|
|
@ -2,6 +2,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
# container-selinux
|
|
|
|
# container-selinux
|
|
|
|
%global git0 https://github.com/containers/container-selinux
|
|
|
|
%global git0 https://github.com/containers/container-selinux
|
|
|
|
|
|
|
|
%global commit0 f958d0cee4099f79890247ec64b57502b3acdb9f
|
|
|
|
|
|
|
|
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
|
|
|
|
|
|
|
|
|
|
|
# container-selinux stuff (prefix with ds_ for version/release etc.)
|
|
|
|
# container-selinux stuff (prefix with ds_ for version/release etc.)
|
|
|
|
# Some bits borrowed from the openstack-selinux package
|
|
|
|
# Some bits borrowed from the openstack-selinux package
|
|
|
@ -19,14 +21,12 @@
|
|
|
|
|
|
|
|
|
|
|
|
Epoch: 2
|
|
|
|
Epoch: 2
|
|
|
|
Name: container-selinux
|
|
|
|
Name: container-selinux
|
|
|
|
Version: 2.167.0
|
|
|
|
Version: 2.124.0
|
|
|
|
Release: 1%{?dist}
|
|
|
|
Release: 1.git%{shortcommit0}%{?dist}
|
|
|
|
License: GPLv2
|
|
|
|
License: GPLv2
|
|
|
|
URL: %{git0}
|
|
|
|
URL: %{git0}
|
|
|
|
Summary: SELinux policies for container runtimes
|
|
|
|
Summary: SELinux policies for container runtimes
|
|
|
|
Source0: %{git0}/archive/v%{version}.tar.gz
|
|
|
|
Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
|
|
|
Patch0: rhel-fix.patch
|
|
|
|
|
|
|
|
Patch1: container-selinux-1957904.patch
|
|
|
|
|
|
|
|
BuildArch: noarch
|
|
|
|
BuildArch: noarch
|
|
|
|
BuildRequires: git
|
|
|
|
BuildRequires: git
|
|
|
|
BuildRequires: pkgconfig(systemd)
|
|
|
|
BuildRequires: pkgconfig(systemd)
|
|
|
@ -53,7 +53,7 @@ Provides: docker-engine-selinux = %{epoch}:%{version}-%{release}
|
|
|
|
SELinux policy modules for use with container runtimes.
|
|
|
|
SELinux policy modules for use with container runtimes.
|
|
|
|
|
|
|
|
|
|
|
|
%prep
|
|
|
|
%prep
|
|
|
|
%autosetup -Sgit
|
|
|
|
%autosetup -Sgit -n %{name}-%{commit0}
|
|
|
|
|
|
|
|
|
|
|
|
%build
|
|
|
|
%build
|
|
|
|
make
|
|
|
|
make
|
|
|
@ -63,10 +63,8 @@ make
|
|
|
|
%_format MODULES $x.pp.bz2
|
|
|
|
%_format MODULES $x.pp.bz2
|
|
|
|
install -d %{buildroot}%{_datadir}/selinux/packages
|
|
|
|
install -d %{buildroot}%{_datadir}/selinux/packages
|
|
|
|
install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services
|
|
|
|
install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services
|
|
|
|
install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services
|
|
|
|
install -p -m 644 %{modulenames}.if %{buildroot}%{_datadir}/selinux/devel/include/services
|
|
|
|
install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
|
|
|
|
install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
|
|
|
|
install -d %{buildroot}/%{_datadir}/containers/selinux
|
|
|
|
|
|
|
|
install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# remove spec file
|
|
|
|
# remove spec file
|
|
|
|
rm -rf %{name}.spec
|
|
|
|
rm -rf %{name}.spec
|
|
|
@ -87,7 +85,7 @@ fi
|
|
|
|
%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
|
|
|
|
%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
|
|
|
|
%selinux_modules_install -s %{selinuxtype} $MODULES
|
|
|
|
%selinux_modules_install -s %{selinuxtype} $MODULES
|
|
|
|
. %{_sysconfdir}/selinux/config
|
|
|
|
. %{_sysconfdir}/selinux/config
|
|
|
|
sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types > /dev/null 2>&1
|
|
|
|
sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types
|
|
|
|
matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
|
|
|
|
matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
|
|
|
|
|
|
|
|
|
|
|
|
%postun
|
|
|
|
%postun
|
|
|
@ -104,142 +102,19 @@ fi
|
|
|
|
%files
|
|
|
|
%files
|
|
|
|
%doc README.md
|
|
|
|
%doc README.md
|
|
|
|
%{_datadir}/selinux/*
|
|
|
|
%{_datadir}/selinux/*
|
|
|
|
%dir %{_datadir}/containers/selinux
|
|
|
|
|
|
|
|
%{_datadir}/containers/selinux/contexts
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
%changelog
|
|
|
|
* Mon Aug 30 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.167.0-1
|
|
|
|
