Compare commits
No commits in common. "c8-stream-1.0" and "c9-beta-stream-latest" have entirely different histories.
c8-stream-
...
c9-beta-st
@ -1 +1 @@
|
|||||||
b1b7c2f65716bc8e5a7911494ea19c0792cc13ad SOURCES/container-selinux-f958d0c.tar.gz
|
98b7f05ef0e86a3c21f9da1c315eb0f9a1c58df4 SOURCES/v2.167.0.tar.gz
|
||||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/container-selinux-f958d0c.tar.gz
|
SOURCES/v2.167.0.tar.gz
|
||||||
|
@ -2,8 +2,6 @@
|
|||||||
|
|
||||||
# container-selinux
|
# container-selinux
|
||||||
%global git0 https://github.com/containers/container-selinux
|
%global git0 https://github.com/containers/container-selinux
|
||||||
%global commit0 f958d0cee4099f79890247ec64b57502b3acdb9f
|
|
||||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
|
||||||
|
|
||||||
# container-selinux stuff (prefix with ds_ for version/release etc.)
|
# container-selinux stuff (prefix with ds_ for version/release etc.)
|
||||||
# Some bits borrowed from the openstack-selinux package
|
# Some bits borrowed from the openstack-selinux package
|
||||||
@ -19,14 +17,14 @@
|
|||||||
# Version of SELinux we were using
|
# Version of SELinux we were using
|
||||||
%global selinux_policyver 3.14.3-9.el8
|
%global selinux_policyver 3.14.3-9.el8
|
||||||
|
|
||||||
Epoch: 2
|
Epoch: 3
|
||||||
Name: container-selinux
|
Name: container-selinux
|
||||||
Version: 2.124.0
|
Version: 2.167.0
|
||||||
Release: 1.git%{shortcommit0}%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
URL: %{git0}
|
URL: %{git0}
|
||||||
Summary: SELinux policies for container runtimes
|
Summary: SELinux policies for container runtimes
|
||||||
Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
Source0: %{git0}/archive/v%{version}.tar.gz
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRequires: git
|
BuildRequires: git
|
||||||
BuildRequires: pkgconfig(systemd)
|
BuildRequires: pkgconfig(systemd)
|
||||||
@ -53,7 +51,7 @@ Provides: docker-engine-selinux = %{epoch}:%{version}-%{release}
|
|||||||
SELinux policy modules for use with container runtimes.
|
SELinux policy modules for use with container runtimes.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -Sgit -n %{name}-%{commit0}
|
%autosetup -Sgit
|
||||||
|
|
||||||
%build
|
%build
|
||||||
make
|
make
|
||||||
@ -63,8 +61,10 @@ make
|
|||||||
%_format MODULES $x.pp.bz2
|
%_format MODULES $x.pp.bz2
|
||||||
install -d %{buildroot}%{_datadir}/selinux/packages
|
install -d %{buildroot}%{_datadir}/selinux/packages
|
||||||
install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services
|
install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services
|
||||||
install -p -m 644 %{modulenames}.if %{buildroot}%{_datadir}/selinux/devel/include/services
|
install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services
|
||||||
install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
|
install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
|
||||||
|
install -d %{buildroot}/%{_datadir}/containers/selinux
|
||||||
|
install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts
|
||||||
|
|
||||||
# remove spec file
|
# remove spec file
|
||||||
rm -rf %{name}.spec
|
rm -rf %{name}.spec
|
||||||
@ -85,7 +85,7 @@ fi
|
|||||||
%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
|
%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
|
||||||
%selinux_modules_install -s %{selinuxtype} $MODULES
|
%selinux_modules_install -s %{selinuxtype} $MODULES
|
||||||
. %{_sysconfdir}/selinux/config
|
. %{_sysconfdir}/selinux/config
|
||||||
sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types
|
sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types > /dev/null 2>&1
|
||||||
matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
|
matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
@ -93,6 +93,12 @@ if [ $1 -eq 0 ]; then
|
|||||||
%selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
|
%selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
%triggerpostun -- container-selinux < 3:2.162.1-3
|
||||||
|
if %{_sbindir}/selinuxenabled ; then
|
||||||
|
echo "Fixing Rootless SELinux labels in homedir"
|
||||||
|
%{_sbindir}/restorecon -R /home/*/.local/share/containers/storage/overlay* 2> /dev/null || :
|
||||||
|
fi
|
||||||
|
|
||||||
%posttrans
|
%posttrans
|
||||||
%selinux_relabel_post -s %{selinuxtype}
|
%selinux_relabel_post -s %{selinuxtype}
|
||||||
|
|
||||||
@ -102,23 +108,115 @@ fi
|
|||||||
%files
|
%files
|
||||||
%doc README.md
|
%doc README.md
|
||||||
%{_datadir}/selinux/*
|
%{_datadir}/selinux/*
|
||||||
|
%dir %{_datadir}/containers/selinux
|
||||||
|
%{_datadir}/containers/selinux/contexts
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Mar 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.124.0-1.gitf958d0c
|
* Thu Aug 26 2021 Jindrich Novy <jnovy@redhat.com> - 3:2.167.0-1
|
||||||
- update to 2.124.0
|
- update to
|
||||||
- Resolves: #1816541
|
https://github.com/containers/container-selinux/releases/tag/v2.167.0
|
||||||
|
|
||||||
* Thu Nov 28 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.94-2.git1e99f1d
|
* Wed Aug 25 2021 Jindrich Novy <jnovy@redhat.com> - 3:2.165.1-1
|
||||||
- rebuild because of CVE-2019-9512 and CVE-2019-9514
|
- update to
|
||||||
- Resolves: #1766316, #1766215
|
https://github.com/containers/container-selinux/releases/tag/v2.165.1
|
||||||
|
|
||||||
* Thu Mar 28 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.94-1.git1e99f1d
|
* Tue Aug 03 2021 Jindrich Novy <jnovy@redhat.com> - 3:2.164.2-1
|
||||||
- Resolves: #1690286 - bump to v2.94
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.164.2
|
||||||
- Resolves: #1693806, #1689255
|
- Related: #1970747
|
||||||
|
|
||||||
|
* Mon Jul 19 2021 Jindrich Novy <jnovy@redhat.com> - 3:2.164.1-1
|
||||||
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.164.1
|
||||||
|
- Related: #1970747
|
||||||
|
|
||||||
|
* Wed Jun 23 2021 Jindrich Novy <jnovy@redhat.com> - 3:2.163.0-2
|
||||||
|
- add trigger to fix labels in users homedirs, before overlayfs
|
||||||
|
is supported by default for non root users
|
||||||
|
- Resolves: #1969996
|
||||||
|
|
||||||
|
* Tue Jun 15 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.163.0-1
|
||||||
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.163.0
|
||||||
|
- Related: #1970747
|
||||||
|
|
||||||
|
* Tue May 25 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.162.2-1
|
||||||
|
- update to
|
||||||
|
https://github.com/containers/container-selinux/releases/tag/v2.162.2
|
||||||
|
|
||||||
|
* Wed May 19 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.162.1-1
|
||||||
|
- update to
|
||||||
|
https://github.com/containers/container-selinux/releases/tag/v2.162.1
|
||||||
|
|
||||||
|
* Tue May 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.162.0-1
|
||||||
|
- update to
|
||||||
|
https://github.com/containers/container-selinux/releases/tag/v2.162.0
|
||||||
|
|
||||||
|
* Fri May 07 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.161.1-1
|
||||||
|
- update to
|
||||||
|
https://github.com/containers/container-selinux/releases/tag/v2.161.1
