From d19c155ac23fd6b9d994f9c0290fd51272249519 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Feb 01 2022 20:16:56 +0000 Subject: import container-selinux-2.173.0-1.module+el8.5.0+13852+150547f7 --- diff --git a/.container-selinux.metadata b/.container-selinux.metadata index e0a457b..732bf72 100644 --- a/.container-selinux.metadata +++ b/.container-selinux.metadata @@ -1 +1 @@ -98b7f05ef0e86a3c21f9da1c315eb0f9a1c58df4 SOURCES/v2.167.0.tar.gz +e605130ee67af1c4224007eda8cdb19ae33c4df5 SOURCES/v2.173.0.tar.gz diff --git a/.gitignore b/.gitignore index 60737f9..67eeaec 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/v2.167.0.tar.gz +SOURCES/v2.173.0.tar.gz diff --git a/SOURCES/rhel-fix.patch b/SOURCES/rhel-fix.patch deleted file mode 100644 index 90293df..0000000 --- a/SOURCES/rhel-fix.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up container-selinux-2.161.1/container.te.orig container-selinux-2.161.1/container.te ---- container-selinux-2.161.1/container.te.orig 2021-05-06 14:55:57.952216763 +0200 -+++ container-selinux-2.161.1/container.te 2021-05-06 14:56:02.027287991 +0200 -@@ -114,7 +114,7 @@ mls_trusted_object(container_runtime_t) - # - allow container_runtime_domain self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap sys_resource }; - allow container_runtime_domain self:tun_socket { create_socket_perms relabelto }; --allow container_runtime_domain self:lockdown { confidentiality integrity }; -+#allow container_runtime_domain self:lockdown { confidentiality integrity }; - allow container_runtime_domain self:process ~setcurrent; - allow container_runtime_domain self:passwd rootok; - allow container_runtime_domain self:fd use; diff --git a/SPECS/container-selinux.spec b/SPECS/container-selinux.spec index be8a3bb..b7c081d 100644 --- a/SPECS/container-selinux.spec +++ b/SPECS/container-selinux.spec @@ -19,13 +19,12 @@ Epoch: 2 Name: container-selinux -Version: 2.167.0 +Version: 2.173.0 Release: 1%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/v%{version}.tar.gz -Patch0: rhel-fix.patch Patch1: container-selinux-1957904.patch BuildArch: noarch BuildRequires: git @@ -48,6 +47,7 @@ Obsoletes: %{name} <= 2:1.12.5-14 Obsoletes: docker-selinux <= 2:1.12.4-28 Provides: docker-selinux = %{epoch}:%{version}-%{release} Provides: docker-engine-selinux = %{epoch}:%{version}-%{release} +Conflicts: udica < 0.2.6-1 %description SELinux policy modules for use with container runtimes. @@ -67,6 +67,8 @@ install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/ser install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages install -d %{buildroot}/%{_datadir}/containers/selinux install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts +install -d %{buildroot}%{_datadir}/udica/templates +install -m 0644 udica-templates/*.cil %{buildroot}%{_datadir}/udica/templates # remove spec file rm -rf %{name}.spec @@ -106,8 +108,30 @@ fi %{_datadir}/selinux/* %dir %{_datadir}/containers/selinux %{_datadir}/containers/selinux/contexts +%dir %{_datadir}/udica/templates/ +%{_datadir}/udica/templates/* %changelog +* Wed Jan 12 2022 Jindrich Novy - 2:2.173.0-1 +- lockdown allow rule was removed +- Related: #2021990 + +* Fri Jan 07 2022 Jindrich Novy - 2:2.172.1-1 +- update to https://github.com/containers/container-selinux/releases/tag/v2.172.1 +- Related: #2021990 + +* Tue Nov 23 2021 Jindrich Novy - 2:2.172.0-1 +- update to https://github.com/containers/container-selinux/releases/tag/v2.172.0 +- Related: #2021990 + +* Thu Nov 11 2021 Jindrich Novy - 2:2.171.0-1 +- update to https://github.com/containers/container-selinux/releases/tag/v2.171.0 +- Related: #2021990 + +* Wed Nov 10 2021 Jindrich Novy - 2:2.170.0-1 +- update to https://github.com/containers/container-selinux/releases/tag/v2.170.0 +- Related: #2001445 + * Thu Aug 26 2021 Jindrich Novy - 2:2.167.0-1 - update to https://github.com/containers/container-selinux/releases/tag/v2.167.0 - Related: #1934415