container-selinux-2:2.21-1.el7$>j;W>??d  $ L ")?       4 \ |   ( 8 9 t:>W@_BgGHIXYZ[ \$]D^brd eflt,uLvlwxCcontainer-selinux2.211.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Yc1bm.rdu2.centos.org CentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : fi fi #define license tag if not already defined&8J]A큤AAA큤A큤YYe YYYYe YY093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5db61fb6f2b257ccb107c95db493ee189d0bec377fab7a10de3b853607c6b7e4b14f5be0abbe9dcfe3b2936f01220d671b90d6022ca10bdcfa26e56c236cfa2d46rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.21-1.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3YoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.21-1.el72:2.21-1.el72:2.21-1.el7 2:1.12.5-142:1.12.4-28container-selinux-2.21README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.21//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !PH6PK]"k%xĉNμ5#+mz qpw!CWp,-'%CCr5cV܋2b#kUp++tD~:TNtX>h,=8p2zHW(u'% @iY>qx&(ec0=>Vv`Fizn}ȜRG$lwcDm+$^s0_mE[OWlVR1B6vb›sZ'c&.2T~]E,NJpѺHx$y[L'P'Nϐ)nreb]A(xXgax$G71^>[)e7/Xh?\o 4[ZbyE>jS$ʇ*UvRWt٧;WUǝB,)wPpH~ZIP,ܫBn@ƙXzKy1b(&EndX}BT={|rp!hys Dֻ,5m#kJDuJm~P?O/-Hh@yRȵ'p2 xߗ}!M!w&d W3PXeOTyC:/d*ΈYusώ!/ȈB*&s.z /m@S f W 6lff= R6ˍ%J0Tl8a4nj?E%&2i?S&TP͔J2{r&,f`t(oR,D <-'^jF"q7!mkĬuVGpp5cQ\rR'N)3[ XrO3RYફ!l=Mho56K>'eλԀrA)vIPS:(5uY`O/FEe:SD :O|+>v1Gb ,V_6PLfJ{bx,BY\4A=I4Gb Wx~<. ut3HD6כIq~L' v] Z]#$T 'VhTjzb3zi?gўgkwխ]PkPsIJNڞ^+Q o㍥#PKB.w״N6N8Ryb^&libUoU [gv|$z!5#gs̔mjaՅfA9ۼSbpZ jUvW_7;3[HƓejM2<@<4n{ ;q; P6}tzhR}i<^zWE/2~ɂY!/Y=6+Pi3ZUly2^rfpOL \Z꿛#F( s=I.Z/ݐ{oچpQHQz HS,Wb;_;36te"Q-hUBʽ6@=b|S,Gv6mhM"=C{COCI?yXB9x=K>1Zk=T{P,>,^>\Ɇt5]D,b=]=OC7ؚw(߻M-|y0lR.~PX@6Y!2/uϤ->hF2ڽoU).'X sY|I8xl҃Df`*OM:5,B Te߾,l0˘[wn" l{}ͳHw?6fsDABlKiZZ#LPmT._ļ[1P|iNBUB:/(^F03kyE\{j2 Uέov^YiGr9.X.$HaObuzLl֙y7XjW,b Ewge8r~>b?1E:"N441?VC"0 tSl/dԨe]&N ~Ns?51xkjKqs^I7{YI=cV87=g;U}/l] HVVɏԌ"4MPkeC.h$#TR%zY+x~[G{p[an^c>K6C"?UŸ dZ dU! bjVAU(S%r=oun mtBj"jU}F:ge-w@Pዮw9 "EwCq ŝs[iWuU3LNlT{-h{ݯ~'@kire]/X=:]yU/E{s~y|n. 0.*ӶۗaYy!z0c37?v7;QX;zRUV6Pd0#Ǐ ?\vpU"_ɒgG>{ĘS7'1\aHzݬL@݉wAV+}j Dn(@%bWW`I`{TIm܋Y\A]e|}A;5| Ϡjz';t:Gɞ~1d -'>;N=1O9ҁV36?!UjTCG<&H?U}Z@.8SKsM4c DUgedޠ)n;qӐ?y'cԯ *eDV(KcnDcFtQt)=Q*?tj=wvH7n謝%8_]ɔ_MшXD.]^-&$8̠?XnZ^ڳ'IN&[`A~_׹e?RJU[k+'Vڇz4ze_ $jRcܘb-2+rk5Cc ) 8 tނ%t#5fR1"02F’2 yaPq+ ß}@)ѩ'-Z(3ce=jHNUH6nPϳ(r6H8qjnj `'ؠ: =wz Y^sLuBS,-YZb. 1sESv\RC9boDam'DG=30K&Q饖P QeG |ܮ>vCMj%TBbڋ`LφThv#mD#I?hA0.\i71p.Xzm>S3m ډXnjDܣ;ư +2Ro'hʼ#D_|eLz/>&*ʶ5e 0S)SyO>WIFQd! V|De;z'b-W€͊ȨfFWh d)Y[Dڄ[[w3EÅh-cUlvPtYʵ+ W?YхYUe(*TZ ]5CK5[Z˗7(s>ҹ^ zB'$8-37xt`oݬRB|]^SUR>E{UΥIYQjh5?1}ģvs[SWZ]j_8m<6#?/pAoe{%X&zV] zmXa 6G9,ؐ;Az&R!;NmRN;Y0 ' $]_>=jJ8W*K#&Z͐F3!5+2%v>>~ݕ4iL/5IUcT1~{i{f6Jgapa yVRNs|klt%=흃"\V'd5,Նܙkz7 Fx}h,mс2(st$o_p 긏W$(jZ*Lw6 }W} t7cYTq{?6 7G?PmUYjQ4쁊,-Dbp/'No1 05碅HT!;vBj #! ΞiZDjl\3pƭ~ki[]A@5)jEFp Ɏ(E*42q/|HT1҈Lpw,5'~&@ˏ+00x^*d!E .ArC%Iox"p]h =DywzACfӻui,}alU*2 q?ҏkrzrgj&g ۄ_[{ߝM_|xN$O,=zČV 8i28եBgtJ{ ~=vJl<'܇̐ $ {BMé}Wq B~dؼ:Mi8/5/ _riǍ4ܹմ@ycZisc'0/V/; ŁYR:φ{ו/%Jėe^0|JYUP6ݻvrZ͟>mZ儐> Z;npÈj˭ g\d^1 Ia{~wp7 fmhj]PtIN $+5v5xG~DnqXDoX(ȅ Q!K_ebmA*[5H/Ga rf~h_vޝ4I\;ww XL+J*(jqb i{҅eVhFI z Fl.aFݨYpww h2ʹF? x1$ v/F J''Q%ɄJ+3ٺ?l.I3mdtU|Xk_TB kњen2*4>G19S26"ΙV_nG~ mFdw>R\' &6 #RVe]BFd' = {(3b>hiT+>ΕᲖOO;zƂX Oϫ4f'IV@ %A+hce86S'ߓWNɜDOCskn~[߁N,:C:zQ@WFXmvjn=8|[c%$XݦDC wDL1"I2NLx;qREN;|A=Eq`i78{CbMA>4 A߁eȯGrvfu_Xc2DW~۩!8Y(exN+}@VuKLvdd $$Ve#lkB,*Ib\ UE-!5CC\8{AVH5_V#E󣘗lc+l5HaaLr O LD© fNs\SqKRFoJI=LA{^ch7WQ@뷧݉ CF{h@آ:5gIي4OTm5+ ch#( N^=|҈nדf>HЋXSrRxW`pSeܺ/EoW1P i8Mj#VTJ75Rςs'y$S-.x?T=n!L4׵$楎eT '?h5Bi{S238eܷynHӦ៿JϜY?-3nutK,tDW-uAQs}|AJmf1x(Jėπ.