3 changed files with 19 additions and 329 deletions
--- a/.container-selinux.metadata
+++ b/.container-selinux.metadata
@ -1 +1 @@
-5964cc236c3aa8f5822d43ff0a18af173664cbf5 SOURCES/v2.205.0.tar.gz
+b1b7c2f65716bc8e5a7911494ea19c0792cc13ad SOURCES/container-selinux-f958d0c.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/v2.205.0.tar.gz
+SOURCES/container-selinux-f958d0c.tar.gz
--- a/SPECS/container-selinux.spec
+++ b/SPECS/container-selinux.spec
@ -2,6 +2,8 @@

 # container-selinux
 %global git0 https://github.com/containers/container-selinux
+%global commit0 f958d0cee4099f79890247ec64b57502b3acdb9f
+%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 # container-selinux stuff (prefix with ds_ for version/release etc.)
 # Some bits borrowed from the openstack-selinux package
@ -15,16 +17,16 @@
 %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;

 # Version of SELinux we were using
-%global selinux_policyver 3.14.3-80.el8
+%global selinux_policyver 3.14.3-9.el8

 Epoch: 2
 Name: container-selinux
-Version: 2.205.0
-Release: 3%{?dist}
+Version: 2.124.0
+Release: 1.git%{shortcommit0}%{?dist}
 License: GPLv2
 URL: %{git0}
 Summary: SELinux policies for container runtimes
-Source0: %{git0}/archive/v%{version}.tar.gz
+Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 BuildArch: noarch
 BuildRequires: git
 BuildRequires: pkgconfig(systemd)
@ -46,24 +48,12 @@ Obsoletes: %{name} <= 2:1.12.5-14
 Obsoletes: docker-selinux <= 2:1.12.4-28
 Provides: docker-selinux = %{epoch}:%{version}-%{release}
 Provides: docker-engine-selinux = %{epoch}:%{version}-%{release}
-Conflicts: udica < 0.2.6-1

 %description
 SELinux policy modules for use with container runtimes.

 %prep
-%autosetup -Sgit
-
-sed -i 's/watch watch_reads//' container.if
-sed -i '/sysfs_t:dir watch/d' container.te
-sed -i '/systemd_chat_resolved/d' container.te
-sed -i 's/man: install-policy/man:/' Makefile
-sed -i 's/install: man/install:/' Makefile
-
-# https://github.com/containers/container-selinux/issues/203
-%if 0%{?fedora} <= 37 || 0%{?rhel} <= 9
-sed -i '/user_namespace/d' container.te
-%endif
+%autosetup -Sgit -n %{name}-%{commit0}

 %build
 make
@ -73,12 +63,8 @@ make
 %_format MODULES $x.pp.bz2
 install -d %{buildroot}%{_datadir}/selinux/packages
 install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services
-install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services
+install -p -m 644 %{modulenames}.if %{buildroot}%{_datadir}/selinux/devel/include/services
 install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
-install -d %{buildroot}/%{_datadir}/containers/selinux
-install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts
-install -d %{buildroot}%{_datadir}/udica/templates
-install -m 0644 udica-templates/*.cil %{buildroot}%{_datadir}/udica/templates

 # remove spec file
 rm -rf %{name}.spec
@ -99,7 +85,7 @@ fi
 %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
 %selinux_modules_install -s %{selinuxtype} $MODULES
 . %{_sysconfdir}/selinux/config
-sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types > /dev/null 2>&1
+sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types
 matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :

 %postun
@ -116,315 +102,19 @@ fi
 %files
 %doc README.md
 %{_datadir}/selinux/*
-%dir %{_datadir}/containers/selinux
-%{_datadir}/containers/selinux/contexts
-%dir %{_datadir}/udica/templates/
-%{_datadir}/udica/templates/*

