container-selinux-2:2.21-2.gitba103ac.el7$>kspDpנ (>??xd, 0 X (.5K       @ p    ( #8 ,9 :'>@BGH8IXX`YlZ[\]^Sb"defltuvw4xTtCcontainer-selinux2.212.gitba103ac.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Y2c1bm.rdu2.centos.orgVCentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : fi fi #define license tag if not already defined&9JKA큤AAA큤A큤Y2YY2Y2Y2YY2Y2093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5db1f941df54f7efedf7ffe8cbd8d8c82b368e07abc6b919ed9ee170eafee06961d41d2c582c66dd0742ffd06fbf9cd497aad97ac73db3cdcac5f31a86e6914dbfrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.21-2.gitba103ac.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3YYoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWLokesh Mandvekar - 2:2.21-2.gitba103acLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Resolves: #1469792 - built @origin/RHEL-1.12 commit ba103ac- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.21-2.gitba103ac.el72:2.21-2.gitba103ac.el72:2.21-2.gitba103ac.el7 2:1.12.5-142:1.12.4-28container-selinux-2.21README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.21//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !PH6QL]"k%u#qXPNeR@Q]ɝS!Cc(Mxu^ ;)9p邋82'T!HwPjBb'4J&A5JڪXyr#~ka?$%RaxG=s2<&fHPЭ[2dW5S$Ҷ" ^0x"Ja l20 iW{/>eq-w^Os{NdsrB|(j!YǓP*0B+b|jZb;"` *nTb1'o%G<13qder7"'d PJ܍=Tәw8g`ZCXe2Ngf1q4S'XΞaw,9h.O@rO8y-x8єͱbG<.rZ"zciyrsHX@zFĆH9{bBȲ쫚VxGv+:*$M $9m.%VAu?SlVwʤ֪ |).&ưMKq QUN4ZBUŷGtx p)5Xʆ'bZ$ˌG]Dqk&Ի#im>.n*MBRξ7VAW| #AJ^ l (j@%,^vS?~=Q `+92)G=%n8t5gLh3A(K+J"l#!Q̖ïA ~Obp -ש Mb/,w\:+JPu<l.$`u<-7E/,(`4~ g8 æxC,m'9na0np"#H; |z`/^FT){Ɛ50d\M?y_t-ͻm2$U'N 𵦜ئC9tTʭ1g2LϺ?sq`. 3" h\+,54zes[ߩp#l9/ImO'A%- {P獎\W{΀?12TQ)2)q:KI@ nٱ4#iY.X7kw<@ܾ@)4CU5Z^mmbrrleD,H—8Z%y;vDt˖7͉_KhֱgZe⸀rY` ^[%4^SRy'"\2fO+w=QWo4sqJrP5?5МDݕTn(k4VFXMpng7Lk93)i;^}>)*tcKQTwj8cE\kyj æ\pH4.Pe^ y8**hdzC{-3n i!$a+pX}xr&=yHǂ^E}a)}x@ -bf!2Nş27]J#8٫ XwzVVǃ6WaNJc5لuԃkayO#NMS4 Do] *9V g۽˺*UV˼הƲ 0K\Z5a. /83 @f0qm>aZMCJWQk0YK\;ۊn%{?