container-selinux-2:2.36-1.gitff95335.el7$>ruI>K{>g+->??d, 0 X ,29[       4 \      ( ?8 H 9 : >@ B(GLHlIXYZ[\](^bVdefltu0vPwhxCcontainer-selinux2.361.gitff95335.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Zox86_64_01.bsys.centos.orgCentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* /etc/docker &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* /etc/docker &> /dev/null || : fi fi #define license tag if not already defined&;0MhA큤AAA큤A큤ZoZfZoZoZoZfZoZo093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5dfc6217a38cd557adbe6ba5b7e219411cf816d86ad270db71fed1fc1d348517d18f1d39ac187f64de991fd9aa522578c5780a5d4df6dab134d9ef3524c124b6ffrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.36-1.gitff95335.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3ZOZZY@Y|YYdYA@YYoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWDan Walsh - 2.36-1Dan Walsh - 2.33-1Dan Walsh - 2.32-1Dan Walsh - 2.31-1Dan Walsh - 2:2.30-2.git7f2de1aDan Walsh - 2:2.30-1.git7f2de1aDan Walsh - 2:2.28-1.git85ce147Lokesh Mandvekar - 2:2.24-1.gitaeff029Lokesh Mandvekar - 2:2.21-2.gitba103acLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Allow containers to relabelto/from all file types to container_file_t - Allow container to map chr_files labeled container_file_t- Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container.- Make sure users creating content in /var/lib with right labels- Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc- Relabel /etc/docker directory- bump to v2.30 - Allow containers to create files on tmpfs file systems - Dontaudit containers attempts to write to /proc- bump to v2.28- bump to v2.24- Resolves: #1469792 - built @origin/RHEL-1.12 commit ba103ac- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.36-1.gitff95335.el72:2.36-1.gitff95335.el72:2.36-1.gitff95335.el7 2:1.12.5-142:1.12.4-28container-selinux-2.36README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.36//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !#,SRO]"k%xĉNμ5#+mz qpw!CWp,-'%CCr5cV܋2b#Χ!MiB")|wD:IHM81hTc0^#0k>\6-ۻlΌ ő?}A_ bmA9%+$m=mE_F_`685R\r2Awl1"H1@H]߿,SiiB` g]Ҥ:氋ph(f׭-t%5 `pePUxS4)0/ǖyS0 '4m),>Fk馩g0ΔRT f>QH"7d=ӑQ-dm ^n ۡZ.- ġF8-e fu]JL8{-Xz]tL;C"lZH4220cw O-\ AT,{==}PFYJ' g]11rGK86CJU^@wmnJy!oT~31j6Qt.wl+ɂ wHw᭤&{8Oh>] I;=p u3pʝ*tSZ86{^Yʎ\}Ny+Qh Nb@[*$?)LYV8Awk'۝;Jwg!1Mq#Et73cA".bѺ L l44ֽSX10fCCHӹ5P1`C@f0b*QWn m jMRYf_rͺZ0QQbՋ pyc&-qxמhV%㲶x*DB%sE>MՍaA" ݉C%a4l 4]뜛I7Ȯv1ѝA`{> k9Q5J[{+FGHE/>/)N{?o *^D'LߵD͖:&" Uf | mOYԦ8f{04h.Rxh< }<ox10xNb+!%Dc>ϫ,3-;f\dz V}<FS1<>05Fi|K%y/To(a7@IFL7;Wċ&Z(mor6h]  bj᫽=o_Uc@iA$ՓTMR,7<߷ݮYO겢om/%CXWcEU9m)5$pu?Mv`ͿlNpA*jlj'P[ב^nSAm |VK VIF>ĺyτF=* Z:M/d@Uf1ju1$x5i!=Cz3g R5(U$ yL,@%^{b3p蹾Eٌ)k&Bl Vbkq:An 1цNaĥk*İժ`gcOKT=I]M$ ((+Aj1IQ+OV-z\!kEjƎ=_A\)8$=cK<0p8Wf Z'RT1B 8AH9{}m+^wO]rry%C{YxJ!vj)Qĉb:1~> #|8獎㸄` DeMwV q`Z6B:7 Ø,b&>$J53i/ka2!iX2\Jtl__n_UA2Zw~|YW>LQzz6Yqh1>!2EY$yybu@IwԞj9g K:eaE򾔮4aBRǖ"ddCLqG v6ղK񑢕ZjMtVӋDh0aFW^7D;)<ې PuZgYkGtEF/~p8]כփj+D3jG}S㐩A`hSuњ/Z\<ũC[605 V}}uvkຝt u?xxz(&4'ͣ"T/l .ξgT;cwts$wm -Z%4g|N- $F{4*|]^=IDmfb%"ovܶzyao9h4JZɗoj> *N eIbp8>LdK6Wy]ړFH׉P{9!hOXDrBw  Ѿ}1/'y z6Q9 H~e^]pBu%Wҫ/SHag+Ejɭa|R,\0Yʱs0KWԔFrxdw'FQZ~ G3PNyC8 aO-BR j{wI!$WGN;㰆l0"YIa }{ ߣ<$Jտ[l7uDoKzӪEBqfPb #2 &)#Eeo {m\lBBݐT\7V{3R`*g 1+-XXi5o.eW8fW(<*]'͊ Сc@C]jz!7$+1JgD{0͌đA{ސ3D$jܞQxHOI20Xqe娭;}x6 apՆ&a^ qYCT<`A]PI~劇2p2Y,AVi*:jHɖ)N(0#I~7;Y&FOgP:5B $@o_BCnCbض2**E?&!D~UC% "{d R׃>?P|i:$ )ħ🃤taړv!5Q4Vym P]5$]>l2,vn%Fi"L5!TB{\U&mϘswkѠ6gu*tiK9hM{4G8<\IRje ;Y$'a;щB2~͉ ڷxN#of2rxGꆦQ|P|GaQ,ʿl4HkN OsE;|¶K I[0ƫĴm< zȚr*eh 8:+[aY5#r[08M! 5F !DθOi3V]bkY0T;BmDZMd[fkw1v}dҒ<Almj4]dٓF6q4boKOUG3 nFcN1g!pZ%w {!s8vڷ>eD,~?ޜ]V}05kD7:i|,y{%+kaQӌ"nsdh~MǦV-nS׬;C1 RÊ(Ze={JZhz^,4Kߦ^~ԕ= v8ڐ!4#uhr6(O3H z+ZU,{@ 2j¼]d76S;4u_J!G6,wD  gD/N`3:xf׺P蒝ñ{ƣFUʲW~jsnUXI.SASr`=mGS-}5Z!eLME5 c^q_*+,MKQ2[".M Wyk?KQ )A^<+޶/fB+D" DS< A&~nvU v(| p9e< ՗F-;nE^P9z=-20 ƍX2Oh,^ol8>LӶl-|(;ǡh0 ejmA?C"'MI }h _}J*JDo#)nn@2 S&o+oQw|¡훈0np@¸Ǯ2V}L|B^F:$E* Q}ʊO/9%l+f‰ͷե ?