ɴmV9ew5hԞv)<-! y4esj5(/)Eф ԟ*7p&ֻhE`A8jqR4<.[)G-Gw`RXYVW15aڴހ%͐+ޯM{k1Z"k>FpuwO`ƑxdYC+!b^%|[@M޵M*6 [sfuGd7*<*+$l@Ly&[#ѩ}*8m!N{5{C4 ixl US,TUt^H$L6t[[߶V{OVtiaXur w%$clOW!A-i}ϖIY"vǏ-PW"h,+bVv,#Ud ՄHMh"R We`%#&&QEO]fE])8Է߄h=3֧`#.z*Bt j " o$-74 ZŽ9qMC6nL /߶pt з'+eɿ\_: |,*x)D{=D[Y2K%_m:qqRo#(W$?ĄE]#l_g{]bA5tZx)fSۄ8(A hݝ5҅bsX]j hkwJޚy 7sjqF!AvU^eza\@G/%jP?vv~]'OWBv]J_QN`{zڌ*\6\ݵQnWY=v ~ *kKQcJ4a[t΅ɣՏO"IjeO{WYVp(G`Z2.^@(s~P1 ]"Ca%}. 6巪D q i9H:. Gf=jϦ0ia5Կu@ܮw;\OKeٌHpBcK|dlQ=e#]+Bx.w݄-*ܞ2G { 4\?hUvc\>Ke])B{u_nvQXj$A:oeRkw|^e3 5]J! ކ 1הhYfpÏ(Ve[ED%3'w t[C!/c;A"=wKv=.pp$W< !'SE?e,b7F`.$қ:<eEm1n.b>y"iҚvY1C|kZWL?kY7҃ߊ#_J/yJ~xcTyd旃b%1oPՉ>C.T@f`?)n,M0=V^Cj((؜m{KDhCX5 JpuoZ]aYx>=ױnڥ*rvI]!,1Z jS̡Ok F860YԼao6OC@I%d[ 6Nh4SWSt2~g"ݔ $#wޙǎ_}1AL@ʃ"s/|6kM<4*POwUX1#J6:sT1/ b!V0~~-`'8osˡ&\=>+] TؔDɭp"Qಞ3G(nŢ<2b-{å d]hFK`tΪH=(q-wr`u[UsJŸC"w'dhÊRCϒrGYਸ਼G#[F4~5{''yʊۥc4Xf HgCxogH>L~( d J lDz ϣ?gt&&ԧegGyH8FD܄lOEhLz|+h®fWZå ţL|2f;rqLаБ:q4J)Q5 l$-ԛ㉊ 5gŏ~E̽T^zrӬqGf.ֱrP tc;Bh$%jR6)* ,ZN ūMJ7 (ٍi\zluVصgn|mm!ۂaY^\4݄{ECźF4 &=@ܹ:j3woTPf#AD~I|,#{\eq^ Ow"b"vO|V ï^M{3Vx\?Q~)d1*j~6{rˊ{Z-PQ=(hI~ځ.3uOMMq0翼!,R-kS; q6̀[ћcMDǢ3^I;[N,jQU&`,.:)n23|v,?rF/c6tz4lW`OT"q 5/ o/v!*9*9cVkVtuհkO*cvo!Fm }թn;'$!jB}41}סxLGO".Ut2vˠ3!o<%rgT)ru*S 5z.G [Fث7,K\U_roT9Q.Ԡ]C;IģҁrMR6v-.^ZKQ|x` ~ |f`31s;kIՇ;VK盷Vm' *e^f4hąogpҽDlCM<}cGLgJ k>lO#Fi<|)"m48iy`%-G<$41t />n:SS%VzդQ:w#, ,Ę|کM95+Oֳܷ =Fo&״S3s5KQ|'b80:QkM}q}RCrVGxj ֌sJ]6b$J\`;@Q']j70}FGFwZFIzf;W}- pLh5gp:h1ՈQ?FjcU<7'N)0ۃzہmO^q%_?Iȷr0R_`bm5 gUskڎ12'Y! ɒЧ߃{ôaTm$.scґ*E\OJAݯ'?bE'Y uFM&Fa-[DKV{wrO&@#2\W-# +CBךK9ƢA9Ŏmj^bh%.q3EAr;XO^%5%l-_72VIXp($CRa! c5Z"o/E'r- 2U(T1rW0!G^!:ˠISm,4rxrZol[Ո&X#Pj0EJ^P%aq7`g${uҼ{yu>rOm 8g??/P.Wpo)ulfopf؛ gI?bWL q10HLcn'day3FS~ؔKJ2?&"t%m>B<^k.4S\b_nrz`^8fŅuۮS v. o9r[b4osgՁLI§rb~`;wE[`w$IEM=Ӡeis.ӕްEt QذFH定 pI&sq26s2\6 C!L,ð><;3.O~Lcy~.