import udica-0.2.5-2.module+el9.0.0+12467+378c8264

This commit is contained in:
CentOS Sources 2021-11-02 07:09:52 -04:00 committed by Stepan Oksanichenko
commit c2cbc98464
4 changed files with 586 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/v0.2.5.tar.gz

1
.udica.metadata Normal file
View File

@ -0,0 +1 @@
e666f59801d7d01d138270ee43f1ea33c658631a SOURCES/v0.2.5.tar.gz

View File

@ -0,0 +1,381 @@
From 09bf6b339f1219769ada2c108c429013af19ceb5 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Thu, 26 Aug 2021 17:48:45 +0200
Subject: [PATCH] Update templates to work properly with new cil parser
Cil parser was recently updated to reject the following:
(block template1 (type t) )
(block template2 (blockinherit template1))
(block b (blockinherit template1) (blockinherit template2))
Re-declaration of type t
Previous declaration of type at /var/lib/selinux/targeted/tmp/modules/400/test/cil:1
Failed to copy block contents into blockinherit
Failed to resolve AST
semodule: Failed!
Remove (blockinherit container) from all templates so that "process" and
"socket" are only defined once (by inheriting "container" block in the
generated policy).
All allow rules referencing "process" and "socket" now need to be
enclosed in an optional block.
While at it, unify indentation.
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
udica/templates/config_container.cil | 33 ++++++++++---------
udica/templates/home_container.cil | 48 +++++++++++++++-------------
udica/templates/log_container.cil | 44 +++++++++++++------------
udica/templates/net_container.cil | 32 +++++++++----------
udica/templates/tmp_container.cil | 18 +++++------
udica/templates/tty_container.cil | 13 ++++----
udica/templates/virt_container.cil | 20 ++++++------
udica/templates/x_container.cil | 30 ++++++++---------
8 files changed, 120 insertions(+), 118 deletions(-)
diff --git a/udica/templates/config_container.cil b/udica/templates/config_container.cil
index abd2c0e..6014f90 100644
--- a/udica/templates/config_container.cil
+++ b/udica/templates/config_container.cil
@@ -1,25 +1,24 @@
(block config_container
- (blockinherit container)
-
- (allow process configfile (dir (ioctl read getattr lock search open)))
- (allow process configfile (file (ioctl read getattr lock open)))
- (allow process configfile (lnk_file (read getattr)))
-
+ (optional config_container_optional
+ (allow process configfile (dir (ioctl read getattr lock search open)))
+ (allow process configfile (file (ioctl read getattr lock open)))
+ (allow process configfile (lnk_file (read getattr)))
+ )
)
(block config_rw_container
- (blockinherit config_container)
-
- (allow process configfile (dir (ioctl read write getattr lock append open)))
- (allow process configfile (file (ioctl read write getattr lock append open)))
- (allow process configfile (lnk_file (ioctl read write getattr lock append open)))
+ (blockinherit config_container)
+ (optional config_rw_container_optional
+ (allow process configfile (dir (ioctl read write getattr lock append open)))
+ (allow process configfile (file (ioctl read write getattr lock append open)))
+ (allow process configfile (lnk_file (ioctl read write getattr lock append open)))
+ )
)
(block config_manage_container
- (blockinherit container)
-
- (allow process configfile (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
- (allow process configfile (file (ioctl read write create getattr setattr lock append unlink link rename open)))
- (allow process configfile (lnk_file (ioctl read write create getattr setattr lock append unlink link rename open)))
-
+ (optional config_manage_container_optional
+ (allow process configfile (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
+ (allow process configfile (file (ioctl read write create getattr setattr lock append unlink link rename open)))
+ (allow process configfile (lnk_file (ioctl read write create getattr setattr lock append unlink link rename open)))
+ )
)
diff --git a/udica/templates/home_container.cil b/udica/templates/home_container.cil
index 2683606..33499bc 100644
--- a/udica/templates/home_container.cil
+++ b/udica/templates/home_container.cil
@@ -1,33 +1,37 @@
(block home_container
- (blockinherit container)
+ (optional home_container_optional
+ (allow process process (capability (dac_override )))
