diff --git a/.container-selinux.metadata b/.container-selinux.metadata index 59a8039..e9f60b0 100644 --- a/.container-selinux.metadata +++ b/.container-selinux.metadata @@ -1 +1 @@ -5f691321de41cc3e0713996942b6adfc61f1679b SOURCES/container-selinux-85ce147.tar.gz +71846eb29392a82fe433cd9bd6d979b4f1dc52ca SOURCES/container-selinux-86f33cd.tar.gz diff --git a/.gitignore b/.gitignore index 68e8ed1..91c022f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/container-selinux-85ce147.tar.gz +SOURCES/container-selinux-86f33cd.tar.gz diff --git a/SPECS/container-selinux.spec b/SPECS/container-selinux.spec index 5cec104..8d0e15f 100644 --- a/SPECS/container-selinux.spec +++ b/SPECS/container-selinux.spec @@ -2,7 +2,7 @@ # container-selinux %global git0 https://github.com/projectatomic/%{name} -%global commit0 85ce14731cafb3cfc25d7f4ce99fd9c7c85ad81c +%global commit0 86f33cdfe059cdb1361ab8468caa90c9f95c4176 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -17,14 +17,14 @@ %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; # Relabel files -%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || : +%global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* /etc/docker &> /dev/null || : # Version of SELinux we were using %global selinux_policyver 3.13.1-39 Name: container-selinux Epoch: 2 -Version: 2.28 +Version: 2.33 Release: 1.git%{shortcommit0}%{?dist} License: GPLv2 URL: %{git0} @@ -109,7 +109,26 @@ fi %{_datadir}/selinux/* %changelog -* Mon Oct 9 2017 Dan Walsh - 2:2.28-.git85ce147 +* Wed Nov 8 2017 Dan Walsh - 2.33-1 +- Allow containers to read /etc/resolv.conf and /etc/hosts if volume +- mounted into container. + +* Wed Nov 8 2017 Dan Walsh - 2.32-1 +- Make sure users creating content in /var/lib with right labels + +* Thu Oct 26 2017 Dan Walsh - 2.31-1 +- Allow the container runtime to dbus chat with dnsmasq +- add dontaudit rules for container trying to write to /proc + +* Wed Oct 25 2017 Dan Walsh - 2:2.30-2.git7f2de1a +- Relabel /etc/docker directory + +* Wed Oct 11 2017 Dan Walsh - 2:2.30-1.git7f2de1a +- bump to v2.30 +- Allow containers to create files on tmpfs file systems +- Dontaudit containers attempts to write to /proc + +* Mon Oct 9 2017 Dan Walsh - 2:2.28-1.git85ce147 - bump to v2.28 * Tue Sep 26 2017 Lokesh Mandvekar - 2:2.24-1.gitaeff029