container-selinux-2:2.28-1.git85ce147.el7$>lB.!ȎUZE'4>?$?d, 0 X (.5K       @ p    ( #8 ,9 :>@BGHIXYZP[X\p]^bdUeZf]l_txuvwxCcontainer-selinux2.281.git85ce147.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.YLc1bm.rdu2.centos.orgCentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : fi fi #define license tag if not already defined&;0KA큤AAA큤A큤YLYsYLYLYLYsYLYL093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5dfc6217a38cd557adbe6ba5b7e219411cf816d86ad270db71fed1fc1d348517d1b2a0d5a43b7cf591442d0761acde6069371d7442a266674701fdb57317851e65rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.28-1.git85ce147.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3YdYA@YYoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWDan Walsh - 2:2.28-.git85ce147Lokesh Mandvekar - 2:2.24-1.gitaeff029Lokesh Mandvekar - 2:2.21-2.gitba103acLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- bump to v2.28- bump to v2.24- Resolves: #1469792 - built @origin/RHEL-1.12 commit ba103ac- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.28-1.git85ce147.el72:2.28-1.git85ce147.el72:2.28-1.git85ce147.el7 2:1.12.5-142:1.12.4-28container-selinux-2.28README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.28//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !#,R[Mv]"k%u#qXPNeR@Qa$t38pX>0fHƛ X yg)}\39̼ k mQҪ>8? h7u-B.c6Qѥk4OǍ.^tKoj{4Ga#~f RXÏpOH߇fAqqgV:0; m[&mS@,ؔݠH!vJZWܦ0uhr83F M"a "A L7 F.`ܒ{5nOL,2RҎ?TЖצ@Xn:'@٤ų(?<d`+gq E;Gi$Irޙ; 2Ð>_2yesHȼ,n=$sn`q.j٥NY&,H Kأ@pky >U%[=מ^)Gfj*+cM+lwi9tFgu(FC#׋Q`fq#ϒ-̯⫨Nu۱ӆ{Uh9!OMAMh%Oc\ 8dYC;οY ϟ9v8Ҥǻp係#Q8`{ =ՒUHEnUwYE}WH 5fF ߿I8>J5: @/e l&6Z9IJ؏V7t=^ kj(p YCurQ_󧁢֟H5Q.A'[Di7#+R_hE[0.8cvDH<6TՓD9s*W.n?gG.ZA3N{)x3xKY: AiX>CR5R/,=SeUsa.A@hE{N 36@FwCM朝OJޠ>T1 "4tM$ll8NVϡ.ȕ%3zL˞"͸?7BD:E:-ϮԜrtwk%|^ZCv-d!E)B3ge/AzoUX=؋C[1' ܵ+Pq~n}ef:= $݃q ˠa=uiEÍˀc\d?JJ+u3"#;}H*\#8bz O{’6e]=Ԉs'eb5Rp<1h2rSo #Tg+)Q%iʜwVb~ޢO)(t>8Mcgp j&h bz=ZrHj٩fG U7nѕZ kPľ7$=@{-^$02q{Zgb鵗}*"j_[#UUW-@A'GOSG=d{↕0ȺN >oT*.XN\?" m d ']%)_'X: M@/d z\FRΟ {RCHlzZeL覫rǬAGc/F({{Ed3o? Z,jRqZv;VhUOp%w'ԬFn/6>wkVT4%ҡܨMcrAQXk;lI-6*Zo]>H}D&PK<$vl'(\lx$L~Dk{ReX֕cw?