_]I/5B %+ $3B|bn *vެϿ7V =b:Ee@/j3 nH)K PqA<֒~DcjvN NmЪVNdnSG֐o˯aW6ҊEtEk:N祺vcK6kA`ፌ~ѱ|cAVPG @9pH0?5*[]VzzFpى0Oύg]KBk-8s* vPp>P"J|gcly+|f% b`~̼ <Ƅ󣉃X@߸ժI"G᧴* olRhv>o\ov<?Qf; W0QTk7*Q2S:b})[I1[ԝLE(x'{}fX<|c&Z֣\`CW:&pn֎T Glzz0}I I 6dPyn) %wi @>%'V? )0qٿQe!.?v:E^9P혐N"C X񌯸Z3G[K=Kg( f{k)re:֐7G,L1I'Jǹ9 >򱁄Iux▯vEP 0Є2 htC:.=dRء-DEPZ*m o'8J͞W6l墒lE"9(d1d\=|86Neucl}ROK;mf{}|vV YKtҹܦk\t3F6@ |<3@{{ {FM;);,b/d]E ddeS{PwZg.SeJ%tOio [-!Ьv{j1^g@zRAi kq g9y%Bfwۤ/l B7^ΫPa@`:e;捤buE˽fɓ5Ugg,?]Fpr&>upFfo|Deԋ~~Ŭā_ApQl]{j c8}=EPԂF8~Fe"T'R*ʘ}"dS[ kT>'߬xрC@|܋MW0Kޥ ǿ!np6lhwѨ˧^~x,bZ8#3)gW'c{Q_t!4c%_DnAFl0A]g.ڃf-AŴ384`"HbTMVgwz-5Z?]~wa^yIEӝt6!ذa1U>eM+LXjhJEm&|N-vbx)b?T)Plucбl0fȓ*-EN#/ɡ4-""0P5=~9 {ڶ~*ϛ5v+"? t=23(;i{.>,:>cu5fzD : KjDٱv niOg`դqRه֋SvH:YG:(tIvO&ן ^T~c}hQF_Qcұ59C#BuA_z3t]a +j $FhlrӴ-YXdذ Pz@үdw}?p[iX;OSSj3x09C=~xS,3b';<1 Vӵ!9Pw\dm$iYNVYb$pyYZsO,T_T)Lnc#q\ꉂsl>էl`_ߥb yi`-yøhԈl<Yl aiD_- asTUҦx%oG `/]?3k2o!7 J^ vV29R|G;(@G- F|ؿmMf`P"E׷ِ0"틯"! ڪhKO<}[#C;+@Dji.#=t/~uɁ븒Ȋl)s;}G.M94F({֛)HNx2I%2`;  d{0J" ;^ 1%UOhYJ-۽Eѭ- 769x2! 3TrJu9xUjb/&*쟷vs?NɄȾÊ vs*/c'#@ktV"v93|VjjIW<+-rE6ϼ1Vp"G4nG AX 10nmp@"6:iLsU).NPlUDчif DXK S@D-.=y)*L0z֎ (UYGOB4YN<~F|$d4o)Ho35Y :\j=K̪MK}肯]GFUۣ1S[bnjIiZCdB TjggErH=Ya} ~a$*e,=sjˆqP.þgB/N!J&gsXx z9LvgXREp-Dٖqv$}14((Mxh?˘E[x!Mby- CT+ fAfUmrX|ч6f*Zc5_F d[rV"__B٧UxL_ӒH~P7C'W 2Þ) {.!!ݓ/g̮&ym}| aʹ-l0[5*3(qQkD"v Yq@ 'V m=%.9"f8wdC-新FBD $J F/?p1ȇ+6 |0l 5\a+% :;ɰw8QGc-fx%T$yUҷ(sW.c Z2 3w5Uk;rGsRT#l@g-]IqܺjإAkfy$8UZ kkw+VXօ3< #;>u }U _dEh4>"vvh/|8" 耼Yoϲ>)BJbDInfbjvr+va+SѳtT+kUJ~JŷΊ&L<JC<+JY8G)o!Pc 5lqn8a\fwZjźTx; ,o޶Gr`Fҏbdq^jäy1 }Uv|۞0²C M!l/GL/d @#<' )*}3-TESѝRO@ rtkDBVQ!xHd1Bw\G3X)(r J}+ͧS'nTMi6vG( {6+%y X4srCr!‚V,` l>y01F-\+CͲy`!@FW AumWp h\%&@κ+_؟e?