 %changelog
-* Tue May 02 2023 Jindrich Novy <jnovy@redhat.com> - 2:2.205.0-3
- fix build for stable module
- Related: #2176055
-
-* Fri Apr 14 2023 Jindrich Novy <jnovy@redhat.com> - 2:2.205.0-2
- use conditionals from https://github.com/containers/container-selinux/blob/main/container-selinux.spec.rpkg
- Related: #2176055
-
-* Tue Mar 21 2023 Jindrich Novy <jnovy@redhat.com> - 2:2.205.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.205.0
- remove user_namespace class, thanks to Lokesh Mandvekar
- Related: #2176055
-
-* Tue Mar 14 2023 Jindrich Novy <jnovy@redhat.com> - 2:2.199.0-1
- revert back to https://github.com/containers/container-selinux/releases/tag/v2.199.0
-  (2.200.0 fails to build as it relies on the new selinux-policy which is not there yet)
- Related: #2176055
-
-* Mon Oct 31 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.191.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.191.0
- Related: #2129766
-
-* Wed Sep 14 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.190.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.190.0
- Related: #2123641
-
-* Fri Jul 15 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.189.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.189.0
- Related: #2061390
-
-* Mon Jun 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.188.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.188.0
- Related: #2061390
-
-* Fri May 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.187.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.187.0
- Related: #2061390
-
-* Wed Apr 20 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.183.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.183.0
- Related: #2061390
-
-* Wed Mar 23 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.181.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.181.0
- Related: #2061390
-
-* Fri Mar 11 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.180.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.180.0
- Related: #2061390
-
-* Mon Mar 07 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.179.1-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.179.1
- Related: #2061390
-
-* Fri Feb 11 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.178.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.178.0
- Related: #2001445
-
-* Thu Feb 10 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.177.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.177.0
- Related: #2001445
-
-* Thu Feb 03 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.176.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.176.0
- Related: #2001445
-
-* Wed Feb 02 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.174.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.174.0
- Related: #2001445
-
-* Thu Jan 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.2-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.173.2
- Related: #2001445
-
-* Fri Jan 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.1-2
- update minimal selinux_policy dependency
- Related: #2001445
-
-* Wed Jan 19 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.1-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.173.1
- Related: #2001445
-
-* Wed Jan 12 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.173.0-1
- lockdown allow rule was removed
- Related: #2001445
-
-* Fri Jan 07 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.172.1-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.172.1
- Related: #2001445
-
-* Tue Nov 23 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.172.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.172.0
- Related: #2001445
-
-* Mon Nov 15 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.171.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.171.0
- Related: #2001445
-
-* Wed Oct 06 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.170.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.170.0
- Related: #2001445
-
-* Mon Sep 27 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.169.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.169.0
- Related: #2001445
-
-* Tue Sep 21 2021 Vit Mojzis <vmojzis@redhat.com> - 2:2.168.0-2
- Start shipping udica templates
- Related: #2001445
-
-* Wed Sep 15 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.168.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.168.0
- Related: #2001445
-
-* Thu Aug 26 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.167.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.167.0
- Related: #1934415
-
-* Wed Aug 25 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.165.1-2
- update to https://github.com/containers/container-selinux/releases/tag/v2.165.1
- Related: #1934415
-
-* Tue Aug 03 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.164.2-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.164.2
- Related: #1934415
-
-* Wed Jul 21 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.164.1-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.164.1
- Related: #1934415
-
-* Thu Jun 17 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.163.0-2
- fix the build of 2.163.0
- Resolves: #1957904
-
-* Tue Jun 15 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.163.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.163.0
- Related: #1934415
-
-* Tue May 25 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.162.2-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.162.2
- Related: #1934415
-
-* Wed May 19 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.162.1-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.162.1
- Related: #1934415
-
-* Tue May 11 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.162.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.162.0
- Related: #1934415
-
-* Thu May 06 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.161.1-2
- do not use lockdown class yet - it is not available in RHEL
- Related: #1934415
-
-* Thu May 06 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.161.1-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.161.1
- Related: #1934415
-
-* Wed Apr 28 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.160.2-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.160.2
- Related: #1934415
-
-* Mon Apr 26 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.160.1-1
- update to
-  https://github.com/containers/container-selinux/releases/tag/v2.160.1
- Related: #1934415
-
-* Wed Mar 31 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.160.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.160.0
- Related: #1934415
-
-* Tue Mar 23 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.159.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.159.0
- Related: #1934415
-
-* Fri Feb 12 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.158.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0
- Related: #1883490
-
-* Fri Jan 15 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.156.0-1
- update to
-  https://github.com/containers/container-selinux/releases/tag/v2.156.0
- Related: #1883490
-
-* Tue Jan 05 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.155.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.155.0
- Related: #1883490
-
-* Sat Jan 02 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.154.0-1
- update to
-  https://github.com/containers/container-selinux/releases/tag/v2.154.0
- Related: #1883490
-
-* Sat Dec 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.153.0-1
- update to
-  https://github.com/containers/container-selinux/releases/tag/v2.153.0
- Related: #1883490
-
-* Sat Dec 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.152.0-1
- update to
-  https://github.com/containers/container-selinux/releases/tag/v2.152.0
- Related: #1883490
-
-* Tue Nov 03 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.151.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.151.0
- Related: #1883490
-
-* Fri Oct 23 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.150.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.150.0
- Related: #1883490
-
-* Wed Oct 21 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.145.0-1
- synchronize with stream-container-tools-rhel8
- Related: #1883490
-
-* Thu Aug 13 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.144.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.144.0
- Related: #1821193
-
-* Mon Aug 10 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.143.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.143.0
- Related: #1821193
-
-* Sun Jul 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.142.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.142.0
- Related: #1821193
-
-* Sun Jul 19 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.139.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.139.0
- Related: #1821193
-
-* Fri Jul 10 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.138.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.138.0
- Related: #1821193
-
-* Fri Jun 12 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.137.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.137.0
- Related: #1821193
-
-* Sun May 31 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.135.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.135.0
- Related: #1821193
-
-* Fri May 29 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.134.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.134.0
- Related: #1821193
-
-* Tue May 12 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.132.0-1
- synchronize containter-tools 8.3.0 with 8.2.1
- Related: #1821193
-
-* Tue Apr 07 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.130.0-1
- update to https://github.com/containers/container-selinux/releases/tag/v2.130.0
- don't use macros in changelog
- Related: #1821193
-
-* Wed Dec 11 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.124.0-1
+* Thu Mar 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.124.0-1.gitf958d0c
 - update to 2.124.0
- Related: RHELPLAN-25139
+- Resolves: #1816541

