Commit Graph

52 Commits

Author SHA1 Message Date
Vit Mojzis
879af9f4cc udica-0.2.7
New release https://github.com/containers/udica/releases/tag/v0.2.7

- Add support for containerd via "nerdctl inspect"
- Avoid duplicate rules for accessing mounts and devices

Fixes:
  https://github.com/containers/udica/issues/90
  https://github.com/containers/udica/issues/7
Related:
  https://github.com/containers/udica/issues/84
2022-06-22 14:43:27 +02:00
Python Maint
b78fa64042 Rebuilt for Python 3.11 2022-06-13 15:42:40 +02:00
Vit Mojzis
1d04ad9053 udica-0.2.6-4
- Improve label collection for mounts and devices

Fixes:
  https://github.com/containers/udica/issues/98
  https://github.com/containers/udica/issues/109
2022-05-02 15:59:53 +02:00
Vit Mojzis
d433a427be tests/Sanity: Use centos-stream 8 container
CentOS-8 is EOL.

Fixes:
  :: [ 08:38:17 ] :: [  BEGIN   ] :: Running 'podman exec test yum install nmap-ncat -y'
  CentOS Linux 8 - AppStream                       31  B/s |  38  B     00:01
  Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: No URLs in mirrorlist
2022-02-10 13:42:16 +01:00
Fedora Release Engineering
e10e896cd4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-22 03:24:15 +00:00
Vit Mojzis
f42dfe4da4 udica-0.2.6-2
- Make sure each section of the inspect exists before accessing

Fixes:
        https://github.com/containers/udica/issues/103
        https://github.com/containers/udica/issues/105
2021-11-11 18:15:09 +01:00
Vit Mojzis
4eba9fb544 udica-0.2.6-1
- New release https://github.com/containers/udica/releases/tag/v0.2.6
- Move policy templates to container-selinux repo
2021-09-30 09:41:26 +02:00
Vit Mojzis
7ea190fa1e tests: Require container-selinux
Policy templates where moved to container-selinux package and udica
doesn't work properly without them.

Sanity test temporarily needs git for downloading policy templates.
Those will soon be available via container-selinux.

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2021-09-30 09:41:20 +02:00
Vit Mojzis
c1190761ae udica-0.2.5-1
- New rebase https://github.com/containers/udica/releases/tag/v0.2.5
- Replace capability dictionary with str.lower()
- Enable udica to generate policies with fifo class
- Sort container inspect data before processing
- Update templates to work properly with new cil parser
2021-08-26 18:54:12 +02:00
Lukas Vrabec
41b007ecf3 Update 'tests/sanity' to include more containers
Sanity testcase generates SELinux policy just for one container
"fedora:latest". Testcase should test generating SELinux policy also for
Fedora Rawhide container, RHEL universal base image {7,8} and centos containers
2021-08-20 11:48:36 +02:00
Fedora Release Engineering
aa4e7af453 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-23 19:55:18 +00:00
Python Maint
cdec489222 Rebuilt for Python 3.10 2021-06-04 21:18:38 +02:00
Vit Mojzis
d4f16fdce9 Revert "Add %check section to run basic tests during rpm build process"
The check is not necessary since it's part of the CI and brings needless
dependencies.