- (allow process process (capability (dac_override )))
+ (allow process user_home_dir_t (dir (getattr search open read lock ioctl)))
+ (allow process home_root_t (dir (getattr search open read lock ioctl)))
+ (allow process user_home_t (dir (getattr search open read lock ioctl)))
- (allow process user_home_dir_t (dir (getattr search open read lock ioctl)))
- (allow process home_root_t (dir (getattr search open read lock ioctl)))
- (allow process user_home_t (dir (getattr search open read lock ioctl)))
-
- (allow process user_home_dir_t (file (getattr ioctl lock open read)))
- (allow process user_home_t (file (getattr ioctl lock open read)))
+ (allow process user_home_dir_t (file (getattr ioctl lock open read)))
+ (allow process user_home_t (file (getattr ioctl lock open read)))
+ )
)
(block home_rw_container
- (blockinherit home_container)
- (allow process user_home_dir_t (dir (open getattr setattr read write link search add_name remove_name reparent lock ioctl)))
- (allow process home_root_t (dir (open getattr setattr read write link search add_name remove_name reparent lock ioctl)))
- (allow process user_home_t (dir (open getattr setattr read write link search add_name remove_name reparent lock ioctl)))
-
- (allow process user_home_t (file (open getattr read write append ioctl lock)))
- (allow process user_home_dir_t (file (open getattr read write append ioctl lock)))
+ (blockinherit home_container)
+ (optional home_rw_container_optional
+ (allow process user_home_dir_t (dir (open getattr setattr read write link search add_name remove_name reparent lock ioctl)))
+ (allow process home_root_t (dir (open getattr setattr read write link search add_name remove_name reparent lock ioctl)))
+ (allow process user_home_t (dir (open getattr setattr read write link search add_name remove_name reparent lock ioctl)))
+
+ (allow process user_home_t (file (open getattr read write append ioctl lock)))
+ (allow process user_home_dir_t (file (open getattr read write append ioctl lock)))
+ )
)
(block home_manage_container
- (blockinherit home_rw_container)
- (allow process user_home_dir_t (dir (create unlink rename rmdir )))
- (allow process home_root_t (dir (create unlink rename rmdir )))
- (allow process user_home_t (dir (create unlink rename rmdir )))
-
- (allow process user_home_t (file (create rename link unlink )))
- (allow process user_home_dir_t (file (create rename link unlink )))
+ (blockinherit home_rw_container)
+ (optional home_manage_container_optional
+ (allow process user_home_dir_t (dir (create unlink rename rmdir )))
+ (allow process home_root_t (dir (create unlink rename rmdir )))
+ (allow process user_home_t (dir (create unlink rename rmdir )))
+
+ (allow process user_home_t (file (create rename link unlink )))
+ (allow process user_home_dir_t (file (create rename link unlink )))
+ )
)
diff --git a/udica/templates/log_container.cil b/udica/templates/log_container.cil
index 767c669..a5ecf45 100644
--- a/udica/templates/log_container.cil
+++ b/udica/templates/log_container.cil
@@ -1,31 +1,35 @@
(block log_container
- (blockinherit container)
-
- (allow process var_t (dir (getattr search open)))
- (allow process logfile (dir (ioctl read getattr lock search open)))
- (allow process logfile (file (ioctl read getattr lock open map)))
- (allow process auditd_log_t (dir (ioctl read getattr lock search open)))
- (allow process auditd_log_t (file (ioctl read getattr lock open)))
+ (optional log_container_optional
+ (allow process var_t (dir (getattr search open)))
+ (allow process logfile (dir (ioctl read getattr lock search open)))
+ (allow process logfile (file (ioctl read getattr lock open map)))
+ (allow process auditd_log_t (dir (ioctl read getattr lock search open)))
+ (allow process auditd_log_t (file (ioctl read getattr lock open)))
+ )
)
(block log_rw_container
- (blockinherit log_container)
+ (blockinherit log_container)
- (allow process logfile (dir (ioctl read write create getattr setattr lock add_name search open)))
- (allow process logfile (file (ioctl read write create getattr setattr lock append open)))
- (allow process logfile (lnk_file (ioctl read write getattr lock append open)))
- (allow process var_t (dir (getattr search open)))
- (allow process auditd_log_t (dir (ioctl read getattr lock search open)))
