rpms/container-selinux
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Add labels for crio rename

Browse Source 
Break container_t rules out to use a separate container_domain
Allow containers to be able to set namespaced SYCTLS
Allow sandbox containers manage fuse files.
Fixes to make container_runtimes work on MLS machines
Bump version to allow handling of container_file_t filesystems
Allow containers to mount, remount and umount container_file_t file systems
Fixes to handle cap_userns
Give container_t access to XFRM sockets
Allow spc_t to dbus chat with init system
Allow spc_t to dbus chat with init system
Add rules to allow container runtimes to run with unconfined disabled
Add rules to support cgroup file systems mounted into container.
Fix typebounds entrypoint problems
Fix typebounds problems
Add typebounds statement for container_t from container_runtime_t
We should only label runc not runc*
This commit is contained in:
Dan Walsh 2017-05-19 07:19:44 -04:00
parent d6c9f15f16
commit ed21ef74dc
1 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
container-selinux.spec
View File

@ -3,7 +3,7 @@
# container-selinux # container-selinux
%global git0 https://github.com/projectatomic/container-selinux %global git0 https://github.com/projectatomic/container-selinux
%if 0%{?fedora} %if 0%{?fedora}
%global commit0 8f8caa66c11f8657ebf8ae50d7221ee3a97ac7d3 %global commit0 14f7c51001a452a1cf3e162845c2915aeb167fac
%else %else
# use upstream's RHEL-1.12 branch for CentOS 7 # use upstream's RHEL-1.12 branch for CentOS 7
%global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1 %global commit0 56c32da8a72f9e7af5daeaebac5b887830d123b1
@ -35,7 +35,7 @@ Name: container-selinux
%if 0%{?fedora} || 0%{?centos} %if 0%{?fedora} || 0%{?centos}
Epoch: 2 Epoch: 2
%endif %endif
Version: 2.10 Version: 2.14
Release: 1%{?dist} Release: 1%{?dist}
License: GPLv2 License: GPLv2
URL: %{git0} URL: %{git0}
@ -118,6 +118,25 @@ fi
%{_datadir}/selinux/* %{_datadir}/selinux/*
%changelog %changelog
* Fri May 19 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.14-1
- Add labels for crio rename
- Break container_t rules out to use a separate container_domain
- Allow containers to be able to set namespaced SYCTLS
- Allow sandbox containers manage fuse files.
- Fixes to make container_runtimes work on MLS machines
- Bump version to allow handling of container_file_t filesystems
- Allow containers to mount, remount and umount container_file_t file systems
- Fixes to handle cap_userns
- Give container_t access to XFRM sockets
- Allow spc_t to dbus chat with init system
- Allow spc_t to dbus chat with init system
- Add rules to allow container runtimes to run with unconfined disabled
- Add rules to support cgroup file systems mounted into container.
- Fix typebounds entrypoint problems
- Fix typebounds problems
- Add typebounds statement for container_t from container_runtime_t
- We should only label runc not runc*
* Tue Feb 28 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.10-1 * Tue Feb 28 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.10-1
- Add rules to allow container runtimes to run with unconfined disabled - Add rules to allow container runtimes to run with unconfined disabled
- Add rules to support cgroup file systems mounted into container. - Add rules to support cgroup file systems mounted into container.