container-selinux-2:2.28-1.git85ce147.el7$>m;GG$.:f+2>?$?d, 0 X (.5K       @ p    ( #8 ,9 :>@BGHIXYZP[X\p]^bdUeZf]l_txuvwxCcontainer-selinux2.281.git85ce147.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.YLc1bm.rdu2.centos.orgCentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : fi fi #define license tag if not already defined&;0KA큤AAA큤A큤YLYsYLYLYLYsYLYL093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5dfc6217a38cd557adbe6ba5b7e219411cf816d86ad270db71fed1fc1d348517d1b2a0d5a43b7cf591442d0761acde6069371d7442a266674701fdb57317851e65rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.28-1.git85ce147.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3YdYA@YYoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWDan Walsh - 2:2.28-.git85ce147Lokesh Mandvekar - 2:2.24-1.gitaeff029Lokesh Mandvekar - 2:2.21-2.gitba103acLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- bump to v2.28- bump to v2.24- Resolves: #1469792 - built @origin/RHEL-1.12 commit ba103ac- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.28-1.git85ce147.el72:2.28-1.git85ce147.el72:2.28-1.git85ce147.el7 2:1.12.5-142:1.12.4-28container-selinux-2.28README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.28//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !#,Q?M]"k%xĉNμ5#+mz qs'Rt`% _qtxmDǹ|>G=?k/X0ʀ`Ću[̖*Y\Ka6^W4:g*Zp^jTNjm'1Mxՙa&Gy>c} ^rI[,*{9gvM9f:iY\sMQp"<=gp:Ӕ 0WOT VգiޞOg"-TTpNBju/0ĸ&'%*_M)$K Mz1Rnt7p=MI 2y\nioe4#>JA{y|{aݷj}! e6B>G99d\^O d`*,Oa~B_jsk&(2 qu4n Yoxި.3Q*T[o 3rHvoXٔA<_=nq82T/ۈ^}LXPvCsZrCkáGBٲ-RX! =xI%ܸܝ!XZ XeGϚ]w1}nli"far/:RzZKioP ݪAcv6&37eA$2c2V>;RZV<]<8&驆" {1(Np\ZUHIݯ;Jy^#j1ρ{S_cA7)RCh7,mz0=Lm#?krHWN|o5 xGכͰs @@qnǂR',š-!SFl>RVh`&j'BnY5w1d qmҘr [UE #Еȯq>'kr>y!Pt>V?k^y f_t$hhf郾c_=ukoMTO4P鯈;;:Nhó,Gr=VV#B}b)kK3sR ڕHfHgrn{rKPϹZPۃ`yO70AXIr3G7H5Qs+4Z-vfk.U#/n-Pb1BK|i೔2h$ӌy8SUAsږ(盿%\i8j+ g(5NG-8d{L1Zp"ir 4ʕVBDF򏅴)BhP B fE`O,X.#5UiJ!bTAKzi]BB1'>ub5*D.zIU->AJWQYVgc9bpZ`v-1[94S{@)ygY1u9Ghb]E[.bL!FGP]Uc@?B-p'y%6ܚd.NG赸ga$!nCiϬ/̸~J|_ש"6t8ku@@@pPTLYFHl.V޾=#&ii]q#5AҖM"@8To>xmC:}$SPcS |ӎ$a3bg&֒JY ɢw@ꞎ"&dE(_Σ)ʄNLQ4}he>up-  "5^cM!XqH훫W%=shYK6ຯg:tO]sG>L_,BE?'