container-selinux-2:2.21-2.gitba103ac.el7$>k6PlNI4>??xd, 0 X (.5K       @ p    ( #8 ,9 :'>@BGH8IXX`YlZ[\]^Sb"defltuvw4xTtCcontainer-selinux2.212.gitba103ac.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Y2c1bm.rdu2.centos.orgVCentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : fi fi #define license tag if not already defined&9JKA큤AAA큤A큤Y2YY2Y2Y2YY2Y2093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5db1f941df54f7efedf7ffe8cbd8d8c82b368e07abc6b919ed9ee170eafee06961d41d2c582c66dd0742ffd06fbf9cd497aad97ac73db3cdcac5f31a86e6914dbfrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.21-2.gitba103ac.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3YYoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWLokesh Mandvekar - 2:2.21-2.gitba103acLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Resolves: #1469792 - built @origin/RHEL-1.12 commit ba103ac- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.21-2.gitba103ac.el72:2.21-2.gitba103ac.el72:2.21-2.gitba103ac.el7 2:1.12.5-142:1.12.4-28container-selinux-2.21README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.21//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !PH6RM]"k%xĉNμ5#+mz qpw!CWp,-'%CCr5cV܋2b#) gŒjt;űQR9lK3epS(e=}ipsbf3°6~ZmnE#46 $a{ս9]T/oLIjf#Iʅ.- !`?^cVmR? Jk0 @8W*FGVBˋzpU^@1)I q$N(Hȝ3mKv!OƠ$@A'zg]"XPw"Bl?4 Nw.?!u[)x y-7;?*g#6&yV2 -Wy:6lZOhve,k@[7M; 5a uE C.9ePBYnY4qǍ=W ClFkI\] ARZpʁM?o4:zR*EF#n&.-ŕ gzT]Xߡj{GƀNⳘHt0hR2YnJWNI'ѪG>+8t,ҏ?6aU˔*[zrm( k}z:~3+Օ@6kkKPh݀3C<5,@u9M,Pkb! #K~6pQS[Dg Ͱo $[Ð+6p΂MAJ|PӴ1[ C0NNےN_tpq;D}TEQBGʫIDH3k\~)g|H9U%6q&\VbCӋ7{EoUa*z|w+=0Ku!YQ1A8L8CyŠ Hqf[RLvW؋s Fqj!L~n x? RL,1μ#%*Bŕ꓃3 M3'Òe' L*D='V8+#/V, CC=8s*jXFF/ӿtz|}ku-.O%cy!L^Sdvbn2YR!iWL ?eXK\Ah?POesuW`oz:%"z@ F&7Otez5%&n$g%;⨓ 2ؼ&p37-?yqWf=]H:pɃ<L erъîb^˓ &Ͼv>_'YOr&)R LHb2aL+|RJ!0 a&tdsEv@ESkR:;9Ry1 :0lj#Duv+:f8_!k f,ԉ]X|^=Xw5`WCWN>:,:.<JyiuG [dϡ+퇀,Mg<~o1u 9p{5dț<~3pWt[8mjىuS (̴x|C<2QǯVqBoםIZ!bL?b7$'!!Hԫ NMkJԒT# 璏6*"C0a; :/:73ń t|.r"z97;\Q(9@٣cq]lܱ1^a,=>chb+'Fm̆7g9ff^G4 hn tcyLQ$MeTIURΪA[e!!4jZxb`s"do㟵(}TpCQAo`dm1a-籪j629(ZtCN~s>ιhP&4RIZOTa_&@%D Zo5;*"J-Z~G+3_yF^筴BY~U#^׀Ƌִ=ͺedwR;hỘkK<*@fOd"iKᲜi^@fz-oML2m/$@I@jFS{SiaeCx(nkYͰmu -`#ȥ؇)[Jt8ķ=R:;}L.3GVK”$^fRmo'&)?WS=$`!c,2W5eVfv4ZoPcp5|,?jI.