From b23639f3e5cc1b76b40fbb23f9fd5b6e608e3260 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 21 2020 16:11:36 +0000 Subject: import container-selinux-2.124.0-1.module+el8.2.0+5182+3136e5d4 --- diff --git a/.container-selinux.metadata b/.container-selinux.metadata index 5e99e78..9cb12a0 100644 --- a/.container-selinux.metadata +++ b/.container-selinux.metadata @@ -1 +1 @@ -52cb5287ed7935b6aa1c227966a2e0dd24303bff SOURCES/container-selinux-453b816.tar.gz +b1b7c2f65716bc8e5a7911494ea19c0792cc13ad SOURCES/container-selinux-f958d0c.tar.gz diff --git a/.gitignore b/.gitignore index 02c5c24..44da998 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/container-selinux-453b816.tar.gz +SOURCES/container-selinux-f958d0c.tar.gz diff --git a/SPECS/container-selinux.spec b/SPECS/container-selinux.spec index 27ad65d..68c1132 100644 --- a/SPECS/container-selinux.spec +++ b/SPECS/container-selinux.spec @@ -1,8 +1,8 @@ %global debug_package %{nil} # container-selinux -%global git0 https://github.com/projectatomic/%{name} -%global commit0 453b816c74ca17ca891d44a4036a38ea8b3c6593 +%global git0 https://github.com/containers/container-selinux +%global commit0 f958d0cee4099f79890247ec64b57502b3acdb9f %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -16,21 +16,17 @@ # Format must contain '$x' somewhere to do anything useful %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; -# Relabel files -%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*podman* %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : - # Version of SELinux we were using -%global selinux_policyver 3.13.1-216.el7 +%global selinux_policyver 3.14.3-9.el8 -Name: container-selinux Epoch: 2 -Version: 2.107 +Name: container-selinux +Version: 2.124.0 Release: 1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz -#Patch0: rhel.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) @@ -57,7 +53,7 @@ Provides: docker-engine-selinux = %{epoch}:%{version}-%{release} SELinux policy modules for use with container runtimes. %prep -%autosetup -Sgit -n %{name}-%{commit0} +%autosetup -Sgit -n %{name}-%{commit0} %build make @@ -75,36 +71,31 @@ rm -rf %{name}.spec %check +%pre +%selinux_relabel_pre -s %{selinuxtype} + %post # Install all modules in a single transaction if [ $1 -eq 1 ]; then - %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 + %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null %{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null -%{_sbindir}/semodule -n -X 200 -s %{selinuxtype} -i $MODULES > /dev/null -if %{_sbindir}/selinuxenabled ; then - %{_sbindir}/load_policy - %relabel_files - if [ $1 -eq 1 ]; then - restorecon -R %{_sharedstatedir}/docker &> /dev/null || : - fi -fi +%selinux_modules_install -s %{selinuxtype} $MODULES . %{_sysconfdir}/selinux/config sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || : %postun if [ $1 -eq 0 ]; then -%{_sbindir}/semodule -n -r %{modulenames} docker &> /dev/null || : -if %{_sbindir}/selinuxenabled ; then -%{_sbindir}/load_policy -%relabel_files -fi +%selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker fi +%posttrans +%selinux_relabel_post -s %{selinuxtype} + #define license tag if not already defined %{!?_licensedir:%global license %doc} @@ -113,6 +104,51 @@ fi %{_datadir}/selinux/* %changelog +* Wed Dec 11 2019 Jindrich Novy - 2:2.124.0-1 +- update to 2.124.0 +- Related: RHELPLAN-25139 + +* Fri Dec 06 2019 Jindrich Novy - 2:2.123.0-2 +- implement spec file refactoring by Zdenek Pytela, namely: + Change the uninstall command in the %postun section of the specfile + to use the %selinux_modules_uninstall macro which uses priority 200. + Change the install command in the %post section if the specfile + to use the %selinux_modules_install macro. + Replace relabel commands with using the %selinux_relabel_pre and + %selinux_relabel_post macros. + Change formatting so that the lines are vertically aligned + in the %postun section. + (https://github.com/containers/container-selinux/pull/85) +- Related: RHELPLAN-25139 + +* Tue Nov 26 2019 Jindrich Novy - 2:2.123.0-1 +- update to 2.123.0 +- Related: RHELPLAN-25139 + +* Mon Nov 25 2019 Jindrich Novy - 2:2.122.0-1 +- update to 2.122.0 +- Related: RHELPLAN-25139 + +* Thu Nov 21 2019 Jindrich Novy - 2:2.119.0-3.gita233788 +- update to master container-selinux - bug 1769469 +- Related: RHELPLAN-25139 + +* Tue Nov 19 2019 Jindrich Novy - 2:2.119.0-2 +- fix post scriptlet - fail if semodule fails - bug 1729272 +- Related: RHELPLAN-25139 + +* Fri Nov 08 2019 Jindrich Novy - 2:2.119.0-1 +- update to 2.119.0 +- Related: RHELPLAN-25139 + +* Thu Oct 17 2019 Jindrich Novy - 2:2.116-1 +- update to 2.116 + Resolves: #1748519 + +* Tue Aug 13 2019 Jindrich Novy - 2:2.107-2 +- Use at least selinux policy 3.14.3-9.el8, + Resolves: #1728700 + * Fri Jun 14 2019 Lokesh Mandvekar - 2:2.107-1 - Resolves: #1720654 - rebase to v2.107