: #2001445
|
||||||
|
|
||||||
* Thu Aug 26 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.167.0-1
|
* Thu Aug 26 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.167.0-1
|
||||||
- update to https://github.com/containers/container-selinux/releases/tag/v2.167.0
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.167.0
|
||||||
- Related: #1934415
|
- Related: #1934415
|
||||||
|
|
Loading…
Reference in New Issue