container-selinux-2:2.33-1.git86f33cd.el7$>q̽^3HHѲG@>??d, 0 X (.5W       0 X      ( ;8 D9 :>^@fBnGHIXYZ,[4\L]l^bd1e6f9l;tTutvwxCcontainer-selinux2.331.git86f33cd.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Z.^c1bm.rdu2.centos.orgCentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* /etc/docker &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* /etc/docker &> /dev/null || : fi fi #define license tag if not already defined&;0MuA큤AAA큤A큤Z.^Zi'Z.^Z.^Z.^Zi'Z.^Z.^093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5dfc6217a38cd557adbe6ba5b7e219411cf816d86ad270db71fed1fc1d348517d11cf13c63a6d685d84488e64f7e0d8f064737cd3a4d7cd7b16c9ac118391cf962rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.33-1.git86f33cd.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3ZZY@Y|YYdYA@YYoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWDan Walsh - 2.33-1Dan Walsh - 2.32-1Dan Walsh - 2.31-1Dan Walsh - 2:2.30-2.git7f2de1aDan Walsh - 2:2.30-1.git7f2de1aDan Walsh - 2:2.28-1.git85ce147Lokesh Mandvekar - 2:2.24-1.gitaeff029Lokesh Mandvekar - 2:2.21-2.gitba103acLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container.- Make sure users creating content in /var/lib with right labels- Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc- Relabel /etc/docker directory- bump to v2.30 - Allow containers to create files on tmpfs file systems - Dontaudit containers attempts to write to /proc- bump to v2.28- bump to v2.24- Resolves: #1469792 - built @origin/RHEL-1.12 commit ba103ac- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.33-1.git86f33cd.el72:2.33-1.git86f33cd.el72:2.33-1.git86f33cd.el7 2:1.12.5-142:1.12.4-28container-selinux-2.33README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.33//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !#,TO]"k%u#qXPNeR@Qa$t38pX>0fHƛ X %LW2C%wz 5]! Cztc*}@LjC'7 z"L>Ijƪ=9fNnv4Y/ TB?