- (allow process auditd_log_t (file (ioctl read getattr lock open)))
+ (optional log_rw_container_optional
+ (allow process logfile (dir (ioctl read write create getattr setattr lock add_name search open)))
+ (allow process logfile (file (ioctl read write create getattr setattr lock append open)))
+ (allow process logfile (lnk_file (ioctl read write getattr lock append open)))
+ (allow process var_t (dir (getattr search open)))
+ (allow process auditd_log_t (dir (ioctl read getattr lock search open)))
+ (allow process auditd_log_t (file (ioctl read getattr lock open)))
+ )
)
(block log_manage_container
- (blockinherit log_rw_container)
+ (blockinherit log_rw_container)
- (allow process logfile (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
- (allow process logfile (file (ioctl read write create getattr setattr lock append unlink link rename open)))
- (allow process logfile (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
- (allow process auditd_log_t (dir (ioctl read write getattr lock search open)))
- (allow process auditd_log_t (file (ioctl read write getattr lock open)))
+ (optional log_manage_container_optional
+ (allow process logfile (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open)))
+ (allow process logfile (file (ioctl read write create getattr setattr lock append unlink link rename open)))
+ (allow process logfile (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
+ (allow process auditd_log_t (dir (ioctl read write getattr lock search open)))
+ (allow process auditd_log_t (file (ioctl read write getattr lock open)))
+ )
)
diff --git a/udica/templates/net_container.cil b/udica/templates/net_container.cil
index f839ed3..a89d548 100644
--- a/udica/templates/net_container.cil
+++ b/udica/templates/net_container.cil
@@ -1,25 +1,25 @@
(block net_container
- (blockinherit container)
- (typeattributeset sandbox_net_domain (process))
+ (optional net_container_optional
+ (typeattributeset sandbox_net_domain (process))
+ )
)
(block restricted_net_container
- (blockinherit container)
+ (optional restricted_net_container_optional
+ (allow process process (tcp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create listen accept)))
+ (allow process process (udp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create)))
+ (allow process process (sctp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create)))
- (allow process process (tcp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create listen accept)))
- (allow process process (udp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create)))
- (allow process process (sctp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create)))
+ (allow process proc_t (lnk_file (read)))
- (allow process proc_t (lnk_file (read)))
+ (allow process node_t (node (tcp_recv tcp_send recvfrom sendto)))
+ (allow process node_t (node (udp_recv recvfrom)))
+ (allow process node_t (node (udp_send sendto)))
- (allow process node_t (node (tcp_recv tcp_send recvfrom sendto)))
- (allow process node_t (node (udp_recv recvfrom)))
- (allow process node_t (node (udp_send sendto)))
+ (allow process node_t (udp_socket (node_bind)))
+ (allow process node_t (tcp_socket (node_bind)))
- (allow process node_t (udp_socket (node_bind)))
- (allow process node_t (tcp_socket (node_bind)))
-
- (allow process http_port_t (tcp_socket (name_connect)))
- (allow process http_port_t (tcp_socket (recv_msg send_msg)))
+ (allow process http_port_t (tcp_socket (name_connect)))
+ (allow process http_port_t (tcp_socket (recv_msg send_msg)))
+ )
)
-
diff --git a/udica/templates/tmp_container.cil b/udica/templates/tmp_container.cil
index 3b3e940..c2a899b 100644
--- a/udica/templates/tmp_container.cil
+++ b/udica/templates/tmp_container.cil
@@ -1,15 +1,15 @@
(block tmp_container
- (blockinherit container)
-
- (allow process tmpfile (dir (getattr search open)))
- (allow process tmpfile (file (ioctl read getattr lock open)))
-
+ (optional tmp_container_optional
+ (allow process tmpfile (dir (getattr search open)))
+ (allow process tmpfile (file (ioctl read getattr lock open)))
+ )
)
(block tmp_rw_container
- (blockinherit tmp_container)
-
- (allow process tmpfile (file (ioctl read write getattr lock append open)))
- (allow process tmpfile (dir (ioctl read write getattr lock append open)))