|
||||||
|
|
||||||
|
* Wed Mar 31 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.160.0-1
|
||||||
|
- update to
|
||||||
|
https://github.com/containers/container-selinux/releases/tag/v2.160.0
|
||||||
|
|
||||||
|
* Tue Mar 23 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.159.0-1
|
||||||
|
- update to
|
||||||
|
https://github.com/containers/container-selinux/releases/tag/v2.159.0
|
||||||
|
|
||||||
|
* Fri Feb 12 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.158.0-1
|
||||||
|
- update to
|
||||||
|
https://github.com/containers/container-selinux/releases/tag/v2.158.0
|
||||||
|
|
||||||
|
* Wed Jan 20 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.156.0-1
|
||||||
|
- update to
|
||||||
|
https://github.com/containers/container-selinux/releases/tag/v2.156.0
|
||||||
|
|
||||||
|
* Tue Jan 05 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.155.0-1
|
||||||
|
- update to
|
||||||
|
https://github.com/containers/container-selinux/releases/tag/v2.155.0
|
||||||
|
|
||||||
|
* Mon Jan 04 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.154.0-0.2
|
||||||
|
- update to
|
||||||
|
https://github.com/containers/container-selinux/releases/tag/v2.154.0
|
||||||
|
|
||||||
|
* Sun Dec 20 2020 Petr Šabata <contyk@redhat.com> - 2:2.151.0-1.1
|
||||||
|
- Minor bump for gcc11
|
||||||
|
|
||||||
|
* Tue Nov 03 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.151.0-1
|
||||||
|
- update to
|
||||||
|
https://github.com/containers/container-selinux/releases/tag/v2.151.0
|
||||||
|
|
||||||
|
* Fri Oct 23 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.150.0-1
|
||||||
|
- update to
|
||||||
|
https://github.com/containers/container-selinux/releases/tag/v2.150.0
|
||||||
|
|
||||||
|
* Fri Sep 18 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.145.0-1
|
||||||
|
- update to
|
||||||
|
https://github.com/containers/container-selinux/releases/tag/v2.145.0
|
||||||
|
|
||||||
|
* Thu Sep 17 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.144.0-2
|
||||||
|
- sync with rhel8-8.3.0
|
||||||
|
|
||||||
|
* Thu Sep 17 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.144.0-1
|
||||||
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.144.0
|
||||||
|
- Related: #1821193
|
||||||
|
|
||||||
|
* Fri Jun 14 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.107-1
|
||||||
|
- Resolves: #1720654 - rebase to v2.107
|
||||||
|
|
||||||
|
* Tue Apr 30 2019 Eduardo Santiago <santiago@redhat.com> - 2:2.99-3.git9a53d6c
|
||||||
|
- strip away fs_manage_fusefs_* to resolve build-time error
|
||||||
|
|
||||||
|
* Tue Apr 23 2019 Frantisek Kluknavsky <fkluknav@redhat.com> - 2:2.99-2.git9a53d6c
|
||||||
|
- rebase
|
||||||
|
|
||||||
* Mon Mar 11 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.89-1.git2521d0d
|
* Mon Mar 11 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.89-1.git2521d0d
|
||||||
- bump to v2.89
|
- bump to v2.89
|
||||||
|
|
||||||
|
* Fri Mar 01 2019 Frantisek Kluknavsky <fkluknav@redhat.com> - 2:2.87-3.git891a85f
|
||||||
|
- fix fersion number
|
||||||
|
|
||||||
|
* Fri Mar 01 2019 Frantisek Kluknavsky <fkluknav@redhat.com> - 2:2.75-2.git891a85f
|
||||||
|
- rebase
|
||||||
|
|
||||||
* Tue Nov 13 2018 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.75-1.git99e2cfd
|
* Tue Nov 13 2018 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.75-1.git99e2cfd
|
||||||
- bump to v2.75
|
- bump to v2.75
|
||||||
- built commit 99e2cfd
|
- built commit 99e2cfd
|
||||||
|
Loading…
Reference in New Issue
Block a user