-* Fri Dec 06 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.123.0-2
- implement spec file refactoring by Zdenek Pytela, namely:
-  Change the uninstall command in the %%postun section of the specfile
-  to use the %%selinux_modules_uninstall macro which uses priority 200.
-  Change the install command in the %%post section if the specfile
-  to use the %%selinux_modules_install macro.
-  Replace relabel commands with using the %%selinux_relabel_pre and
-  %%selinux_relabel_post macros.
-  Change formatting so that the lines are vertically aligned
-  in the %%postun section.
-  (https://github.com/containers/container-selinux/pull/85)
- Related: RHELPLAN-25139
+* Thu Nov 28 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.94-2.git1e99f1d
+- rebuild because of CVE-2019-9512 and CVE-2019-9514
+- Resolves: #1766316, #1766215

-* Tue Nov 26 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.123.0-1
- update to 2.123.0
- Related: RHELPLAN-25139
-
-* Mon Nov 25 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.122.0-1
- update to 2.122.0
- Related: RHELPLAN-25139
-
-* Thu Nov 21 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.119.0-3.gita233788
- update to master container-selinux - bug 1769469
- Related: RHELPLAN-25139
-
-* Tue Nov 19 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.119.0-2
- fix post scriptlet - fail if semodule fails - bug 1729272
- Related: RHELPLAN-25139
-
-* Fri Nov 08 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.119.0-1
- update to 2.119.0
- Related: RHELPLAN-25139
-
-* Thu Oct 17 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.116-1
- update to 2.116
-  Resolves: #1748519
-
-* Tue Aug 13 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.107-2
- Use at least selinux policy 3.14.3-9.el8,
-  Resolves: #1728700
-
-* Fri Jun 14 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.107-1
- Resolves: #1720654 - rebase to v2.107
+* Thu Mar 28 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.94-1.git1e99f1d
+- Resolves: #1690286 - bump to v2.94
+- Resolves: #1693806, #1689255

 * Mon Mar 11 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.89-1.git2521d0d
 - bump to v2.89