+ (blockinherit tmp_container)
+ (optional tmp_rw_container_optional
+ (allow process tmpfile (file (ioctl read write getattr lock append open)))
+ (allow process tmpfile (dir (ioctl read write getattr lock append open)))
+ )
)
diff --git a/udica/templates/tty_container.cil b/udica/templates/tty_container.cil
index 444b5f8..7a5522e 100644
--- a/udica/templates/tty_container.cil
+++ b/udica/templates/tty_container.cil
@@ -1,10 +1,9 @@
(block tty_container
- (blockinherit container)
+ (optional tty_container_optional
+ (allow process device_t (dir (getattr search open)))
+ (allow process device_t (dir (ioctl read getattr lock search open)))
+ (allow process device_t (lnk_file (read getattr)))
- (allow process device_t (dir (getattr search open)))
- (allow process device_t (dir (ioctl read getattr lock search open)))
- (allow process device_t (lnk_file (read getattr)))
-
- (allow process devtty_t (chr_file (ioctl read write getattr lock append open)))
+ (allow process devtty_t (chr_file (ioctl read write getattr lock append open)))
+ )
)
-
diff --git a/udica/templates/virt_container.cil b/udica/templates/virt_container.cil
index 8ecae54..0728eba 100644
--- a/udica/templates/virt_container.cil
+++ b/udica/templates/virt_container.cil
@@ -1,16 +1,14 @@
(block virt_container
- (blockinherit container)
+ (optional virt_container_optional
+ (allow process var_t (dir (getattr search open)))
+ (allow process var_t (lnk_file (read getattr)))
- (allow process var_t (dir (getattr search open)))
- (allow process var_t (lnk_file (read getattr)))
+ (allow process var_run_t (dir (getattr search open)))
+ (allow process var_run_t (lnk_file (read getattr)))
- (allow process var_run_t (dir (getattr search open)))
- (allow process var_run_t (lnk_file (read getattr)))
-
- (allow process virt_var_run_t (dir (getattr search open)))
- (allow process virt_var_run_t (sock_file (write getattr append open)))
-
- (allow process virtd_t (unix_stream_socket (connectto)))
+ (allow process virt_var_run_t (dir (getattr search open)))
+ (allow process virt_var_run_t (sock_file (write getattr append open)))
+ (allow process virtd_t (unix_stream_socket (connectto)))
+ )
)
-
diff --git a/udica/templates/x_container.cil b/udica/templates/x_container.cil
index ee7441e..0a6ddb9 100644
--- a/udica/templates/x_container.cil
+++ b/udica/templates/x_container.cil
@@ -1,27 +1,25 @@
(block x_container
- (blockinherit container)
+ (optional x_container_optional
+ (allow xserver_t process (shm (getattr read write associate unix_read unix_write lock)))
- (allow xserver_t process (shm (getattr read write associate unix_read unix_write lock)))
+ (allow process xserver_t (unix_stream_socket (connectto)))
- (allow process xserver_t (unix_stream_socket (connectto)))
+ (allow process device_t (dir (getattr search open)))
- (allow process device_t (dir (getattr search open)))
+ (allow process dri_device_t (chr_file (ioctl read write getattr lock append open map)))
- (allow process dri_device_t (chr_file (ioctl read write getattr lock append open map)))
+ (allow process xserver_misc_device_t (chr_file (ioctl read write getattr lock append open map)))
- (allow process xserver_misc_device_t (chr_file (ioctl read write getattr lock append open map)))
+ (allow process urandom_device_t (chr_file (open read)))
- (allow process urandom_device_t (chr_file (open read)))
+ (allow process tmpfs_t (dir (getattr search open)))
- (allow process tmpfs_t (dir (getattr search open)))
+ (allow process tmp_t (dir (getattr search open)))
+ (allow process tmp_t (lnk_file (read getattr)))
- (allow process tmp_t (dir (getattr search open)))
- (allow process tmp_t (lnk_file (read getattr)))
-
- (allow process xserver_tmp_t (dir (getattr search open)))
- (allow process xserver_tmp_t (sock_file (write getattr append open)))
-
- (allow process xserver_exec_t (file (ioctl read getattr lock map execute execute_no_trans open)))
+ (allow process xserver_tmp_t (dir (getattr search open)))
+ (allow process xserver_tmp_t (sock_file (write getattr append open)))
+ (allow process xserver_exec_t (file (ioctl read getattr lock map execute execute_no_trans open)))
+ )
)
-
--
2.30.2

203
SPECS/udica.spec Normal file
View File

@ -0,0 +1,203 @@
Summary: A tool for generating SELinux security policies for containers
Name: udica