%joPO 俎tR:q^_Y5/G229 `,) f7 vJm-B"tuނ˅be84>9k:'#ՠw^d/3z&ٞ? ;/:jUGnrO%`C/ϛNf*RhDJSލpzIWSX^^:|& UF5 F\}7uy\q`(tyŒ>f%pB }Eeq!Ùj^6y0/]a:zPqm8Xޖmu֋Fߣx^nRJ^@Ps.8L6#M.[=L HT6?f>^MN< e5tPcruGxV蠥W]ܼᑊ "aYvKCڤ=}m*6n1tsMJ$L:\ݝ4 JD+d"4+Ɨ<}֧^ u V7z+@.yDEV XuOI[hѳԢoj&0AKcEr׿I_0kݶ|@PT OyMcG%%kc4 wAVT`>h0^se=!G#rcb/\^GfHn9tE#84 A?ncU*o y2q\ěS{( 0v j&Ŵ->Ԇ/K!#t;KhŀcFE)ORdTD 9Oq ~tn.r$S'@042 lȟQ. |=(B@ wrtY!yX67R1P4#pZFB>d}]^n7c$IMA|~ؒa ~ٙy!_.:G/ "Y/{hg)1\}nٍyCuaL/{^)EcYoqD^lJEaZKVJ3p<ڨ@t8r{W%XpęM4}mrcS jV*D*f $ 3yPWp և;9UFw];# &m !bO>yAZv 3 DջȨy\،)ʼ,yt^әL*i-7-3#k]"AdyL~Bni6,/?|=MY,x^ڍA ZGod0l{R\SGn!CNxdwv*cBQxm8zl^zΧ4c2¡y<#UM=4޵=*,tsv}ܩ؛Phd3 ҨBꚰ$x܈qbbj e&_d?W-I˕/8Hd|0)E_2>ebW !Lǥ_wy3]f+TMX$o6&HJ9P-p .V =D! pT""PG4޾pz<`Ctm(ۂP“m;YKgdOQ._[7Aks1J>#u3d76(m xc tSdbI쒣Fsz=G96#8ԁHa9>NgBh pGhFq76ufI"ԝtᰰ'b62[L !^T<"ᚑHҁ&k 礄SWfA-rlE{h|?@}1Tk[Fj72!>8U0">$\OytQ:695^Sqt3+uLI[pJ!B ϻɖ Rp6EXS/Ceehc]QթGB3%V~JJgqsȂ߲gތw sIլjT7 w}@8m/ߧEmS%-(6 CJ| '宅ⱅϼƢ\> [L9g/p.oEʚ JzT7Zy퇆XNnEt-P)09?(tK\>Q#Me{X,anFǻ"XBm ]54IG#CͿ#shK'NĔ3mWNN1Ep 7_8g4 _#۽wrB&ķ\Sa©xunb]Hjи-4 qs$(VyPy.M'v_W)J6/ͥenk*YpC~$ Ub)l9ᡜY7G<S8/}E_Qo#_owΉ͇)P߲źRB|!Jg"ѧ`RľGUءr}#:+ }m}v#:2WK'})je7&=%CÐv&#ѧސBah{TzݛkXVtrIK `6(o?]0OBT֜;$O4 %~FNQc!Q;i)U|`:BG׈q@-gATإ#J&S=O)< H|f^s%|u; ^a|%D=8 /")O _@l`֥9lveA'q@Q?JX2"pkX /^ܖwsz=74"9.= ?z8w㌒#u|-7(}AYDXk,ADm/WAC(g<$H`$~~ oC;t{*0\>yUGynHB@9xPs"\MV2BZ>h˃/q!eK)avom6>F5ǐ>ԤyM>VfO 48+J:*cF]CpA?LXSbn1J.o"b{Kb&x{c(+Y#?QR8*͸|;_} 05 $dN]4'VW*2yh1萐~-z?XԵCyZ1|(|xvΧ\оb޺`6ELL "wQΫxs)?Rn]ԓ`;;=dg_َhk*1wGX6aCV@)lksӍ/i8P_ 㽽?9WqPs]kgj\:CwQN%G3Į{u/Ќq_)X'um\٘ #hXXWM֘Y󅔉J퉼0)0јN2KwLF{JwƲg{ &:oLek#g"I+OEF=JL${lOS^;2{UZN|읷k[X*"rghe:o C# 80aDvmf\SSg'xIOba&#A}UȈvs)}45hSV`%JaR4!gn m%-n1!Vs&K{ؖ#;^`iiF\6tY|H6Su(0bޖΌٶK>l_@?Gs3>!w7P/=hLӰb]!ߚq⏥ u4:r23A*! 6=Ge^~a\Y ]G@%;Z>K\:w 9ܠFXdJ[ w] 4(agɜӵK]ꓽYg}8yByVɲ\e=V?ۡ,6%uBgyRTq˞@s~LXBy--y3n꾎sbM}]2[|?XκCc#;Nz.ooĽ}}J/&s'uM /+9Q&aV;セdq5 U a xi,v<8gd'}n M͏ U-}=]Sp=#bU"V/RayDf.=j XE Tr^W=m%hl7`fPVǰs?%X60.