|ھ| i.>~\:7;3*0ߚհYZU| Χ&> @̪X6{X DOS]` G` ]-'_vB?%:5\rY8 =rz8q<0]P?x"#XiWaUhgiYꋽX/iyȸ|kvoSQ^sGop*S9B$V:lmNm_"Op>f5P8m&40cɳmz1djQ8"D]( v(82։z>2Cکhs)Oj,r[ ''H.ȲuU>Nc1m:qv0q:d{Q%|dDبo-JALp]5>|z#Xft,(qK5~2$/j>10`;R"@"uܷ؀I^[!ՌOl,"B*'|B]p^,ٟ$Ҳ|kIJvdb?'l(x}B}*= *Ě3JSO'vߌ\ 1$mD'.; %c #3+WӒ WrDX?Yr{zeqg f'ps27@eWQ-~Y⽎aӻȚ`e{R}ab4(WW`;bяj1Js(&Q @mfM*[k΂)7'IXҏ Ȕ@I !;:PER_s8fm%1_6?'H"(ډ-eoG^֏/~wU%S}RR_p(mF]B{ym;MuAOȑ5جeew=HYzZA-MIZR=О̍jpm.W;R":N&|;zّHbߢYT!'LBp{n)%!P >>e4 RmQuHG>)7Hs-޳ ~r.)xtpϥsvnF:܅x[Zwz hKF WjE'Q?3sx{<քD6 4۳bm\Cy*N]ĖɣKvç)r6lbQO5S.sbΕ㇒G]D훲-^zB y!剢bY5y"n[NHW1,T,ij K<4-Ym1q\ȃIu 8~sZQ s uA=}Ur9+2[?z ŃcnAf}YGFqfWC Rbd0._?KQO \Óo#@PmK`VQnoN!$8P];T*ГQ悵|K8TBB*T1~6 pmuZ9s-l*gP tά3,O[.3lI4=Gqn]qiCs#wr}T3X;\Y]Sxh|yt&=kP*n:K4 5[5bՌ-XA% m>۹[6}s$!ܳRi)](mF,N#5=Pg1DX~EmZCJլFEv=@rҽqwFQԎY}ڝWHm uyY.DӽgD#P&J^L- &h\U< H VZe);q6h@ wbJܘk(`Pq\<9,b %O84wnH IJ g;S[IT?dhWZIvE2\`'2ϽR#W 4_Qm"54b#!K?V)u(!6-/ʚz T鞑 drQC S!/1rJ"}LPPad'_x>*}i'{:πAc3}`hYIJ)J uoJ7x3Y?K2˾q|=[1pgr^&I}C \M Uo$ׇ3hR$ZEf:Q\K`'$Yy(|ZAyC@T]^MZS=-n^H6lQ;m%)Nu¯Mu+(6UjeX4G{)ka; JCfCk .h[, `u쫌l0M':ߞK߉#dDHq':(ԤG^( 9NۋvR9bUo3r5%~re=@?S{i"_LkUD)2ghP. ݯOHv_Ra9|EI0bx xEU͛A4UЛʻx\rκZÂxlB.'E <-w}Z9g:n$>#yzwދ~>Od8*КS&w\!?<1/eYwl{n6 - a{&]'϶L1K{G R$'ʂ}3Cʯb5 B7JP¬%+:BQ^$5[:n}U eUGb[tl&L?Iָ&|R`_>.Uͦ/C]}/B 鬴O T9]xM4A51%)zdR.hiF4FiM1[8<-c?!x Y\0;+^>#=X#>%Y2s S=6CN~sLA,w.)(VPz~47WCNFg9UޱJu/nk%I6$͗JHX2hsP.Ơ&r$4,~ (XsbGse,Gqx#T:po"ƻH{1dإ &# . E4l$u{#(KȔ%^`"IL9 4YX,`;]Ys1!NA'Bq4U!lд63H8 c"3ڂ?xG4c29D+![Jަ[.̐%<qk0RN(HmϿJʨ.ypވre,ZDXãtz@ i{G(Oy#9m:ē𓽳:* ZV;/7IDʻFL0) \]R&Sڽ \)XUF;oI55u&}7V2^`qG΂LL AƊG/醣|"?$Jd֜Jrw喇Օ!^<uxfёWլ^Ol`| ~2ΪP \|5j =G'Lv[N3Kqz5fǗ ]L OqI56i6wqV\^*;suޜwF :N@I~/9V&{BO|f'= =4hsR' 5ìlɞ\]d#̅ .GkUޠqRoOPzrfPNw“OSTw)JЊw7}$uU_ 8:( ΥmLňBeoYH0? aӈg b+a=!&1v|G 6ǒcyt#RC"#+iy'uL'Zejs %|f ʏUrB ;%lt?