Version: 0.2.5
Release: 2%{?dist}
Source0: https://github.com/containers/udica/archive/v%{version}.tar.gz
Patch001: 0001-Update-templates-to-work-properly-with-new-cil-parse.patch
License: GPLv3+
BuildArch: noarch
Url: https://github.com/containers/udica
%if 0%{?fedora} || 0%{?rhel} > 7
BuildRequires: python3 python3-devel python3-setuptools
Requires: python3 python3-libsemanage python3-libselinux
%else
BuildRequires: python2 python2-devel python2-setuptools
Requires: python2 libsemanage-python libselinux-python
%endif
%description
Tool for generating SELinux security profiles for containers based on
inspection of container JSON file.
%prep
%autosetup -p 1
%build
%if 0%{?fedora} || 0%{?rhel} > 7
%{__python3} setup.py build
%else
%{__python2} setup.py build
%endif
%install
install --directory %%{buildroot}%{_datadir}/udica/templates
%if 0%{?fedora} || 0%{?rhel} > 7
%{__python3} setup.py install --single-version-externally-managed --root=%{buildroot}
%else
%{__python2} setup.py install --single-version-externally-managed --root=%{buildroot}
%endif
install --directory %{buildroot}%{_mandir}/man8
install -m 0644 udica/man/man8/udica.8 %{buildroot}%{_mandir}/man8/udica.8
%files
%{_mandir}/man8/udica.8*
%{_bindir}/udica
%dir %{_datadir}/udica
%dir %{_datadir}/udica/ansible
%dir %{_datadir}/udica/templates
%{_datadir}/udica/ansible/*
%{_datadir}/udica/templates/*
%if 0%{?fedora} || 0%{?rhel} > 7
%license LICENSE
%{python3_sitelib}/udica/
%{python3_sitelib}/udica-*.egg-info
%else
%{_datarootdir}/licenses/udica/LICENSE
%{python2_sitelib}/udica/
%{python2_sitelib}/udica-*.egg-info
%endif
%changelog
* Fri Aug 27 2021 Jindrich Novy <jnovy@redhat.com> - 0.2.5-2
- New rebase https://github.com/containers/udica/releases/tag/v0.2.5 (#1995041)
- Replace capability dictionary with str.lower()
- Enable udica to generate policies with fifo class
- Sort container inspect data before processing
- Update templates to work properly with new cil parser
- Related: #1970747
* Thu Aug 26 2021 Jindrich Novy <jnovy@redhat.com> - 0.2.5-1
- update to https://github.com/containers/udica/releases/tag/v0.2.5
* Wed Aug 04 2021 Jindrich Novy <jnovy@redhat.com> - 0.2.4-4
- remove %%check again and all related BRs
- Related: #1970747
* Tue Jun 15 2021 Jindrich Novy <jnovy@redhat.com> - 0.2.4-3
- remove %%check again and all related BRs
- Related: #1970747
* Sun Dec 13 2020 Lukas Vrabec <lvrabec@redhat.com> - 0.2.4-2
- Add %%check section to run basic tests during rpm build process
* Wed Nov 25 2020 Lukas Vrabec <lvrabec@redhat.com> - 0.2.4-1
- New rebase https://github.com/containers/udica/releases/tag/v0.2.4
* Thu Aug 13 2020 Lukas Vrabec <lvrabec@redhat.com> - 0.2.3-1
- New rebase https://github.com/containers/udica/releases/tag/v0.2.3
* Mon Aug 03 2020 Lukas Vrabec <lvrabec@redhat.com> - 0.2.2-1
- New rebase https://github.com/containers/udica/releases/tag/v0.2.2
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.2.1-3
- Rebuilt for Python 3.9
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Oct 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.2.1-1
- New rebase https://github.com/containers/udica/releases/tag/v0.2.1
* Wed Sep 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.2.0-1
- New rebase https://github.com/containers/udica/releases/tag/v0.2.0
* Wed Aug 28 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.9-1
- Update tests test_basic.podman.cil, test_basic.docker.cil. Round 2
- New rebase https://github.com/containers/udica/releases/tag/v0.1.9
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.1.8-3
- Rebuilt for Python 3.8
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jul 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.8-1
- New rebase https://github.com/containers/udica/releases/tag/v0.1.8
* Wed Jun 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.7-1
- New rebase with upstream adding new param --ansible, to generate ansible playbook for deploying policies. https://github.com/containers/udica/releases/tag/v0.1.7
* Thu May 16 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.6-1
- New rebase with upstream adding new tests
* Tue Apr 30 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.5-2
- Add allow rules for container_runtime_t to base_container.cil, Podman version 1.2.0 requires new allow rules.
