import container-selinux-2.124.0-1.gitf958d0c.module+el8.2.0+6370+6fb6c8ca
This commit is contained in:
parent
8aafb7b98a
commit
e010f9a68f
@ -1 +1 @@
|
||||
93394b2af608e7b0da0af50d2f548feb35d65b8d SOURCES/container-selinux-1e99f1d.tar.gz
|
||||
b1b7c2f65716bc8e5a7911494ea19c0792cc13ad SOURCES/container-selinux-f958d0c.tar.gz
|
||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/container-selinux-1e99f1d.tar.gz
|
||||
SOURCES/container-selinux-f958d0c.tar.gz
|
||||
|
@ -1,8 +1,8 @@
|
||||
%global debug_package %{nil}
|
||||
|
||||
# container-selinux
|
||||
%global git0 https://github.com/projectatomic/%{name}
|
||||
%global commit0 1e99f1d53ac4b311c6020971f580fceee0d8cbfa
|
||||
%global git0 https://github.com/containers/container-selinux
|
||||
%global commit0 f958d0cee4099f79890247ec64b57502b3acdb9f
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# container-selinux stuff (prefix with ds_ for version/release etc.)
|
||||
@ -16,21 +16,17 @@
|
||||
# Format must contain '$x' somewhere to do anything useful
|
||||
%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
|
||||
|
||||
# Relabel files
|
||||
%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*podman* %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || :
|
||||
|
||||
# Version of SELinux we were using
|
||||
%global selinux_policyver 3.13.1-216.el7
|
||||
%global selinux_policyver 3.14.3-9.el8
|
||||
|
||||
Name: container-selinux
|
||||
Epoch: 2
|
||||
Version: 2.94
|
||||
Name: container-selinux
|
||||
Version: 2.124.0
|
||||
Release: 1.git%{shortcommit0}%{?dist}
|
||||
License: GPLv2
|
||||
URL: %{git0}
|
||||
Summary: SELinux policies for container runtimes
|
||||
Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
#Patch0: rhel.patch
|
||||
BuildArch: noarch
|
||||
BuildRequires: git
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
@ -57,7 +53,7 @@ Provides: docker-engine-selinux = %{epoch}:%{version}-%{release}
|
||||
SELinux policy modules for use with container runtimes.
|
||||
|
||||
%prep
|
||||
%autosetup -Sgit -n %{name}-%{commit0}
|
||||
%autosetup -Sgit -n %{name}-%{commit0}
|
||||
|
||||
%build
|
||||
make
|
||||
@ -75,36 +71,31 @@ rm -rf %{name}.spec
|
||||
|
||||
%check
|
||||
|
||||
%pre
|
||||
%selinux_relabel_pre -s %{selinuxtype}
|
||||
|
||||
%post
|
||||
# Install all modules in a single transaction
|
||||
if [ $1 -eq 1 ]; then
|
||||
%{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
|
||||
%{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
|
||||
fi
|
||||
%_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
|
||||
%{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
|
||||
%{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null
|
||||
%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
|
||||
%{_sbindir}/semodule -n -X 200 -s %{selinuxtype} -i $MODULES > /dev/null
|
||||
if %{_sbindir}/selinuxenabled ; then
|
||||
%{_sbindir}/load_policy
|
||||
%relabel_files
|
||||
if [ $1 -eq 1 ]; then
|
||||
restorecon -R %{_sharedstatedir}/docker &> /dev/null || :
|
||||
fi
|
||||
fi
|
||||
%selinux_modules_install -s %{selinuxtype} $MODULES
|
||||
. %{_sysconfdir}/selinux/config
|
||||
sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types
|
||||
matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
|
||||
|
||||
%postun
|
||||
if [ $1 -eq 0 ]; then
|
||||
%{_sbindir}/semodule -n -r %{modulenames} docker &> /dev/null || :
|
||||
if %{_sbindir}/selinuxenabled ; then
|
||||
%{_sbindir}/load_policy
|
||||
%relabel_files
|
||||
fi
|
||||
%selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
|
||||
fi
|
||||
|
||||
%posttrans
|
||||
%selinux_relabel_post -s %{selinuxtype}
|
||||
|
||||
#define license tag if not already defined
|
||||
%{!?_licensedir:%global license %doc}
|
||||
|
||||
@ -113,9 +104,17 @@ fi
|
||||
%{_datadir}/selinux/*
|
||||
|
||||
%changelog
|
||||
* Thu Mar 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.124.0-1.gitf958d0c
|
||||
- update to 2.124.0
|
||||
- Resolves: #1816541
|
||||
|
||||
* Thu Nov 28 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.94-2.git1e99f1d
|
||||
- rebuild because of CVE-2019-9512 and CVE-2019-9514
|
||||
- Resolves: #1766316, #1766215
|
||||
|
||||
* Thu Mar 28 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.94-1.git1e99f1d
|
||||
- Resolves: #1690286 - bump to v2.94
|
||||
- Resolves: #1692513, #1689255
|
||||
- Resolves: #1693806, #1689255
|
||||
|
||||
* Mon Mar 11 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.89-1.git2521d0d
|
||||
- bump to v2.89
|
||||
|
Loading…
Reference in New Issue
Block a user