{CCp]> Ms#T`%[OTjgtrYϻ̱܍ˑ} R[@A渢WޜJ& UИRM%I HҀ.yU|bBin-K',<S{~Rn/9BUDb:Xo69l xq'4C-q׳@ʳ/4̈ކdKDlFT-4Xj}߶^]˵Y1"ι|`y0"^?n8GMX,Ӻ?xVimBGwyU[|e/+`]?g0YyAVpW$m=Z/LBCnmp!YIH}Lnc|ttB-1ԏhJ\VT) !I,IU0JQSk[Hs9v^O}R^>3ZQ9Yąuu~Q.'{XtK؅DHcx~fGz=f9s ծQͺʺSEJ<-i]L2l; HؑOTeu9-IbzK˩$%%XB!p[HHA{8/#P1TqpŶ޷O*$ꑣ`BQ@ 5j#:ݕ@,TB+NiJGkvf0X(u3[ڃ,"t`5>X)r1-Һ>YQO%Nhj uuEeD&Ay^ f^jb+~椲LSGH7ǩwwpq<'π;N>H{:&R w=bz7f>:{%ۏƨǁyUSmlӢyArUQ::,jK]]g$)ԅ>ƅ&Gy1fn1ͭ0ub K8ڿ zeh1RD~B`Pwyj:CK&ض|:VTQCɪ9hX\ ii#(34i LNZJMfMbp`rCt5H͐dJ Vl`Wiu3(#\|#ll]a^01l]fJ Sd&n/R2/"$ܮEE yhR{RɆ00E?f2pZFRmm m-ǀE4Lk~v$%W//C%W:0]^j5 \ް>iC9oڂ=O'ljAZ ʩܯ|Kɩ!ʁY>2yFRGnq>X0pPь+{ιC^ڮ™BaGң H/f$AzlVgqHpSZcq'ǔkСfW} zL2jzb -- !xas-J7^Y]*9gIK[)n0zCe]$t߈Ff0}f7s6fK9zDa1# J}`T ,|MRzԇߺG%gXқ…UɤcȒD_47]ڱK&!J#ejSsI#2VǦWqG d"al\ vPVsi'3Z&?-K}f.W*MLНI&͉?ś}Nn ]]!2d^%F(ay@&QUPؙUZ^UX t6>y׶auSiϚl04)3eӺtcZR#\<"It]{÷qgErg0P~uQ\6msr93haK}śU |czd4sCL,~89Kކ]_l{)RY̱lh4NnX ۫H $ziد(El(($ M 8.{VGp؎TSkMh\Yq||,^@$\@jE;o P6"a4dv@ė#UF@g :uT|e4on씲ޯV0zseAڃpE޵mFX6f Zmjy|="]oMV`e>*f>Y `z5Kpבc7kjQQѫ"(_>ץbK$<6NfI`5[6l6ˌgd|sc~Ǯ=s_S'`V4&K~DK?s_p59)dZQHxU 67M+֗cж/ z~UYd\)qRz HfcYYOu&p簷*p< 0F U1?4AuH {`zGpkMķFdCg/Zbb.c/(=R5ZqsQ k0D`8ٕidU0?ELBxR!b-mjHb܁ҪO4׈vf6@xa4 Mۍ'nu55"ҝs6\HW}G^7ы1«eqN6663R;:Xl[1ӱ@OK9R*S /"À9xZGY?|j\_&;[#b‘ezv4Fgȹܞ;Κ.J~nw_‹I +08σ=rZ{LpF[@Ezl3,/.2y+):hwM7OM!}kZ˅]@ F0S3^N\r6C&6Wej2Xuiz#~PQ7$9%iB0@ߙ@oufͻ=gUBm"ѹj muu1'CJuy)[Pv#KbǷgͻ5[E=A»XVE`NCT?lB^L^)FU` f=q6:3es#/_XpLJ̢7H3_ymK{Na:_ "=aT04 !/љns Awĕs$e^.Ny?LV η3?q50+,?v!dy%R֌ N"rDGC/emP~a6,UkBƎ%h!am1ן8 |4DsWg82q"Ҭl^O&԰<?*-Xŷ 7s3hjd98!_Ѽ>]rCi]HsFw8P)ߣ=W++n$;H7`C>&$/^BP<@BCpNХ@ef#\\c,yM13Ɓ}OK El,XUhN4b(I%tdEEcqe+Z/ CItV} q`D|ld*'Mh]2:=xa}r T#rՑO~Ҟ)F70^91D7MӢo>?~^8w(ǂӰ_>ӌE# ȹ>#Cz2%/׎2hۉwο;NS?,B1wA' A6qPnKE"-sT;ef;GG-.\4?f8El]7?C ,w+ ;eD[A,/z>\;{JCMoQ+~]og5^$v7rIq5MpML޵NK?"`Da( "gݏ4~OGWr"RVEeJ`Hq.Xy3p5/h>hc"[6FV+BXM{/]>&o͝ =-P?RLS #Z%tх:%r_Nɤ+$nC)a) eW>}bz}y(4Њ1CP';OC1mɋObYdEUj~>]H>&?sa^13أU}e8HgU XUI;8 +^ˇ] {Wgtv-+jxV;\^n_i<!ŬRc݅:p22Fl݇UB{.U=W0O&7<(Lg*>D5jHj<$屙L3@mltH36%;?Qkv )R7C1+~%9K\RƂ +gdB4bbݡSx;JつӃ"B YZ