diff --git a/.container-selinux.metadata b/.container-selinux.metadata index d5156b3..bc4f7a1 100644 --- a/.container-selinux.metadata +++ b/.container-selinux.metadata @@ -1 +1 @@ -ada20c4a5f8bb4344f876a7c4583edf173db72ac SOURCES/container-selinux-54e47d5.tar.gz +2549409a31dfae4c65b28bf6169a88037917598d SOURCES/container-selinux-dfb449b.tar.gz diff --git a/.gitignore b/.gitignore index 22e0acb..28fd921 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/container-selinux-54e47d5.tar.gz +SOURCES/container-selinux-dfb449b.tar.gz diff --git a/SPECS/container-selinux.spec b/SPECS/container-selinux.spec index 4df8375..7a45e15 100644 --- a/SPECS/container-selinux.spec +++ b/SPECS/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/%{name} -%global commit0 54e47d53228d455e1270e0c8df5b1c9334bb90ef +%global commit0 dfb449b771ca4977bb7d5fb6cd7be3cfc14d6fca %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -17,14 +17,14 @@ %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; # Relabel files -%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : +%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*podman* %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : # Version of SELinux we were using -%global selinux_policyver 3.13.1-183 +%global selinux_policyver 3.13.1-192 Name: container-selinux Epoch: 2 -Version: 2.55 +Version: 2.66 Release: 1%{?dist} License: GPLv2 URL: %{git0} @@ -109,6 +109,34 @@ fi %{_datadir}/selinux/* %changelog +* Thu Jun 14 2018 Dan Walsh - 2.66-1 +- Allow dnsmasq to dbus chat with spc_t + +* Sun Jun 3 2018 Dan Walsh - 2.64-1 +- Allow containers to create all socket classes + +* Thu May 24 2018 Dan Walsh - 2.62-1 +- Label overlay directories under /var/lib/containers/ correctly + +* Mon May 21 2018 Dan Walsh - 2.61-1 +- Allow spc_t to load kernel modules from inside of container + +* Mon May 21 2018 Dan Walsh - 2.60-1 +- Allow containers to list cgroup directories +- Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t. + +* Mon May 21 2018 Dan Walsh - 2.58-2 +- Run restorecon /usr/bin/podman in postinstall + +* Fri May 18 2018 Dan Walsh - 2.58-1 +- Add labels to allow podman to be run from a systemd unit file + +* Mon May 7 2018 Dan Walsh - 2.57-1 +- Set the version of SELinux policy required to the latest to fix build issues. + +* Wed Apr 11 2018 Dan Walsh - 2.56-1 +- Allow container_runtime_t to transition to spc_t over unlabeled files + * Mon Mar 26 2018 Dan Walsh - 2.55-1 Allow iptables to read container state Dontaudit attempts from containers to write to /proc/self