This reverts commits fa6f003ec4 and
4dc4b32e96.
2021-03-09 20:51:07 +01:00
Fedora Release Engineering
1adfa9bfe1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-27 22:33:53 +00:00
Tom Stellard
4dc4b32e96 Add BuildRequires: make
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
2021-01-12 01:32:30 +00:00
Lukas Vrabec
fa6f003ec4
* Sun Dec 13 2020 Lukas Vrabec <lvrabec@redhat.com> - 0.2.4-2
- Add %check section to run basic tests during rpm build process
2020-12-13 15:23:31 +01:00
Lukas Vrabec
651491f476
* Wed Nov 25 2020 Lukas Vrabec <lvrabec@redhat.com> - 0.2.4-1
- New rebase https://github.com/containers/udica/releases/tag/v0.2.4
2020-11-25 18:12:12 +01:00
Lukas Vrabec
e23d97dbf9
* Thu Aug 13 2020 Lukas Vrabec <lvrabec@redhat.com> - 0.2.3-1
- New rebase https://github.com/containers/udica/releases/tag/v0.2.3
2020-08-13 17:35:37 +02:00
Lukas Vrabec
fe5d494410
* Mon Aug 03 2020 Lukas Vrabec <lvrabec@redhat.com> - 0.2.2-1
- New rebase https://github.com/containers/udica/releases/tag/v0.2.2
2020-08-03 19:06:03 +02:00
Fedora Release Engineering
40b7e49704 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-29 13:10:13 +00:00
Miro Hrončok
9f4d139c0d Rebuilt for Python 3.9 2020-05-26 03:53:49 +02:00
Fedora Release Engineering
6f387b8fff - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-31 02:26:26 +00:00
Lukas Vrabec
0bfe40deeb
* Fri Oct 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.2.1-1
- New rebase https://github.com/containers/udica/releases/tag/v0.2.1
2019-10-25 22:15:32 +02:00
Lukas Vrabec
10b8af4057
Fix CI tests on udica
In version v0.2.0 there is new makefile also for testing part, therefore
we changed how to execute tests. This commit fixes the Fedora CI.
2019-10-02 16:59:23 +02:00
Lukas Vrabec
c6e6561646
Remove patch which is already part of new rebase 2019-09-25 10:25:50 +02:00
Lukas Vrabec
889004a547
* Wed Sep 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.2.0-1
- New rebase https://github.com/containers/udica/releases/tag/v0.2.0
2019-09-25 10:20:25 +02:00
Lukas Vrabec
10b87117f0
Fix sanity test suite
Fix sanity test to pass on Fedora Rawhide and Fedora 30. Changes are
related to missing 'nc' command in container for which SELinux policy is
generated.
2019-08-28 13:28:59 +02:00
Lukas Vrabec
c78730bf59
* Wed Aug 28 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.9-1
- Update tests test_basic.podman.cil, test_basic.docker.cil. Round 2
- New rebase https://github.com/containers/udica/releases/tag/v0.1.9
2019-08-28 13:19:42 +02:00
Miro Hrončok
169e204028 Rebuilt for Python 3.8 2019-08-19 11:08:38 +02:00
Fedora Release Engineering
fa1600ac43 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-27 02:19:45 +00:00
Lukas Vrabec
808f498283
* Thu Jul 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.8-1
- New rebase https://github.com/containers/udica/releases/tag/v0.1.8
2019-07-11 13:08:38 +02:00
Lukas Vrabec
4312e208b7
Update spec file to include /usr/share/udica/ansible directory with all files. 2019-06-12 14:10:23 +02:00
Lukas Vrabec
5e1c32f75c
* Wed Jun 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.7-1
- New rebase with upstream adding new param --ansible, to generate ansible playbook for deploying policies. https://github.com/containers/udica/releases/tag/v0.1.7
2019-06-12 13:54:49 +02:00
Lukas Vrabec
0ed8760d59
Update tests suite with downstream test
Following commit adds new donwstream beakerlib sanity test
2019-06-11 11:07:59 +02:00
Lukas Vrabec
d41c9dc7d9
* Thu May 16 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.6-1
- New rebase with upstream adding new tests
2019-05-16 19:36:00 +02:00
Jan Zarsky
5a7674a653 Remove patches 2019-05-16 15:41:17 +02:00
Lukas Vrabec
5ac5425819 Merge #4 Run tests also with real selinux and semanage modules 2019-05-15 12:44:15 +00:00
Lukas Vrabec
7206c3348a Merge #3 [WIP] Add basic sanity integration tests 2019-05-15 12:43:18 +00:00
Jan Zarsky
05d2672bde Run tests with real selinux and semanage modules
The tests are by default using mock selinux and semanage modules. Rerun
the tests with real modules.
2019-05-07 11:52:54 +02:00
Jan Zarsky
f8f4c7531f Add an option for running tests with real modules
To simplify udica testing on Fedora, add an option that allows running
the tests with real system packages (selinux and semanage).
2019-05-07 11:52:54 +02:00
Lukas Vrabec
cc9c2dc124
* Tue Apr 30 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.5-2
- Add allow rules for container_runtime_t to base_container.cil, Podman version 1.2.0 requires new allow rules.
2019-04-30 14:12:42 +02:00
Jan Zarsky
0037a4e5ec Add basic sanity integration tests
Check that udica can create policy for both podman and docker
containers. Check that generated policy can be loaded. Check that
generated policy provides required access.
2019-04-30 09:50:17 +02:00
Lukas Vrabec
94598a163f
Add basic sanity tests 2019-04-25 14:27:33 +02:00
Lukas Vrabec
4aea2395ce
* Fri Apr 19 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.5-1
- Create mock selinux and semanage module
- Update testing section in README
- Add travis file for Travis CI
- Grammar fixes in the udica.8 manpage file
- Support port ranges (Resolves: #16)
- Test port ranges
2019-04-19 20:43:16 +02:00
Lukas Vrabec
003b3a8115
* Mon Mar 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.4-1
- Fix minor problems reported by pylint #11
- Catch FileNotFoundError when inspecting containers #12
- Create basic tests #13
- Restore working directory #14
- udica cannot use the container ID once it is provided #10
2019-03-11 13:44:57 +01:00
Lukas Vrabec
3cee827b9e
* Mon Feb 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.3-4
- Update manpage with the latest known bug described in https://github.com/containers/udica/issues/8
- Add check if runtimes are installed on the system
2019-02-25 23:08:35 +01:00
Lukas Vrabec
d575e66328
* Sun Feb 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.3-3
- Improve capability parsing for docker containers
- Update small changes in manpage, like issue with mandatory option '-c' for docker containers
- Fix parsing Mountpoints in docker inspect JSON file
2019-02-17 22:59:23 +01:00
Fedora Release Engineering
979ba3e195 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-03 10:40:11 +00:00
Lukas Vrabec
c30c477009
* Wed Jan 23 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.3-1
- Fix capability allow rules when capabilities are specified in JSON file
- Add additional SELinux allow rules to base container template to allow container to read proc_type types.
2019-01-23 17:13:07 +01:00
Lukas Vrabec
47068c8c1e
* Fri Jan 04 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.2-0
- Fix invalid syntax output when policy is using just one template
Resolves: #6
2019-01-04 00:32:08 +01:00