diff --git a/.container-selinux.metadata b/.container-selinux.metadata index 5e99e78..1604f83 100644 --- a/.container-selinux.metadata +++ b/.container-selinux.metadata @@ -1 +1 @@ -52cb5287ed7935b6aa1c227966a2e0dd24303bff SOURCES/container-selinux-453b816.tar.gz +1ce330e5a0753c231717cea9a619faecef0bc338 SOURCES/container-selinux-661a904.tar.gz diff --git a/.gitignore b/.gitignore index 02c5c24..f7111f0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/container-selinux-453b816.tar.gz +SOURCES/container-selinux-661a904.tar.gz diff --git a/SPECS/container-selinux.spec b/SPECS/container-selinux.spec index 78e94be..7338256 100644 --- a/SPECS/container-selinux.spec +++ b/SPECS/container-selinux.spec @@ -1,8 +1,8 @@ %global debug_package %{nil} # container-selinux -%global git0 https://github.com/projectatomic/%{name} -%global commit0 453b816c74ca17ca891d44a4036a38ea8b3c6593 +%global git0 https://github.com/containers/container-selinux +%global commit0 661a9045800eb200bfbf8d6dd345b941ed0897f8 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) @@ -22,15 +22,14 @@ # Version of SELinux we were using %global selinux_policyver 3.14.3-9.el8 -Name: container-selinux Epoch: 2 -Version: 2.107 +Name: container-selinux +Version: 2.123.0 Release: 2%{?dist} License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz -#Patch0: rhel.patch BuildArch: noarch BuildRequires: git BuildRequires: pkgconfig(systemd) @@ -57,7 +56,7 @@ Provides: docker-engine-selinux = %{epoch}:%{version}-%{release} SELinux policy modules for use with container runtimes. %prep -%autosetup -Sgit -n %{name}-%{commit0} +%autosetup -Sgit -n %{name}-%{commit0} %build make @@ -78,18 +77,23 @@ rm -rf %{name}.spec %post # Install all modules in a single transaction if [ $1 -eq 1 ]; then - %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 + %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null %{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null %{_sbindir}/semodule -n -X 200 -s %{selinuxtype} -i $MODULES > /dev/null +if [ $? -ne 0 ]; then + echo "Error loading SELinux module." >&2 + return 1 +fi if %{_sbindir}/selinuxenabled ; then %{_sbindir}/load_policy %relabel_files if [ $1 -eq 1 ]; then - restorecon -R %{_sharedstatedir}/docker &> /dev/null || : + restorecon -R %{_sharedstatedir}/docker &> /dev/null || : + restorecon -R %{_sharedstatedir}/containers &> /dev/null || : fi fi . %{_sysconfdir}/selinux/config @@ -113,6 +117,22 @@ fi %{_datadir}/selinux/* %changelog +* Tue Nov 26 2019 Jindrich Novy - 2:2.123.0-1 +- update to 2.123.0 +- Related: #1774382 + +* Mon Nov 25 2019 Jindrich Novy - 2:2.122.0-1 +- update to 2.122.0 +- Resolves: #1774382 + +* Thu Nov 21 2019 Jindrich Novy - 2:2.119.0-3.gita233788 +- update to 2.119.0 master branch +- Resolves: #1764318 + +* Thu Oct 17 2019 Jindrich Novy - 2:2.116-1 +- update to 2.116 + Resolves: #1764318 + * Tue Aug 13 2019 Jindrich Novy - 2:2.107-2 - Use at least selinux policy 3.14.3-9.el8, Resolves: #1728700