⚻<FA^{=xX B(ĄBB_:9@7$f \ ł I*"E)Ļr4*FKmøP_2Ũ~$c>apt2ɤl 11.)mއdm@GxX<-+nM5?pcS+ހ%*;T4yʋdk: S,=cq"DF!z0:WmK"اR13t`ut<7f¶,x {HnId]-?UDctyj:@!ӁZ+L)3x)'NYK4Ɠµ$ЀKD5.{Aѿc$:F;./Zi&>C%vK_r]믈yhs5L,W5z!B4vkc&Wtt|8PERR~+VWyī _Ô'ܽ{f%jY&'X%T;[^#3,Z?Ls;D#|iٱ \ 98ż b7wFr)" i?ۇxwj6]6",Hg2~%H1EʖN@,~3FNalSC˒rZb¼m̤IuHnD]PM%,D^_tRU{p_"=-MS!fq!B;r+*8E'#6IU^vh?`HaCP1Wq/Bn )o,_9,]:bUt*N2ӝ5/ '8;8a$G/o>>>0<)0Qky=,jwOϨ aPd bǿd)/aFlWIAcGsRR#y_Z)nl0³Ǖr o`[RMu|5J?iZ琖zZs0^DBwfSjm4/teh(R]l%ծBu!|S8Hg+LÆ{pZhWU41I}'(ϕ@,f+Ϳ VQE^˹yFEW;=>)6^64%pE }YGm|GL0#99K¶l@:UsޭWP'Ӡd}fN͆=$lf|.ֲXW Q#gp{;wOެM΂.nf&qܰD2$~[6_Be9+u|an#!+<,\~o!L(\/PxT}9'gL_l5~A($FKf;KPd7v7kG,V[geRI.+@hM z?lfUwNvݟTjHߵM˝y烘`S22/4$&זA6]knK\4oiC `o(gs,T .\Bh8xb-:_^_KJ͛,~U~*#όIpJ8)wf Q{v7$h;>wstfVqZ(0g1Էmؼ!}'OG U&*s^ Ԛ`{>Ia&#( I[̑4@oRj%s@v[^;kUw~BXttvX#\2Q,m}Goƌ7u64$>ߔZ6V!k:m,A~g2Ovk?9Z]gw1:(U:fUXYf*CVĸ+$p>5\(Ǟ!?=G_w0Snamzϝ€AJ0nv5D,~.ǠAudwJ̋r 7z(;6 gAYR*Cΰa$)MD 2Yv[34̺k,O #VJj_~~j v&![(PTT8*_Q7;VQ'IE,c'lWP2^X_Vɯ9VugȾNRGp0#7+3ԪS a0E$kMsrgThbA2BY/j. 滙Lk "tDYȷJ=?u|\Cf6p)^rjH(# ߈< (<DZoݟ~W\d09'>Jݨ"8 G FT5Ϲﵻ{ f*Vf]S/"8Xs;u>eܾ*OewQo'MN(uB{O7g@:a5O#OOiqs7 BނΏ'tYvC"m[t]"PNgEuvˮde"dID^+>bsQq&Gn@52nv^op#Ar[ms'hM﬿!G:XvG?Gx5nsʲND3QuUƑ>Bz,rQZPnU_/Q DbLsŕ7u#KZ7t bV0?_ނa9ɳwsQst@Wh5%+H scj3:! O"N*=s i%2{|`VO/f9Uq~/zC':vPTѽq3Hz4 #]Z #Љt C_qѪjQa*Q3^y"x(w &qKŧ' }Mҍꋮ}:zTc^a*ס_W`7&jP8@VChLӋAKkϳgыg,UKɻRSɔsP2<6 ؔ#uXX D{i7h5VIt:2Vna(!?8ݠ KFh];p#v?~ ѣ%dPvHH9R<֬%Z;s& x$>Wt=z/H !T9K3uiyX(D@8>5c^=cJg !ԤVdc2v-rRh e㦬sq1e"} ZybǦ2Tv.V~BI:nϣue4tUA &йwCHyOD()zLp"M$KXe+LC\IMdˋX~j[^9+0Iy8 H ~]a~)cPn -DOF. 14R4PG㖸h9G'ёx]pwzCXOe49X.ĄքWH[ZC ֚4R~zXI̝wb? wnzCV[G3#3r}UʶBbLwHʖw}W/ f^-¶lhr@nSkDZa/\F1Q(}QGi!Rm&UKi:~KRS-ȝivL^SXЗ_I r>u \M@|h $X*a~1=w"Wȿ]NßUcДu UtI 5S!;zCnYv7t厕P[z?9 EU-@sC͹.O$p!M&&ufFO$A]|r3~ˮcUT=A _!c{SPqE0TP,1O|(J@ӕTQS#^T?MYQU A$00$x^M$[Fݬ-Nc+Ri,> /1h;BPy^^Rg닊L$fAMCql߂; !w1jݑQ-O%'ʌLOG> ?+OQ Hxs#ّh5e A5,GX`>>(V5kRq૱u۪s?