Өp6 ?k3!M-W!ǯEb7T:|fW(DTP.o?B\g(&c UO -Zj'>0T,"-%Au4S %ҍ1wj2J F4dދNV7~ NE2Lh6[!b0IXGd=%?k %E%LF.$q*199ҡoDxj]E W8@p{#vUKj&`A}v`vgNM`Q8%[l><DTp)̿dQFLr4HtP.oR3M]Vr Sڪ6R!0[#\講 <<ӈ1>(ft~؊p|{vl5-z(zn" e/2"ԗ 3CiT$}ʼK$-x;D} 5_!EWS݅r,l& X63A8#J 0 <2u]1(QzAޗ0)wtIr`>⒜fVh=-o -"Ț.' r{N =$յIKo!dmp;ng,T|{S:CxkwvNߎD]wgZyu]Y@n*̜u^;J}Kd^`콧d=e9ݣĀg$OSb8ޢwqհ]pyw^Jo߹zeۛgGS}#D9,ť67؀|XGgڳ+s_qsѸ Oζ7$ љB_vbL"Qo 5^o.@Eo5^yD; M3&P)Xeע+GFC{S..I։^ӽ<yeXVn>'趀dԡfFx+A 2}y%z=z\*Sx*m ^fC!̀jfh c܅ohQ9 )]k/i[ޅ:= zvű?2_-%n>Ǚ+g6@Fuj:FԸkr" E'(딐8u Ѧ cL~ľɰ Yd;*2C7G(LJCU?S7b.։?{=XNE-?f߰Y.B3;O2K>q >U"P$BC! Eܳ rSJfIOlT4BS(o%/Sqc#1Q Nvir0 .V }z"c[P ݊߀ ˅Bj C =gW^F#86_mg]]@Oë,dg*"ɛOo\rӞmʳTtۏ t&e1 & Dءz"厚@աVv뺨I5tQu,nv)1|<fW^ 18NfEOBY6S#8hDE-x~"Б13N͹o lyZIeA6]%?HF!;\nթ*MRqcg|LQce!N*śTC;٬+#>,SKcZ_Z֣]DT /~y1p;SьVQxlǾɫ7V2!b L\?jȇJQ͜tQnVԧV?( u``?jD$p& <.dbLZǕEA6\%.w%\t+zYGTU,[= r9Kd-0"UuOlﱵf Xw"]~r@eӹ\fnFX dp=kRw.^ˤ 띈B9h\|4]`Ė#GvPZUu F$\&'Q F$? EQie}XM Zɇ?3X {d syb%ʊYT17"t}2n 9q+tRNI$4Py!c=(Wz[Y`Y%<*k'/$+7r&3Y@7:>;S<##mՀߓHRi," 0HI} mCt7*:* òp]Na}ԛIފrQa?NLB5Zx#~ɮ[\ЬFA&nMn=o,VKx`K4`3X3zĮ'DA]hҙCvv2S5ft :Ag=X*֝, SX`񸂣z|$CMl'?1J&`"Ѕa?p*급lV"]2#-O ùR1-I2ervX؏(|"qv٘LdA>gJ/318ӇM9= _nZJWv}TsX&-pMN@)|?I-$AF,wH}k?FI5O%T36X]!f&e"+9YSBAX/ޙ|X=j鋋>܊EE:Ts 2a5T`{B[4p=4ϒ=tB.XZ̒6WBCLtQ|N_GiUT]qKs_o0Ḙ;kk|7JHq|#@/ы֛Sc2 T\ŵo?(&XXu*&Zz/jk KNG_X.?s?ykBĂ U :J(7vF$d/45HbѬJԴp{$w3u2ĎO %4iIꕉqG5JΟ=`G,,>dP[5,ũ 3*rEXͼ'pvi|e'0e,la?"R;'h]~ w XkU(Y8|@T/2uW~=&T*nP1f4ezTKVыV/_Pz`10ePĻtKNQ%;N S4-ߋi`$O2u)A"{1sb:S/$@^m{X!8r”jkr`6ЖO0]%I3zo`0K8.eadfguVNY KeMZ)rR7gud\GQ9B}G(LZZ -fJ؎>웟*q_u(q[1B;.{?[ݎ݂9IfYBլkc tl+9ˠ*U{iN@^ygi땁j!!UjrQXHN+ ဠ:`!8C"Dbk+>9>LO zh@ҵQ2~).#b>ӽ2A|V@ y`ם]Z=bEp *ڴSn@Sw.G.J-y^=Q(nZW OvЂ~!|X-PS(݌QQ['&CQPxd8!znu%fɧ@Z0ۜ]nETe89Eq-)j׏w%ۄy alE^4pV0$ OPkU6(2o鱰\-"Y3bemYNm2G^@4,T6SU1 YZa{[Cr,1z$:WU:[A$B9,$ŒJy `qnT){ MiJ`/R@jP3ŴvQ<;,BRvHx#buC66"#d35P9%xpG d^IDAgB?TA۽A-YӆdfWI y8UV[Kaڮeѵ—=?mV:s X DI7%` 6xZ2|NP0ktbid5Ϗj)'rxcSu.o(V,cO8}-(h5}gu*nԋ`4ak Oi(Ta g~mD`:CQQ"8zd8s2:U:zo܅=I}sLbͅ9O(Qr7$2nʈ0 UagЈ6k ЇAnXư> íg0@:F^2JBI*B˛oBQ0frTet{zglBÃߥ*2* 言 ^c>&?:we&)$'b u/L/{\vXr !mS<%\ᳺFV*~`EVvnʔxQa 6XSb Q=VY7jNW^ Vm)ȡ'p?