>9oWfPɴn0VKE쎮"nmbz_I>qz>gN;O{S[*JFMO? NU*E7oZ$ͩ>2н,O"LeMy7r12%nhd@ɅJ,ddxnR3m L,F&Z]eXE_FavM>}mR4iit x ~GL@:FD~6/Mb8;yQDuS3\Wfb(3џIGZJ1ZDn>bGMie/S8tjvϤPg$vk=c[/ Os ~ҝBOxh4b2^`&"A[k\.~$JƐo\rQ!G Ti-p\'6dW,9-Ys2#k#;[“C@)zְEydq\~HGqؤ|GG )#9i#v[y x8ܩ?_L2_̖j/bW;k r]Zj/#$/eg :{Z,Ժď906(dPJL·Jh&%N-I\C|~ *5kAō53S#mX >_!Ǣ#tzys#~,7'TKgsC ~&*7hڡύ/}9cُBVh"Tt)`&g|Ӣ/LQfS҃1F!,wP8|(TF&1y!~KC.~Cen^c:╔kO޿$o:s $K$,0~Ѹ@o1qYJ4, oˊ37]+h9f^ѢXAHIJ53)!3!ʲF!Jh:+N7u5#r)/}&eUK%`i?Pl%' 2R4LO{!+(<<  0N9|䵓~/JMĜ@h l_ k~/ _|sAW-#H A,(He +&G?"ۅ+D)[ CU\f5TFΜ@M=۰[t9Ŕ;Бcd1ˮ/̕peJ)񵉺KSV>wBSRɼW>E$vpAgF'ی`6*·%PD %/x-{2cTg%9Av dhi:WpJIE17$ay$jG`es! )yQ8yy 8gنhQ^%AN\`:q8F}JcK%;.%=n,f/tK0W̃w5,wo^Pv_b GB?*ԦhF߳ duI1ө&JJkb LqdtO'DE+Bޘr=-m &2aQW 4 }mu?]чjaL20+vv-f: p Eփcd;&~4Ɨ8 5X*Mܡy %¼r4tG{1hmfF ¢|of 2xύ{غS6Z| UijʀmyVDqvṭY[\MEqڝI@@ &HO L$N3,ͷyKHͶ}N Y01s0iz p"@[  8sq$esƥikU_NDR;ft- CˑAurϐdBC}ŘsIdH>16l Rڝ$tʻG.$P;* P<3d}Bs/}f :_xמˡ(j@]7ڨ7DzJO_9&jOMv?Ӵ&ֶo׼}?dk iuBBc (guy#s+iFYr-}yqi=8롴?d!Qm"`U>4VyЩ Q҆TJ\$U{u 'a4(M`4bO0_L?%K|,J 7lPa1zN0Ta\ nE) Fh /.ZauwъԋdDwv[Sȿ7}ޗҮr}Ze}gX\u/ r腖?;/H/hYqK(_RHs-'f肞n`F(Wv 'b`/!SiDd$۵!CfMF!i{)+iDqlbP:lIĈB6]qJ(׳ ڂ;SRzQ<4`ƍ7Lڱ}lx/EH/݋9k` DB>Y·KK#$Ya-g v i{ƫ2+ GBBA q5VHM$i%ƦJ=mXQ?]ůil0\KUs)'=0˵&ȉ R8GyxN\0L_q9V\OZB5lm3~d];ĀG8vj@*?Jv-E;2-g.a1=9j]-:1Ơ(HPT٬==ӓprӊcGآV%;kg-*kwmDN&igwQV*@^X>MqmӘhC=B BFS|#dKr=(1[S@!Fb%ssx,䫀d7:R,7ϡ &6Ti|Fr6vfq$CR/ntG@S//TX?5džM_Xbη{۫"I<?FsD9\,k<Z~?!8v J -;#9I:5`cȶ|rȯpaW.4N\< 2ކPfHah7h^%x<&I@ii*E'~ch|F ='"_QP_i-E,Bb?E6Lo C]Ajx.,bɭ|BADL 2I +f0u)Ծuv>a*}K.hk9j^Uēkΐ(}o]hΒy<(?>Y r(`Cxǹ;{fA5g>80邪b'!U[>S>@t+Fhk ¢,wfP|Ka<DZ`ޚi-0۽ c6YUܷQnl>` b!q|q{V@C€-hW ]mgF37Dž\`hz2C#FmW 1S`=@!bWf=7 pm k~kSGw/a:?ͪ PC <#nRrǂP#w&!)7WwF@^H?(h6=ч4I|x&bCK'P}mQC F߄ǐGa#dk§?MHۯ$]Du"jjιa|7J}ud֊)٠M]0f {uhc ^ :}?7,:smsu 9_nwjmaYͶW ZOhn_tÇ$umB8`oSƭȼV9*+XJ'j|IE۞?u =81cZ[%JiRa-epoʣ#HDm*)*,><=mxr?q0^utߊB'QKNsa Ko`SL!-+K6QN>1v3쳢)(L (Ҏ^Wx 7Bvڸo OCwxF*ЂZphL-<!rw h1ʞ 2nWw6e';8 6oԢR{sؠOZ+ߘodᙐwF FPsPRgXJ`Iī x彬/ghZ\ϜP 1'||@`^sR d0.yGIv&^!m|^c.,$拕@2xWRp9J u7*xPz),n:W_ΑY f˹lE'4 PٷKBtky+y<^1&xpEC,м}vLqu`2l DڈՆ!QؠT!