ٚ{FaKjّ'<[𠻦ѾQŒάΐcWD^A_T:_8 "UF;S -}?  hjwT^h_FKˏԠYAXprlx c :t)y:\]Uv[\!K< kom⥙XװЅ6tе}lcMGkMJ~&Ͼ( m,_Z\;%F< Xf\r[^\?-"wxbQrnDMejg&S œJP"2'W;l \zcE~?l} qX d}OBZM\a J4O B)!d[xܗK8"*P+mԂVIwWۼ*='T\IY@.J6R.[:9=}%E̯i1|U2K"fb){Pcҟ2(sǙo}h$mQR_kyuA'=aNj0 lv 6H'sWUN{N)PZNZ#dG3׮]Ԍ)I~?U 7V:6IHW[un@͖06"9kebwISWڄ-W*\xV)e8i"yxhTɬ(`5!͟z׳]~0_\;ıYDZ ILB{>@)OsG .Q) q *1l 9~Fo{60c~ɲ`"wL%}0Ph۟wq9Ap__.yzFZpWG'_?8( o#NizSΡ/m(rt,<׹Z-_JCXi I"EkIjPs|siMy@\+=LSs=ϰ6)p&V_< a^-ug^1))W8Bkyԏ]Ȍ0*U_Yi.ywͭFZB ާ.su^~9ksc~ m)K n9%^xr<S6HgQ(kQ7{7.1hxӢcnTQդaʼ8c):vZKsQ󺨷 Sn >͂=a+& _% Q]Y Ovĭ巳ڷN Uգ@g2`<djTU| h/9 {Mim>h] B. ?įiUGLs#s}e0Wp8n&j*5RrF{2Cd$Gp )os5Y-Xm`]QEJ?su ]b+t9X˷א?:soT:suJ*Zi&pTlƒmۗi4S|}ͼ[Y~Ì/+[L ň!禱eBG_'vpne_Q ڎF=`|rU`:]exB\o*'|`v xC*-*dn03M^չrfh,{JoOh`1ů/U :@y͙K-3T2Zώ GDlSdSc XrnzNu,pQΠJ I̒E&13ė__N u KPARGc1-wmFxb.QTAMmy!'vS"w[[B76x M(BA"?DNnA I|c+3M檔G=LZR 3be3`~$x>"J|`lJoXN.Z#R5?e[Ǡ$ BS=-F~E/![~=Hԓ-–.l=ezN ,f mG,-lU]A=`Fմ!@I*~/3K ;ΰ˔kѝY\-  Į5[] R4P!24# [5S|!ețMig&fH#*Q1jH_k%eLo/ą[I]MsC4%9Mt0M=KY૴^Ix玍 Y w1 s|z{6ֱLKȔ!G۫E1Zö2P$w5dKE"ּ+.E&l+λNzl7D3\b`*g\${sL|<FQ*05hq+eӣU ãׄZ !wHjgoKNz'雹JaMvƒx=|jd컸L93'AIdQjNMϟ81D|o2sbO?l?`j˥gו7=ة%|m/A>P߽؜)!8%/"4tyV@?MAkZ+g[ǪrK+=ie FǗ(DT7~a6PAB!!XytթG\rC>: yj4E-+i`n?K˭}u9+XڜIqQADͨwFo_z'cAv$"='vGS5&IC@;9>m )Lxs^k;/q+fH +r+PNHu,ƲKr?3Jɤq2\Vj>$yĥu#JeH +gwZE;Gȗsm*L/Y\.EEɑl~v&~$ Sx 6^.3.Y~yYWTAf\GJ[cBo3Z :ISUߎ^U#,y~FBsZ _] f&.c"'PQ:S%gO&Gjp-;_v^6ϳk k)x', *#O!7$*jU=i ,խzhgtmbދ9^RK\@I_<MSENr6N,TJѴ\PVCM5/"Nvn(BXuLSe9KCi!x' b}݈l9}A dR3cfC#(v}6^ !mNx^N}`#zr3ӒϦ);'FW*Ov1/z>m_=-ٔA:Og_0A;RbT7闍ӠA (8BGj|H+Y&Q Gi]?P}#3h%oFDZWez$2uHњ-ڣk6z`0v|4!i(車D2ZYsk_2!P, ^_\o,^ t[g9 & nnqTS9gn'-/Nf*!;,vxڟuv[fȳQA"P[H 8ELی}wN["f7\7r1PŸV%l?#QΟ姭}s2Ɇ* ``Xhd{sz:Bza݋T#CA mjn#\`nj_«()I2ώމX){=>dw_5?NdR:{I1OblRn @L=l}mrP'5- yOޅʽ}v|Z&;F$dNmo]]:Q/,oRӁ:6{L(*FP8I(GmБlbֺWtn%n*ugbH[c*ڤ"D`3l<65S,O˜[79)Ma)ɜ cI؎4;*2J2%㤷% _Ga pj4R5XsWe0T;oԖ:Զi"]Es&E-;C 8]rD#]pgBDqX/+1<5j(;_qR%ڡ!y -Ƕ>OM Xik&.'dzQztS|X1!]{!!wXqN"/+8t̎of,^wKp*ߧI+O>V!S'%]_hhC7~=&ƫQ s.};%2&iXM8oxI1*vjװۓd'4:k7vv {LK"`[Q-}(b},N5 Srrt_lɳd} 5f7I-@S6[yOgϒ\jDzzR{6uA,(V$G׼ף$ٸJݐמPl#@C5rRg^]"r:Gme^g6O x02$.T%k5dn,";{Eu*" MB벧9cSj\Nr  $> NP8"_y{f8ZCv'{ƖcsIPy%g&A* 磥,S! nIڦZ A $>w@yJ*N0c'0MA\Y*w'G`Ti"ϭzX֗64^#)YWf4=Ka-VǖS>/FA?b^P?)