(R>(-ksYo!s@̎wtnlJ} 2CFP` q;yyH+jd4lu]0K1NhsCeӽLH6*uD4&3pۜiZC"DO . 9B,L+~jn3j|!*֖Vw:޿ jݝo`;otZM`E4?!R:; *6-+:ICE]wR~ qb8 m?] pU|8C؅Ħ`d57̱?DtJXki)&A|7?c1./ DJkےiК1d$ Fs͈T 6q}DcW@ť@Tq'c ۼ_:$J*ut t@ w$u.cr(Pgnr#&k̉xZe7hpL; }0f^kM3jT`nu(8>P 8񞇨Ӂbx)s'2 H /3FkFc' b \5:,NW͊8SҐIУyTk;[x?`՗,#9 5>'Ih{Eb:+y%%B Ԛqtfl#)#k=Ecm`f"d2'yhL t~ϺAy,H `?&7y{li o0oڴT(8-lv(60`%,QNe{V} >ɻ瞱;fZrR,*9s})hgB0?Q(kg(sŒ)5f: S`5"Lm-3(jJdq jFBĂ@~Dal78b镳 Olcx-d՛hgÌ.H, ؒR{h肟%Z1c9#$ J .(~ؕ4uB=-ApMyI!_/ag\!C`fFkmE GbFUsY9[6śt?Z3 B}ϭp%G1J3F9L6 }nSAxm^YRÂ~I [-nAMȝ\>&JFD T+Gs ~~]_SFiლ(1i:FQBY}],>V ɃkJZfv[;`5+i S@vS K0@\[6u/! Zrږ7yP %L-B p8 %;%̂{|B`O*%<_w jcs $:Cu"*w @G`lr˦ojBko2.sJ]ŏB!K6t3qve6hĹ)?7\[nŁCccDt`a}#>ݢPU>-]J>w7 tv-U lwhE>Q0Xg_( ziDXΙA rO\xxO8l7pBeU)? }NI sJ M${\nAyt+YE]2: RFCba5"ōB#ȣfsywUzGN&mik+̔p/pjI[kfJˎ\TxZ-t;7*o#}&)]YDLUSR6L{F?x hA^KI0v9+]8K" $"yi J=>"O1H35j-V6U%$s xyHhRӋgwQ!.+0nvI?6|_q=_bA%]6&r]n{, z^9ת٭B8x!Zt :2K mߜ:8#~_.eiMnVhĤ5y6${ג5gHC g[\/sC%Șsx\W!ó\L#.mOm*W/v ?VPT=d:6Ag!N^1Þ5)W4S0d^nyu{1osUYt1tbSg']8o‹99Yz c|` FQ/3$*g4tڝR@_$.#c#PݡuT s C'v`tඐ"7M5XC2-,Zx OώrHbz0V=A0n{v;dM/5Rʷ9k,Mc'q/lJeŖa{JXKTI !:R@Y/#=  :+(dk9C^M!*?2|RL<&'>0CVzM\Hm]_#H&Lj`+ϖl>5XN+ҽI0a=uU$SkO |v8AǡZzIsz?k^twSҶUZ5U\Ӄ0P{'-U710Q4G4 l"zcid}-֫ JA[l92} }/P[&ms>I[w[NoN( ਼8s U=:'\2^%|-ӯ˷~8/3DURpbQE #'klj^xzW}t7Ղ=7qn:1R-NFq2cOhkL1ƨPAnh #RjUMO ș]L Mnq{ԏ\0jKJd/}Md+ۑ@Ȁ{|)_2@ma69d/*91%.r燼l tI<1 7>+2#:/_D'~;C jČGeMCip6XZD޼Љ[eSYNܲP;Fx+SSz|I3ESǽX NM_;آiڙ˹GOW&7 I' )NҸE[۽<3–Bg;k9-=hybXgˌܽ ̸O}o>1x'\8kh<4,6e!Y\DYpcͺOɠ:[#db+gezSN}xdQD "sC]lnuv >}33ui2kyw`ek|2Wr.c|VX:q]HJO_ƅOǯ2J, :O(TNȭcAp1CF$ܟoXFkl_!0V ڕppyOi|v g}`OE^KSZK7VOvM''[b!":L#S`fU1p QDّն=WT[F'/尿2){^7OKOs&N~Q΀kx;6[Ut7H}V(Bdj䍰B#Ԝꇡf0r>zzX橖Qow 1|L1T%t>ɢ+k{^{<_B($I{uָr"Y.?b+Gʵ-S5DZ j/1e7NR=(W\2!NM !q%0ݭXBA Kg=("9R&D0^#C[;Ic 2c%24v"`%Rxa<YɃ^";:_ H TfE<`2_4ujj2? _&yqp!`X bpQe5OW"2Е]#g"+2=faQo<;50[BɖBDp,Frپl뻪)ulw;}D9LoO kx6vJwhfn9/ ^ٟ!gqW <#3d5 9PW7,_;08^a^#2V-#(Yy0㜈2ŇeEJ{N8V(@YRh"ReIb1S- K"*ێ,2v#@8?.}]|P¨L×AZ7[K2h(@kUݷx[g#;+ 9d贕AT:y~enLج^*q;;L*q <gP/Tl<Ȗܴ8orH 5Yiu̯ wQΝ~0 C- Ky^ ?(V7-)[n/