* Thu Mar 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.124.0-1.gitf958d0c
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.167.0
|
|
|
|
|
|
|
|
- Related: #1934415
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Feb 12 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.158.0-1
|
|
|
|
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0
|
|
|
|
|
|
|
|
- Related: #1883490
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Jan 15 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.156.0-1
|
|
|
|
|
|
|
|
- update to
|
|
|
|
|
|
|
|
https://github.com/containers/container-selinux/releases/tag/v2.156.0
|
|
|
|
|
|
|
|
- Related: #1883490
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Jan 05 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.155.0-1
|
|
|
|
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.155.0
|
|
|
|
|
|
|
|
- Related: #1883490
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Sat Jan 02 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.154.0-1
|
|
|
|
|
|
|
|
- update to
|
|
|
|
|
|
|
|
https://github.com/containers/container-selinux/releases/tag/v2.154.0
|
|
|
|
|
|
|
|
- Related: #1883490
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Sat Dec 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.153.0-1
|
|
|
|
|
|
|
|
- update to
|
|
|
|
|
|
|
|
https://github.com/containers/container-selinux/releases/tag/v2.153.0
|
|
|
|
|
|
|
|
- Related: #1883490
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Sat Dec 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.152.0-1
|
|
|
|
|
|
|
|
- update to
|
|
|
|
|
|
|
|
https://github.com/containers/container-selinux/releases/tag/v2.152.0
|
|
|
|
|
|
|
|
- Related: #1883490
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Nov 03 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.151.0-1
|
|
|
|
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.151.0
|
|
|
|
|
|
|
|
- Related: #1883490
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Oct 23 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.150.0-1
|
|
|
|
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.150.0
|
|
|
|
|
|
|
|
- Related: #1883490
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Wed Oct 21 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.145.0-1
|
|
|
|
|
|
|
|
- synchronize with stream-container-tools-rhel8
|
|
|
|
|
|
|
|
- Related: #1883490
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Aug 13 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.144.0-1
|
|
|
|
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.144.0
|
|
|
|
|
|
|
|
- Related: #1821193
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Mon Aug 10 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.143.0-1
|
|
|
|
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.143.0
|
|
|
|
|
|
|
|
- Related: #1821193
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Sun Jul 26 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.142.0-1
|
|
|
|
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.142.0
|
|
|
|
|
|
|
|
- Related: #1821193
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Sun Jul 19 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.139.0-1
|
|
|
|
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.139.0
|
|
|
|
|
|
|
|
- Related: #1821193
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Jul 10 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.138.0-1
|
|
|
|
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.138.0
|
|
|
|
|
|
|
|
- Related: #1821193
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Jun 12 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.137.0-1
|
|
|
|
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.137.0
|
|
|
|
|
|
|
|
- Related: #1821193
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Sun May 31 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.135.0-1
|
|
|
|
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.135.0
|
|
|
|
|
|
|
|
- Related: #1821193
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri May 29 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.134.0-1
