diff --git a/.container-selinux.metadata b/.container-selinux.metadata index d615c5d..8caf90a 100644 --- a/.container-selinux.metadata +++ b/.container-selinux.metadata @@ -1 +1 @@ -85965eff2fe92df14ab0d8acafc8ba98a73d4d7d SOURCES/container-selinux-871b7da.tar.gz +9de050fff1c065e29d2d69f619eadade6f892f0d SOURCES/container-selinux-c57a6f9.tar.gz diff --git a/.gitignore b/.gitignore index 4b1bcac..3b08ca0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/container-selinux-871b7da.tar.gz +SOURCES/container-selinux-c57a6f9.tar.gz diff --git a/SPECS/container-selinux.spec b/SPECS/container-selinux.spec index be25f7b..29ae452 100644 --- a/SPECS/container-selinux.spec +++ b/SPECS/container-selinux.spec @@ -1,8 +1,8 @@ %global debug_package %{nil} # container-selinux -%global git0 https://github.com/containers/%{name} -%global commit0 871b7da9f70f1a146f2784419f7c5ecf1296563c +%global git0 https://github.com/containers/container-selinux +%global commit0 c57a6f9dc5ba77606a7ca541065e3a1e9e00f11e %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -22,10 +22,10 @@ # Version of SELinux we were using %global selinux_policyver 3.13.1-216.el7 -Name: container-selinux Epoch: 2 -Version: 2.107 -Release: 3%{?dist} +Name: container-selinux +Version: 2.119.1 +Release: 1.%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes @@ -40,7 +40,6 @@ Requires: selinux-policy >= %{selinux_policyver} Requires(post): selinux-policy-base >= %{selinux_policyver} Requires(post): selinux-policy-targeted >= %{selinux_policyver} Requires(post): policycoreutils >= 2.5-11 - %if 0%{?rhel} > 7 || 0%{?fedora} Requires(post): policycoreutils-python-utils %else @@ -57,7 +56,8 @@ Provides: docker-engine-selinux = %{epoch}:%{version}-%{release} SELinux policy modules for use with container runtimes. %prep -%autosetup -Sgit -n %{name}-%{commit0} +%autosetup -Sgit -n %{name}-%{commit0} +# this fixes container.te:486:ERROR 'syntax error' at token 'fs_manage_fusefs_named_sockets' on line 18289 sed -i '/fs_manage_fusefs_named_pipes(container_domain)/d' container.te sed -i '/fs_manage_fusefs_named_sockets(container_domain)/d' container.te @@ -80,7 +80,7 @@ rm -rf %{name}.spec %post # Install all modules in a single transaction if [ $1 -eq 1 ]; then - %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 + %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null @@ -91,12 +91,12 @@ if [ $? -ne 0 ]; then echo "Error loading SELinux module." >&2 return 1 fi - if %{_sbindir}/selinuxenabled ; then %{_sbindir}/load_policy %relabel_files if [ $1 -eq 1 ]; then restorecon -R %{_sharedstatedir}/docker &> /dev/null || : + restorecon -R %{_sharedstatedir}/containers &> /dev/null || : fi fi . %{_sysconfdir}/selinux/config @@ -120,6 +120,10 @@ fi %{_datadir}/selinux/* %changelog +* Wed Dec 04 2019 Jindrich Novy - 2:2.119.1-2.c57a6f9 +- update to 2.119.1 RHEL7 branch +- Related: RHELPLAN-26239 + * Fri Aug 02 2019 Jindrich Novy - 2:2.107-3 - use 2.107 in RHEL7u7 - add build.sh script