* Fri Apr 19 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.5-1
- Create mock selinux and semanage module
- Update testing section in README
- Add travis file for Travis CI
- Grammar fixes in the udica.8 manpage file
- Support port ranges (Resolves: #16)
- Test port ranges
* Mon Mar 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.4-1
- Fix minor problems reported by pylint #11
- Catch FileNotFoundError when inspecting containers #12
- Create basic tests #13
- Restore working directory #14
- udica cannot use the container ID once it is provided #10
* Mon Feb 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.3-4
- Update manpage with the latest known bug described in https://github.com/containers/udica/issues/8
- Add check if runtimes are installed on the system
* Sun Feb 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.3-3
- Improve capability parsing for docker containers
- Update small changes in manpage, like issue with mandatory option '-c' for docker containers
- Fix parsing Mountpoints in docker inspect JSON file
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 23 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.3-1
- Fix capability allow rules when capabilities are specified in JSON file
- Add additional SELinux allow rules to base container template to allow container to read proc_type types.
* Fri Jan 04 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.2-1
- Fix invalid syntax output when policy is using just one template
Resolves: #6
* Tue Oct 23 2018 Lukas Vrabec <lvrabec@redhat.com> - 0.1.1-2
- Fix small issues in spec file like improve description and change files section.
* Mon Oct 22 2018 Lukas Vrabec <lvrabec@redhat.com> - 0.1.1-1
- Add proper shebang to all source files
- Add License to all source files
* Sat Oct 13 2018 Lukas Vrabec <lvrabec@redhat.com> - 0.1.0-1
- Add support for docker containers
* Mon Oct 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 0.0.5-1
- Update x_container template based on testing container related to Nvidia Cuda operations
* Mon Oct 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 0.0.4-2
- Build udica on Red Hat Enterprise Linux 7 with python version 2
* Mon Oct 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 0.0.4-1
- Add manpages
- Add support for communicating with libvirt daemon
- Add support for communicating with X server.
- Add support for read/write to the controlling terminal
* Sun Oct 07 2018 Lukas Vrabec <lvrabec@redhat.com> - 0.0.3-1
- Remove required parameters -i or -j and added support for reading json file from stdin.
- Remove "-n" or "--name" parameter. Name of the container will be required for this tool
* Tue Sep 25 2018 Lukas Vrabec <lvrabec@redhat.com> - 0.0.2-1
- Use subprocess.Popen instead of subprocess.run for inspecting to support also python2
* Thu Sep 20 2018 Lukas Vrabec <lvrabec@redhat.com> - 0.0.1-3
- Update readme and setup.py files after migration to github
* Sun Sep 16 2018 Lukas Vrabec <lvrabec@redhat.com> - 0.0.1-2
- Update LICENSE
- Improve %%files section
* Sun Sep 16 2018 Lukas Vrabec <lvrabec@redhat.com> - 0.0.1-1
- Initial build