|
|
|
|
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.134.0
|
|
|
|
|
|
|
|
- Related: #1821193
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue May 12 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.132.0-1
|
|
|
|
|
|
|
|
- synchronize containter-tools 8.3.0 with 8.2.1
|
|
|
|
|
|
|
|
- Related: #1821193
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Apr 07 2020 Jindrich Novy <jnovy@redhat.com> - 2:2.130.0-1
|
|
|
|
|
|
|
|
- update to https://github.com/containers/container-selinux/releases/tag/v2.130.0
|
|
|
|
|
|
|
|
- don't use macros in changelog
|
|
|
|
|
|
|
|
- Related: #1821193
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Wed Dec 11 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.124.0-1
|
|
|
|
|
|
|
|
- update to 2.124.0
|
|
|
|
- update to 2.124.0
|
|
|
|
- Related: RHELPLAN-25139
|
|
|
|
- Resolves: #1816541
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Dec 06 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.123.0-2
|
|
|
|
* Thu Nov 28 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.94-2.git1e99f1d
|
|
|
|
- implement spec file refactoring by Zdenek Pytela, namely:
|
|
|
|
- rebuild because of CVE-2019-9512 and CVE-2019-9514
|
|
|
|
Change the uninstall command in the %%postun section of the specfile
|
|
|
|
- Resolves: #1766316, #1766215
|
|
|
|
to use the %%selinux_modules_uninstall macro which uses priority 200.
|
|
|
|
|
|
|
|
Change the install command in the %%post section if the specfile
|
|
|
|
|
|
|
|
to use the %%selinux_modules_install macro.
|
|
|
|
|
|
|
|
Replace relabel commands with using the %%selinux_relabel_pre and
|
|
|
|
|
|
|
|
%%selinux_relabel_post macros.
|
|
|
|
|
|
|
|
Change formatting so that the lines are vertically aligned
|
|
|
|
|
|
|
|
in the %%postun section.
|
|
|
|
|
|
|
|
(https://github.com/containers/container-selinux/pull/85)
|
|
|
|
|
|
|
|
- Related: RHELPLAN-25139
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Nov 26 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.123.0-1
|
|
|
|
* Thu Mar 28 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.94-1.git1e99f1d
|
|
|
|
- update to 2.123.0
|
|
|
|
- Resolves: #1690286 - bump to v2.94
|
|
|
|
- Related: RHELPLAN-25139
|
|
|
|
- Resolves: #1693806, #1689255
|
|
|
|
|
|
|
|
|
|
|
|
* Mon Nov 25 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.122.0-1
|
|
|
|
|
|
|
|
- update to 2.122.0
|
|
|
|
|
|
|
|
- Related: RHELPLAN-25139
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Nov 21 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.119.0-3.gita233788
|
|
|
|
|
|
|
|
- update to master container-selinux - bug 1769469
|
|
|
|
|
|
|
|
- Related: RHELPLAN-25139
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Nov 19 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.119.0-2
|
|
|
|
|
|
|
|
- fix post scriptlet - fail if semodule fails - bug 1729272
|
|
|
|
|
|
|
|
- Related: RHELPLAN-25139
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Nov 08 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.119.0-1
|
|
|
|
|
|
|
|
- update to 2.119.0
|
|
|
|
|
|
|
|
- Related: RHELPLAN-25139
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Oct 17 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.116-1
|
|
|
|
|
|
|
|
- update to 2.116
|
|
|
|
|
|
|
|
Resolves: #1748519
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Aug 13 2019 Jindrich Novy <jnovy@redhat.com> - 2:2.107-2
|
|
|
|
|
|
|
|
- Use at least selinux policy 3.14.3-9.el8,
|
|
|
|
|
|
|
|
Resolves: #1728700
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Jun 14 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.107-1
|
|
|
|
|
|
|
|
- Resolves: #1720654 - rebase to v2.107
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Mon Mar 11 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.89-1.git2521d0d
|
|
|
|
* Mon Mar 11 2019 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.89-1.git2521d0d
|
|
|
|
- bump to v2.89
|
|
|
|
- bump to v2.89
|
|
|
|