\eo224 yZ\s Tϙ9%Jw7 Xda{?2|_CiNX0$*[ l?DWK;\iaDm0!}O|VpTK/?satޙ蹭qԾW !B1Sb Q/@5ݹܽᄴ.Eq &\Fn.OVD8H~˾j.a 7`IzT?QLl@;(O$xn1kQ럩uwzG?ϑ;~nS #ƪ#ٜ~m p'tC@1,Ìr3qZЕZ'C.q@6H OrÇ͒=8plNR(8܎4]Q~V^r ee{`2wy`QTXaY  ]t:VO+-%* @_h£أRAv@TC:n;SG69X4-cAP(GFpSoIFQh,&Xm.97lPJG͆?ut뫮C𣀆hL-#MrIEB!s"pf"]G^ oX%w G;,meQɟe{tol~EqH+MlWGso$j9Ş.rɕޣ\CR{⥐ԕӯL{].͝Kk-cc fVu~r_\1?~kVwOf?et* I6TB\F ـvw>G Iwerc-L(3 $ hOf!" :.8UuS@QŐB=G4DiÞJZ2zҌX [@UU+jt"{⁻Uj±@?W3ճSgDepl#(낡gNߴ(y|Ƽ 3q˯EV5Z^]M+֓?@1,ocsCp OoXT1g}b舁9TBޟKZc~wN&M`j4.JIFO."ns, F5 ɯI0]W]Ȥ_V{ΊDn%Vf3(w1ƾ(%jZqk[C{:[tzN(o<=zlWi'SK7L_\b8kSW᷺F+ç^HwY6FUڠPzOd&Dz_`MP̫r:}URll~-[_TvU/? k<ͺ)3X.TKnE>'(R ͤs)2~jJLZGW'D:߃6jw?LHY}2tOe@aQp뼅괌p* > }DEy^'TY"?)~o_$Bje]5PκMδƻ+$Y9LލPZ$nxŏ}K~E~Ӄ9Fه^z׃`9kihq1ȜWr$w"fw"ߚѓ㠧2X@j.ƞ]jx<@#ʨNsߐ37bkt1 ao[k6(_b%yɞK?t_ +~rˡOlQ1]eðlv+>>sr ]K2~fFD=.ad' h+ҫ]FitIpUqc@wtB.kzak ~%Q]VPz0T1)ioP zrRJ祱C*9v)>͝2`!Y?m[Žl84uQվ:{BuoXGO|Aݺ6Ձ FZضRاYpapCm_yEXR(@QF-tI6Uv̸϶3c?!91$l&Xh-j`Vn>y P@cOA2hOx2y\[{: l: "d/\ub}HGfCP ďO3P\_٩щ}t<8V84_@ pWn"Z7詋uYb V3iXdȽkHoVpwˎQ8ճ20M" x>=| vl[ 'lk&-f$'^KXCOh{=0kr94`kk_fă.$P_fAfk0 Qg1UFҩŻ0kL%nzwh*7ޟB9h~ 7`MXz+ ~e| GMnZԡz6`'36_nݡy& x7F*8 \Ho @C6݆.D+ t,r1z؟dJtow^v[XO6O>qlS7f[`sh>=>Su2<&Ext`#NV<5㊤ 6~d܁ΰLEڰPFuR#ڈn%痹맱@|kSv$-F"+$VEԸb,=e=mADI(:urE?,Ȟ厔,a/0{ )ŋ[_%`&ܽ5r&hEaGSMJ2g78`6S6j Qa,[ o+hUV1WE9Rqv!bW_ZZYn s\f$=h;ڈ0jES!L-(_́~4)Emg7'և%,7!q#Ԡ@E^ϾlSA0 79->hs6Gٙ\ʧ^Ő9Jx' "lmgҞk30Z"O. k iTM C ǒϿVGRS v_ igπ-TTj3bRqh$$ˏ?Ԇ^Rܤ ǽiSscaдML03aZ5E]}er %kHD66'YߞF,bC\SR]auxZqa(URe068W}:q*-|R(vdqHg^&D$O!ex)ݬ(b[K.|BX~ZHhFb `L_8fBFa bj^'0VQ$o_ĆՇZ45/aCp1_AT eﱂ>iv!&SXϮ:z۴P@dsf I72 oe& O9'%wd^Dqr40`X! ԥ%kܣt)3A{($]oPג0Z /p.`4_`<& Ƽ=guڟ?` Lt=nӔG~\B 6օV"۰jcI8hWzB뉃L!Soϙ9gcS f:^R0˸ްVdekV=# ]QzحNjN+#̱yD|G kTFWknIDRnv,F̩qb:R`N;Hcs1+wfL35^" lIy֞vd&r׊YS;_d3I[ ;lm.$Gq(zu{ cϞ_ⳏV53 IV"jp m-2Qq9qQ [<&' ߖ7rBmZ4ٳЂ[ph{;)uTa,@eUW'wB3F8YZ5= CNVA D:{/_g<v `BE؝07_". BGc'â_w_O+Yxs| 00;:\1SDy6G