\r1x}R7 \!gg8)d2R^yu$uH6@٪ZCr^wgRd;~:9T㌥`eJcU U*"i_(j"Q%g%0dIz޺恌 ]rX&O. a B{~hʓ*Kf8>\0H6)Cyqr5] 6'-;?K/cH^/Wng?D.1s "+^he45}E:s02gasGj0'Raկ$/ÜA\ѧA'GptԺA,aRtj]S{0H[FAϱM/].KΣ4g@Mʷ 2ɶZ`ScBX={eyVLVN8O)Q'e^?ңgbf'>!N,lneRэ}b?EoωJW%Eaߣ P|5uDݻQPxB*hFSkܝ+'Sss}LUnn:%l5^r6,`9 7rW%@H-Uȭ/_ຓTE}ΞlΘiPNrF=.1`Ob/8%R)r3h$D(머A2`c4om=f#^zq0j"[Uѕ+rTFM 6crݥjBCeR^H1^qR6)NuE ,NzoK@-יm}LEϱ*bÖh$6!on \7ccgqi]S'@ΡO ֥T@~3D%E?#E]3lvib~uE NI7AҹٖmT} q=vٵ6fbB80mq(ۜDH5B` Uk=dBR˿l3mPb`U~|nI ѓk'|a! uqHhYc.0U?o%M =ܓ *e\WZRy֢v`ͽF6W80}rSr23.Ρ_ʺNNh"k\b_OTIK~ܬt#B!^D}e-NKA&Qϝ7zvN[M|'jE4קQhGkc$.-+a\RM-qo*Š>.kϵڪ&3ǯI7QJ|4Y{&7al6sɍ|Tw ]P5Qstx`Dae+$TĮK6i0tvM9WQ&OR#A1U\ Oru2ujݖ~f]׮2OIs~B\ӯ]"sLJ%m—:B4jJ 9 "X!~0;)UkhՖK Z}Us)MìXߦ^QLGCܳgoj8ZpqoޠwB/8ċ0U#sZo'T`Y=e&<̬rvԿDҌͦLVdhFYt}*=A} H0R%u"}&´sLB0 >eM= 境zQsĨ'QT eDrb{Ӕ?fDkp?4,R>ܖa8}yf),Ee53ӿ#q(偳}ʔIQZQb匇.-><60A7kd,aX)Dk4R*Ha6DO;" )v%bi:j#ekch,7? 嵷?rnQG{p^2 `z7k'Uڴ1@֑&h),L}1&s)eֳ=,kw,T@#v]U6ǻ +g5י9Sd[bP(xe u}^XemV|{-kе]~bTR` ~ é8#q@s 3 Es!%w2|BZqjR [ +Aw?dؿօ5J ρ혨[OFTȡKp f!#vg^1/6OFN)4V:-zi+/ >ث+xPihfgh_-\%%ԛaᏑőAk yP宨{|H+t CZErI3G<5#%OB8QBRPT[YfO~ԝh*tB(?S<-%fN>'ܢRSOTr9Co;GuI0pѮT総Mi͎=H.Ll$y{ +#igcOdWPms9 Ԧ_%`v)ڜ&"ցف.M+z ;? CYk JrwV5)㔅8`6e#/@b=z101Crm.]hDxPj6,(wVtR$ ^YT+?D-A]jc qˊ:;vyQILW%ek]OjVJDe6>`k_]}0Ld ΙhdLI4U{&hlu-[z7'S5QOZhFb]0J6VY,fq0JE+ Nv1\qJ$٘4:U(݊-\p(QÝP]YʨpFhM OKl?Q+i?8 s++mBBIC\ߩr΢FqW8L`!+⡦ZI8>? TlEyrK1՗ w-*k^U$n*IEVvMV8d^Ies^ܷY&ia6SfHv 1YNWijFsr04bGrM5S@!v.b7B>9^PLh5zbTG<G= ^i8AUQ΢$LU?e%2 ,ktŐ0+i-ә3a0g ը!gm35l!0RBx ?H&Jw 1vXtA)Xy~@hsĕѺzO*7S_kzcEs0hQ7Si%ƶW^_i%GD"m#l\)#@~s #G^Sf޼KM#0 XqnWͯz4(S=3pfªKfGD9";6ψ4}g7b{ZW$ ym,|J{:\+ #~ 6;C?a 7܈tG,߷SU/Oܧ-cY %tʠ5U/؍L7=bßax@U͉%" ¾A=}A놳u<Mwޖk\}/<^/_ ZXһlPux(:1@7"ڔYs1A&%q|U VsZPAj:,Ү/jo$530ya̴RWJ~dڄ^j8BIW8rvcD_a}1?;1e8$5- i\z8CPs(>Y_oU1itA#ؒOZe$jR Zs=[{eF8iC/ਲ਼&ﯱl$mT1?~r|CIvŨJ񄆯gj_`=hۦ ! #28ǚv{tjNJ6^=Mr6~1SN@潁9ޠPS" Yi#>u5RJ>'W&>_G?mbL+oel&fIR9`G%~[+:$xGPE+|J:A%V@kz~֌0vع8#F|3O~"BA,m\IOиK gܧs:a]:Slb!T&EECw#r ԪVl #mV+|ٮB1l*ckS!\clXJy#_!.D? Em-+YS$:toAs'Jk+֯=l՞MHgsE_F%ԳRAȼ6sy{ZoV[Wjv'B Ys{8oA/'"X*אtTw*3!b 5 /ǘ_ #Tf利iA+4s༲_!