5 changed files with 18 additions and 167 deletions
--- a/.container-selinux.metadata
+++ b/.container-selinux.metadata
@ -1 +1 @@
-98b7f05ef0e86a3c21f9da1c315eb0f9a1c58df4 SOURCES/v2.167.0.tar.gz
+b1b7c2f65716bc8e5a7911494ea19c0792cc13ad SOURCES/container-selinux-f958d0c.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/v2.167.0.tar.gz
+SOURCES/container-selinux-f958d0c.tar.gz
--- a/SOURCES/container-selinux-1957904.patch
+++ b/SOURCES/container-selinux-1957904.patch
@ -1,12 +0,0 @@
-diff -up container-selinux-2.163.0/container.te.orig container-selinux-2.163.0/container.te
--- container-selinux-2.163.0/container.te.orig	2021-06-16 16:14:04.107700701 +0200
-+++ container-selinux-2.163.0/container.te	2021-06-16 16:14:29.756010679 +0200
-@@ -454,7 +454,7 @@ modutils_domtrans_kmod(container_runtime
- systemd_status_all_unit_files(container_runtime_domain)
- systemd_start_systemd_services(container_runtime_domain)
- systemd_dbus_chat_logind(container_runtime_domain)
-systemd_chat_resolved(container_runtime_domain)
-+#systemd_chat_resolved(container_runtime_domain)
- 
- userdom_stream_connect(container_runtime_domain)
- userdom_search_user_home_content(container_runtime_domain)
--- a/SOURCES/rhel-fix.patch
+++ b/SOURCES/rhel-fix.patch
@ -1,12 +0,0 @@
-diff -up container-selinux-2.161.1/container.te.orig container-selinux-2.161.1/container.te
--- container-selinux-2.161.1/container.te.orig	2021-05-06 14:55:57.952216763 +0200
-+++ container-selinux-2.161.1/container.te	2021-05-06 14:56:02.027287991 +0200
-@@ -114,7 +114,7 @@ mls_trusted_object(container_runtime_t)
- #
- allow container_runtime_domain self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap sys_resource };
- allow container_runtime_domain self:tun_socket { create_socket_perms relabelto };
-allow container_runtime_domain self:lockdown { confidentiality integrity };
-+#allow container_runtime_domain self:lockdown { confidentiality integrity };
- allow container_runtime_domain self:process ~setcurrent;
- allow container_runtime_domain self:passwd rootok;
- allow container_runtime_domain self:fd use;
--- a/SPECS/container-selinux.spec
+++ b/SPECS/container-selinux.spec
@ -2,6 +2,8 @@

 # container-selinux
 %global git0 https://github.com/containers/container-selinux
+%global commit0 f958d0cee4099f79890247ec64b57502b3acdb9f
+%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # container-selinux stuff (prefix with ds_ for version/release etc.)
 # Some bits borrowed from the openstack-selinux package
@ -19,14 +21,12 @@

 Epoch: 2
 Name: container-selinux
-Version: 2.167.0
-Release: 1%{?dist}
+Version: 2.124.0
+Release: 1.git%{shortcommit0}%{?dist}
 License: GPLv2
 URL: %{git0}
 Summary: SELinux policies for container runtimes
-Source0: %{git0}/archive/v%{version}.tar.gz
-Patch0: rhel-fix.patch
-Patch1: container-selinux-1957904.patch
+Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 BuildArch: noarch
 BuildRequires: git
 BuildRequires: pkgconfig(systemd)
@ -53,7 +53,7 @@ Provides: docker-engine-selinux = %{epoch}:%{version}-%{release}
 SELinux policy modules for use with container runtimes.

 %prep
-%autosetup -Sgit
+%autosetup -Sgit -n %{name}-%{commit0}

 %build
 make
@ -63,10 +63,8 @@ make
 %_format MODULES $x.pp.bz2
 install -d %{buildroot}%{_datadir}/selinux/packages
 install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services
-install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services
+install -p -m 644 %{modulenames}.if %{buildroot}%{_datadir}/selinux/devel/include/services
 install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
-install -d %{buildroot}/%{_datadir}/containers/selinux
-install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts

 # remove spec file
 rm -rf %{name}.spec
@ -87,7 +85,7 @@ fi
 %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
 %selinux_modules_install -s %{selinuxtype} $MODULES
 . %{_sysconfdir}/selinux/config
-sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types > /dev/null 2>&1
+sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types
 matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :

 %postun
@ -104,142 +102,19 @@ fi
 %files
 %doc README.md
 %{_datadir}/selinux/*
-%dir %{_datadir}/containers/selinux
-%{_datadir}/containers/selinux/contexts

 %changelog
-* Mon Aug 30 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.167.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.167.0
- Related: #1934415
-
-* Fri Feb 12 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.158.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0
- Related: #1883490
-
-* Fri Jan 15 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.156.0-1
- update to
-  https://github.com/containers/container-selinux/releases/tag/v2.156.0
- Related: #1883490
-
-* Tue Jan 05 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.155.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.155.0
- Related: #1883490
-
-* Sat Jan 02 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.154.0-1
- update to
-  https://github.com/containers/container-selinux/releases/tag/v2.154.0
- Related: #1883490
-
-* Sat Dec 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.153.0-1
- update to
-  https://github.com/containers/container-selinux/releases/tag/v2.153.0
- Related: #1883490
-
-* Sat Dec 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.152.0-1
- update to
-  https://github.com/containers/container-selinux/releases/tag/v2.152.0
- Related: #1883490
-
-* Tue Nov 03 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.151.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.151.0
- Related: #1883490
-
-* Fri Oct 23 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.150.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.150.0
- Related: #1883490
-
-* Wed Oct 21 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.145.0-1
- synchronize with stream-container-tools-rhel8
- Related: #1883490
-
-* Thu Aug 13 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.144.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.144.0
- Related: #1821193
-
-* Mon Aug 10 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.143.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.143.0
- Related: #1821193
-
-* Sun Jul 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.142.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.142.0
- Related: #1821193
-
-* Sun Jul 19 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.139.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.139.0
- Related: #1821193
-
-* Fri Jul 10 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.138.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.138.0
- Related: #1821193
-
-* Fri Jun 12 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.137.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.137.0
- Related: #1821193
-
-* Sun May 31 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.135.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.135.0
- Related: #1821193
-
-* Fri May 29 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.134.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.134.0
- Related: #1821193
-
-* Tue May 12 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.132.0-1
- synchronize containter-tools 8.3.0 with 8.2.1
- Related: #1821193
-
-* Tue Apr 07 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.130.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.130.0
- don't use macros in changelog
- Related: #1821193
-
-* Wed Dec 11 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.124.0-1
+* Thu Mar 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.124.0-1.gitf958d0c
 - update to 2.124.0
- Related: RHELPLAN-25139
+- Resolves: #1816541

-* Fri Dec 06 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.123.0-2
- implement spec file refactoring by Zdenek Pytela, namely:
-  Change the uninstall command in the %%postun section of the specfile
-  to use the %%selinux_modules_uninstall macro which uses priority 200.
-  Change the install command in the %%post section if the specfile
-  to use the %%selinux_modules_install macro.
-  Replace relabel commands with using the %%selinux_relabel_pre and
-  %%selinux_relabel_post macros.
-  Change formatting so that the lines are vertically aligned
-  in the %%postun section.
-  (https://github.com/containers/container-selinux/pull/85)
- Related: RHELPLAN-25139
+* Thu Nov 28 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.94-2.git1e99f1d
+- rebuild because of CVE-2019-9512 and CVE-2019-9514
+- Resolves: #1766316, #1766215

-* Tue Nov 26 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.123.0-1
- update to 2.123.0
- Related: RHELPLAN-25139
-
-* Mon Nov 25 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.122.0-1
- update to 2.122.0
- Related: RHELPLAN-25139
-
-* Thu Nov 21 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.119.0-3.gita233788
- update to master container-selinux - bug 1769469
- Related: RHELPLAN-25139
-
-* Tue Nov 19 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.119.0-2
- fix post scriptlet - fail if semodule fails - bug 1729272
- Related: RHELPLAN-25139
-
-* Fri Nov 08 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.119.0-1
- update to 2.119.0
- Related: RHELPLAN-25139
-
-* Thu Oct 17 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.116-1
- update to 2.116
-  Resolves: #1748519
-
-* Tue Aug 13 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.107-2
- Use at least selinux policy 3.14.3-9.el8,
-  Resolves: #1728700
-
-* Fri Jun 14 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.107-1
- Resolves: #1720654 - rebase to v2.107
+* Thu Mar 28 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.94-1.git1e99f1d
+- Resolves: #1690286 - bump to v2.94
+- Resolves: #1693806, #1689255

 * Mon Mar 11 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.89-1.git2521d0d
 - bump to v2.89