Й*Y!22CADDn/ 4+גctGK3wTb?|>(Q򄔎1 OyW]fȣT)oGq1T&N#CDAkcTbGy6`2;=}q_[I 2a0?FkWvk| wSJ/BVDƯ %6gh70#(H: E “ʸk1xP^ U%mV#q%?߰ Mio@_mJuwNےh 힬C~l4۾G`s ~y=Ooק9'zO8us3?m˙z_!)\Z@I69 v[eQ =R6>HR T j1RHKn&bщk7h54+ @a965E$iBԻfto.  ϒv!EnAvL+$"xv'nfG%#t4|0L?nq|տj2_a]_îD$rշT\wJjFtI^s Tf{-2N{,ryixׇXs|'HΞ/@V91_s!Lֱ30!KYLWnΥn5ssB1ʍ@%FɅ'{\M®u:x)0#5V)s bF#TN򤋑[@].n}sTZ> 0Wl#y.tqaId AQ,w N]q;ӡָm,U-CA GC;NY1M7 P}'TEJZEy]XN=\ހ>(_~6З#ˁ ?+H?CQۭu@|֕wt 8W} -x^fjS&L 1Dd=$CR_D'Sng>N Uq]ٖ$M&0 х70}SיUϫNMxs hbW{]l YՕ`Ā'ϋ6h8d[b(ャVOscdSHFc]Jf@ue2 ܙA`t i@'?Am |;Ips]v*y lzh6PJT_}l\mJ^gW-"Zc2t뮧&cksX?3+_ T snC0$ hj7/Ϩ;2"CY>T<6ܥc=q7;풪.*WJ{FjZT 1By`@ɘ1}Mf8(m]PX'&b0ed /֎Ҽ#u[ɚ2I0KH jƝi^y7U񼆈]4UHM/CFD-H]W=Uƹ֕Pjsւ#^/p& fXeWs+P%?W-J[CV6 \mh 3n>~A׌T$Q?o*h#\k`(Q^L-=,`="R!idMP֭&:#|4 &ۧ#W~Q0U4qA~t2s0p[ تH0I!L0`/H1cV 4`teLI?4wDG5C 74*a]:v1G6lPkUDW 4(fv;ųʭ|J)|UiLAA#RIz ^:d)=Bm$k|p6g KEgX8 &U޿ / F>!VO}R\yN59wdM,|8F)d8Q=ۥ 2`tT|rq%3 L2nAYCQ-P?+kl|@A5N)b=CQDd $+61ԃ*eQdtw |9a(Rf_,47#":'S5^*F1H+7αҼύּYu0ooha63 f{ʘGE|UQTW7Ikg^%6WUNQa$Spu:BıFy ;scCSMuӇF%¯ ၏y@h?@Q]ֵDLm2}qK锴>/AL/r w' z#T'Hk,iٝ.Ln#d_/3fY=ic:ΔqZi( @{*6Le}S־@5V$Yn1 UunC,xGɎ+rwP؋`UUq@ .E;ޟ,$GT #`fSF~75_vܲMtRfqE`Iͩ>1%mlss% 'Dz‐%q95AyJA8xMTDF2*@f>-%wP(1܈9c^o|˾FgȲvi/,C[٥ jx m%̎k7Lˈnı|Ja K::>Qg, UßWzxSE/]&b8V$Hlej4P(;V/3i%b-??n b.)y-\* G]vieq5FN ]D+dxYij&6'nXV >$ {~[ _`?.B~9dZ9>kji8?2ֹ<ł $ ?-%fs _x ijX~MYOHGt-W[9_fx<\R~ʦuD&_jоMn {mB<0;"ׂ*,C8'(iʊ$GxmLxZuņE'|I`\eıWN pL[ J%?eed+'sOK͢sl**8EQj2\IMF!.PsZt8EҪ>ol6EC;vy\u}M̧ Μ@rKeiKEϝ x.tȰD}d TKŢm" E%̷@|q|-BRlv"7 0[Q%Oa3z4*rt9Fو()l(8ɇ'ݍr>6cki6{NʰZQ ۤ4Z@[=%ʖ i~ǩDŽ7`YQż]P`hZ,iLY"\6pd(c.RFqMRCn~}AMښd_NlˎFݦ .gĄ]e,\v} EERi@ɋ oo"`CX.EIɲf|5Q(}'/w?.G9I dK\zTpgBA-FvާF{NdHp3Sh%TWyg-s|cU#Yai"2`r h{_jOQegLҫҿ}  T/XKckȟ|QϮy{٧btt'{yⷝzI edtk3"Y\, ȷR޵i]_0.Zy:ؑ5Zcl2\q0g9@>6l_tU.'q谶y|'; ?nU cá8,IQ YZ