^WɹRw9 aWД X--T Ґ{_H: `97RWK@EN6ɯ Z5I%;RDl˓Yؔ %LƙYm؈C&u V~/~k_I)4>北'.[,uEɚXk&P=.g֣0^6Bu#ó|ΰ+_4@~n0%TJ7="O{W'X K0(64OQpATLȴsԊn*[ZlqoKFb6XX]»?ϱ_Ֆ|IҿW= \ENixuxɾbs,ZFt['t:Wqu/ [V lY\@ '=N}S]!i7|ALS4}-7 V>,ìǭSF~pLA&gӒi*IHWy] 5p-Hu\+F۬>4;MDʣG@^`߉y3SGd_hURB{\lOkj9&СZN2hsRҀ /4U-K" '׀!2Ch7o#Vz?>J z᥍>pp,kG3ڷ|McCy<;}MY DQE(u y0M]4R)+:I@Z() U/MQ_]| [v8{B](O6՗@h :(%~G@mcC BfaýBtĎISXہZ8OIB۷^÷,x'.6,˖_HD0-rBQEEd<Ƙ=۩U-E#S%4QyGW}2%9?%䐞c 3?7@Y"7RGpeoIĞ #:,ZMwP{eKT3pUQJzDzeٳyqUECe'[g1y\t(z0 !$ANR&1⓼1DZdQ׍UӁPᔾz NOet?J*zt!˺0Hu1QxnaVV<_L15eutRXfuSCz?uHĹ GN"pX|U%^?BoX ^!P(3-[9-\}ɝPX^Q*j.6%/<مc&^/[QsouI{ s=f V϶{M =A醤.2PA7l]/hɺ9Hr6ӂkO cMً@+IBlkzow7Yh43gj6GYMUm5Rn׀L~}L\匴kg+cj[@>-Iq҇$kq^$GxY 3:%vZT\B|j `Šdy~H.GRu^yhp>4,֭0[)1ipYDt =T}@}JTJ'`*i@p!3;c{5 tS~'NI*AN9@Г5o&[y/hW$3N*-M}r_#8W6zgTq`-u"jȡU7eG&_l"n_99}16]bڭ&yVT;lG^0lNL%3`5p:=S^GBhg vnBC=n&jP>bmqb驸-!3f/CK"HRrnvG*; JdY.ӘRZD>W䙖2}S'ʚ_}j~Uu OtQ}8"0Dd+Jo% x^pSּ!3[5fx|!W[S6c:Y)K?3 :>$'lRܗp3j xIF:a7#w?GVZbfCrp@!,8N`ev \B)]ZIaz*&=^;b sr 8QdY5x(&%{+:Ch->l2%ۘlCA =dd`W-F jQכwfG&;YY1w?Ry437\huo{ x=Q3+O3uȽM:,_Q|K滏 +j :"򞛭wAU0a?:89&&2Ίϼ4؂= mG0R ,w5*^&mioz* z §X&L!I B$8W wܖuhmTޫ&R 9i&g{ 5)329r$< :My2(=dg~ӎkT["3 fLPWC_R俻 ӅzKt;6LΪHDF'FO`zv;­SWMK(:C<¢m_x8l%hB$T&[X5Z //,b&~y!w :g|5 c*Uϋ@xluY' ZL{܀2/W/oRn| l =]K ̄1[8&uD`'(ퟷ F^EhqW1X\%O:'Q?@텚 b!2͞VZu '8NI)= 3g' |j@m} `OO8JB DQyac~_ǔ9t?@H*n{7`4t`K汙5Ւ8z`{Vќ2Joj"vzZ,¥+趶8jVtb~PZ48ũ]"ȡKVO RXeR}2k呞xsaDtZd :z5ͮAXhn"h=J#|}j Ҝe~ "0R.K%ixRm5P|AU7;f]?رr,QiCx?k?W"]j@DNh`s'`(/L&-zdiDkp:@փoqܺݍţUm[6ttmær2B 4;| ,~w,اJPeh ɿ>x}VeJJ@]ݓJVa!ҪonΔ̐`U L_2km1"":3[\_AZFƼߴ ]r6|i(}=ֶgĵ{"9(8َZS̓uۈWokT0! 2c1Yf=ZmՅVG+TWeA,UQ& HXOYdC_Č悯BvdOX][Tl z7NrcMs>w6KBvgt2ańʶwIHpqTdཧ|h#a%3l`exU]TA؝H^W)k.P!7ىBBeV%MO0D Qn{sh ßlsu?ɈЋ$61;2SQtQ 2j3I1{:NnP+=bCk.8 ״e`c4zv\I&GSX(R#vkSNS87q?};KY bwXJ5X[Z"YT/(q1t F>bzs=߂beTAAB{4z$,%S %m9<NrWĕL{nr~j̰Ȋ;ѷ /I(e4ArEVy-Ii08k=ңWv,?/)zM5.ҌhS`D4>t adǰޞbȍeJti3)@:!ȶ "^ddg $&zqvDhkcD|4N/|b L3ZVzL(%LJc0fRmɘ)QKU]8rӧ cJ0wMC5+*ܤG\ YZ