/H6 п<EHv"&>:%tvMWcJ6+LD:v*ouq5itU0o·}{h) ?9Jr5_8檧8x%Hj#@|H!XLQcTu*!?hmv,=Ԡ6J]*cބNX#0 bYIpP^&8{u?Z}-e].VPd.4{74cO#*D*[AWTH,2Qoo4-/$hwBX> 58UL.mx)?9F&l$sᤛFpv@?C弌FDGꐕyp_kRu )v耰8}]*7$E|?Zk!'uvYq `7p+ ]оjpBfYӼO`1]\NCqa8%YNGqqooyEphk5 (y~&b-FXS!^ͩq4KD|gR13.;/c?f Yd:= R]Χhʽ/ 8 (Jl^۪~!,t | \W^$yqƷ/;G9)cUZ ,=8%wX'ԍ>yYFu,} iۢx͚VA_&(zlN*K EZ.z^ -H61;z, ֌%h2c03^mSؙ9Akԯ(Ua-ڬտſs*}3e-?p4 ?(l98$ C^D H*NB+k6$w[yz_7O|fqp[ꭂ<ڇ@UJq Q ৹#މD1aͦ&kƋˑTAHi5)g5Ebq_i̤=٭T$ajLL pH}f6 6T.CPx>kw)52U@)ˊ *rWUs$EnvUpޭ h?rv!XYT B JNzb褅^K Kى`qV zmQ aq~m韖WK&$2@Y7OnFS @/Ay#q6?s/V Kݽ{FyKqaӉF &ewځrx`.Nh: .4LlyrA(<Ѥ(Ԅ?I`kV70=McL@O<IBży?DyIxtrI˹gfp(h C[OD2Jx zUK22f{ރBe.õ;fnAI![cu&16Ql)X=PZ, QH>H Y:?>f=}`J&5f~WoKodk.k̔&~"%{%m?H5JQ9&IG0h85fu% Ś̤Jyj?8?}X%_;[&QLeB7$n[[Q2Ez8`{XUcPBKM㲾 >y^m1鑂1#K5bvrg5O%Dް>X=/jb,am>boo9:daM3Kd~m=F 8fuWC u}+D)"$Lb-K2͑4i[pfmc vi(yf JuJ}ck펚l+a] DᙘBrBc}Kkmh7m< щ܋0^;|P}>?:6h&#"cߊsn'o}f%+)Nص/cB2v;icEh >5_pNDX)t3:ºe37' n (ޡpE2UZ` {L5=:e"aţ.}$0,@,THe,le3iGEM7+K0NVTw&&}m7g~] Pψ [-{ƅw\WJytLs*ıxdN:R4yɓˎQjt@~5,BkY?5g}XơakQ ?s17_8V@sa0mp? ~k3F[;_͒o<1yy}eERliBak!tAI/b"HbU?.7oQCc_\6Ƴ+Rȓ EП۳ÆB1A0$!^%}.I_V`Qɝg$|d:+6(s E$Pw_* tSqO>o%_/ IrCq31ҡbiU7tp2g^&81/ڋsl\J+Bo~ o;v:;'DƵտeiUt1\i|cT>Om`ߝzA-4L[ѥ<O041aCV->^qw:ℚ. 6) :M&V:A[GcQ>*_\n h9̃nt3ȵ,,/01<̰P5Ƒ"mr;L//[=q  IE I!aX]73V ZwzwǻOˎO ,&d@?_ ($S&G9*v6<4[ s]se$cV%VaVi&{;{%)3CW338F$I3t뷋:0ɶ7S7Je,ẅ!u4:ZsXX#ml^AhxFͦ͡X-(nk k*SV8Tz8.,qe~݁6,רeN~^7@WIscz[%V ?;^aIz=)$g.w%ev$I T xU'ifHҥ/="L|RM8 .wZbO`f7$%-*UN|%mïU@<_gYH_Zi;B750-6 +&m=:frUwz6Tk8P QVjBx;BkJ=8ԵO0lN x2?o󰋫qMO#Gj*Ә,Bh8F2u [=Ąnom oGP~[dsjUwY7E$O#8 i|"-t?); 5Ҽ1,V.宊$TQb=9hqfe%~zUH66kRw`U'ñ:"9L5kg4J`(֕<&%ףB]B/ %gB8b8١~kהY$75H,fZ"-d _c]1)0i"r>^ܗ$};STE 1mCtv!\q=G)N׻"zDʻeM?&sgH}ә XSD8}''0pJG~lk1.(QԚ.e 4.fD$T ,uHF}|tM k*YLEN~lb05'x>&r,%ǹnXj?qbsoee A) Wj(XW[ܣqb&JB̴oo(W8tŗ!JCV`@`5(췁_ ^h(A.i9U2c8VRWPf$8:CZlY& ӷ$ (ʌ k@5,G^0t $ ./Aut`$~SGI삈-uOT?896 `oBnym ]&W2 .OuF͉;7m6e2U]j`h 2CKr6TM`U&qՊ Ā^0U _^:hϠ";uh>} /7haz1v2C ]5 hɎ.ZVx%_vy$<}{@l Ev;-{lh̉7;^:A rFH_F僁כ9{ڜOf3_m(o^T2Ol@av X 6UJ?"D#i+3e:`9IBP;De4Vk9++iBÒǥ?Pb6bѲ ;5w`g7t:R*y?qQd}ATyYo:4Se2yKaQ!i{N[E/yz(yJdL+#Zb"yg荽V0EpN b O mY&y $*+}v/ 0w4aEU@:lK&Xc6{i\.m6`WPvI#48cVaSVA>v m9n^GoʾyÞ&zV]O&g WD;#C62" D?,Ds6FNH#Rsj-7&u' qA6!dྉJ]ѓ e( ^+2fM 0!3E>,Px1uM*a LRt*17pJҋE MYYnYo?a`rKg>؂oP'mzms!D4|C_XX"-, @Fӄ,_b?dgݤf՝-%wh HIE8}/6 Nl\Oh$-"m08a7QϾ|z} 7D n(\Ck=2G$RȆ@-;^e-Tٕ$(q2[RO`|JCNnt|ėS_Kb '}.IeGS[5OW և{ 2DGLL'?{l{*`w"oL8g_ MΟRͤ-0GB#pA&G%Y{6gnhQF*z@ ja.GRgBڠ(%&\]{>jZt2pBE\lf;19 Rf'ܪ3.gsNQf^ 巐S pΩ WyGɹC~, YW`B|2d_EğϮ3g}6;kK qEVd]`]1x⽨i]Yl"BmH173־hT\q=~ a.SˆUB&(?󞶅1D;ŚEzO2L7i:_|Zi&jm/Li|InT-Xf W#?_9o%gm=y^C!XUmC uy6kofžɛX3lL0Ju{1q 1h䗯h\'hLxfU˄UOB0aU2X<<42DeSso 3 Ԡ $nN>Jzʢ7i0Z/+x)' TPS|!& ȓ`2n sKchӢw]6)}G M"H_SzJ@eݟ=}N@d+즹-SR\B_%}9ؙNc/7~VdƦcy63`0 V< >"l~VFq usڅsbleslhԫ{FrMZ$ꢑl7 9f/}lP֋#"SzyUḆUҮU^byRwZ_hpƛ(G΂Ēnݮǣt_ZC7b(c+3Ȋƨ3rpO? 9 + FR'\I#k㒔GUЭ]C# u؏\wI%K(++bY#^/Ըa1('+2Ga6zbRo1pV0Ŗ MڒD(BL[k\bdqqJoauO2hb\z'+3ͱ0fk#ѤzO_NNǸ6LobËc)q 1ָ ~-$_[m#Fi12˚܂xW!Qq%᣻DI#*[iGp468mJ&okRm{?eǮz;,ͯ^+DG=Z2F3]6R#2k"H*.eMYګ9hU A)@Y&<51wYaaZF-Tc,M~|\JHU0C}?ہ@oK95=kY[ey|Ƕ6b0v 6"{G%%G 㡁 }]K1N,]AyiJnd 2AGmJB-hMziXYO rui*|ZXfgO) y4egl@d ww7DB*dDѪ !AZIyL[$&(I59j~? `V>ӌXɱ5B {(ɂBRVZje^7b%>XmT['ߓ=\Gd+;+ɧG;\r I;n璎877 [t: a0hp2mVJsOJD.bjUח/V4:2ieU6ԅcq3Ƅv[kZ㉺ߙ~ p(CA>X> B{KI}*_;J ^"濤t$Ue68A!U}*KlL@^OĨ"#֊5-8c xtO79uW^~,.Wk+v )?DbԗP8P@p>N$%3\\gvD rc?~824Eߩ(˳],MŪ}tn|xEu9qFGG&!ųxR(od=Aq>ARSoZFA/ dL.oDG zW:`w!nIkWa8>V ʨ|GnGm.CG{4y9{jյXy(QQK1QXk?Kփk/FR~Y959}aiPmErIn%$&M wErDb㐽韁 aAQ^xß&,ʤ%閁Y3xb kB0JY:cE*B76+lLr?>d7}zUjK8qCbޮx\Dݣ{3 8ZO[ {#^D_GiJ*…-#?=zHe(.A?qQBf;6QAK`xG ci؞FM=> K8 %Wl.gCoWGVCfU)j#!2IVBMY!F'_qa~3;bxGS͒ej.x]*{MDpR9{:n!'Lr?>1__dCiD2"uӻn׻4;#q@[u-.D+Pܷ/ye*u=*Oyo!wekpq5gG_M[ץ (M!I2Gdnh8Wu)t%(GਭT[6ԟaNlYyiDPL,wU$F"+`%nf vT <̆;%s/^W6842(rg>][ :\LLVV?Eށ}R'sI!A>)i0l!Ҟ/%_-kJnNJe T@>|r "%L 󢊄\;: | xIcʗHeMFT"C.ul"yj2=z8ܬ1mZY@t!D}:Ζ\ҁ=Wa)nJ"e颅ABy*RgdXݫ+ΣG<=܄yzD{\u*mމ+= <-g:HAj“m;5 G[1%B Ƀ]ۛhqۻ֔"!]UHy{jb]W;i R0m]5 q,0וM+면'lcwʑÉu4b|#E k`vN'a獮}O}8"4`vY x_d[W7_)]#Zb aPT=;FU{0sH(c~N䞓X tI^moF!4'x'F kw"v&vRYXU;< B RChLjl{{dh5ZN`Up[