=2vRI:q{ТtE m=Lt;b-RvydU{YbpV]HZ/q;Tȑ#4l #}SګF*I+Z8|B] *6d+twX^/&i.uHS}V.W0~ bg|$?gdsM&;5R"0([j@A j1Oaטx7pRC+c"vRKPz.k##`j ˴NqW N-Nop&xviэŁ̺nbsAŞ=3 c q(DnܞU.,}Ն^މzU{aGpHf2ز Pb-{t%I|b ]^HY4L|lD)K۱Co[ɗj_ $763uEMc-T´1#~ M\e] :]}ô?ܣqn@T$^ ϸfhj6Z 18NB%V>9+֣B26`A?Dzw) h<~sm橫홷 \!">kGK@_W̊uXFmDW:FeKbolħhR T0k󦴐2IU]$DLW,]fOdZBL_̷ z3u. =l:<>l]1MYr0ώ`B;#FDf|{?K"s ].>@{FNx"#@gTp7.;L b}y^NH:eYDDV֒Iw!сַ'1=c4Tm@ i9ygϠqc#Ŝ 5-xT=F}zJpxm+&읶#lʉUHpbAUFڹ\NCC 쓍<@]'F`r;7^;֎ l% `(VUn;Ww.`x*~˪{IbyBUɩx{ )-_.1 r+"[MNeG?02t4|r/H| `z\!\,CtiR+Ʒ !fFF3;H@E̬ap|O)B F봾f+ ǣA.XXF푨ԧLP1? PT#[.rgb0V@ *ɝ]km⿕`Fjѽ/n2L4t2v.K#rcF<.[&TKF 5W WP$!n`(9uMD^z~m,>?a$݅ K$ڱ9L|v||oDm Xæ(cI/| CJY,-7CD#:m_dW }5XAZ+nX&EUJT ~5ކAzYZUT?N(&5W|FM^tX d-ĎY\-% d[,:*>Pq?tA⌽ŕrM$mR:8D fE0$܋-r&WX<~t<@tm3x*;ǫHv"FC;z w~*Y ϑ|Y [y2Ⱥ,'ijeBzgP2өQ ^`p`QdSɡ O p6ib㣕vB|ix֗ m{ 7x9D0PsF='E)#m PA468痞'm*BO)P)-3fl7 3@K5s􏵍^0_ȑS7;O ބ\}Sr]z+v܆.NO/:@P­m9ڈ3i0Lem8I2jwH};V>_vk=[q3{19ڔ;)g/=w Q_#~K$fbcTEf 7g$s"tv<ƀ6} >`!2\ىΫL3L=X5u-ly*'I]]0@6s i(XgoŒXG߻.8VUx*Gu)[nK}0F"ʑ⟃[1lh'ږGg(x{l:a6%1"7t4'v?UK:E<ף1xD$4I-7;3~`4J[0tGf1zƶ9 ]=L NķvM%7@>t2boڲMR WڡE隙Ӝ!ooaQN,\!ܺTSL9*Vs?tt3Ly[L( ;^>dY3#T@aw {Heb h(tcN{ l*fj s7po̲Ҫz#U˄4’@o؉uߖ|dT&{FfVw|O^@r=j#K8dЂЧ$DhWT?u|ŅFtb뗐Ep@ ϟ,y^4o<}U2>6Az'mz:JV MŇ!p f{ DBFY$}S$JY٣eq$h!72JM)zb&5gǃk7q@{@EecQiVI[jZJΪ HJ2cYr[R |L73R_,|T*,(t_e"ឭ4բYr]8]LԎi+g/[ǪeGLThq bEU8RQ-Bd@$ "zF6TĔ.\>M8XhR03)`fuh׎*Qc[ 6Փ Lu4?]BXjZQ(DrԪUTI+ƾJAb:\Vϼ)h^/=ҵ;Aq`%jX1!xbpsځ_i#6GceU㠡˜S2w{4;:SaڂU۵ T:I`{PtYb*^?6^`y6zEr4)5л=YLJq2 v-މT-}) UȑieWA&̻HS,v ;VyR2zx|el0, yɜԲ'٢&`bC4G9/=NW`v!Im~ ti20vs@W=j5ACeJR@qKϰؖLo2oPO(;Y2%(%ɀ E2sSHHI6ǃuq#4E J^UA+Wz;'2fnra u`FuykK_k.Pظ/zO̠ "<ؓ(rMx9GΪt'vXº؆PKI7,I ||X&8һnV$V)L yoEb!cwC=U[P>-u=M *qoQ'wm#g}Uh/37j (0Gŕ!AS! F l3Ro"&'ߩ^ ]rkP`佬*ta {(H [!:X R_aҮo=g:T}YZhl Hț$5Ui_$"`sTӨ%ǰR?Z<8zmfm pPM0~cvJk,>` ATyJt0\ִ7BQ␡=f@́o)rU_GӇ͠K4:F.^#znVX`;r R,|3/1)EE@9{|X`ˬ7ϧ ָ0 ^X4mm Y_J//r#p6g?UoBgôD1 *.#&j{34 s,~[} K TBm'C;\xtQ2B]6og%$P,Y`A*/pHL {#>,8ǘo cEjL#՛!oq?$Pex` \ JΫNΎEEbN&v+S804Bn;}oh].)|~{%-/J1zIͥāwr0eOqƪNYu g8*[(½hT]l3l'Y³I蝊UcBP~Čl}byOu%~{qz-`HARSO/2:7S6;ҔZ@Z-֗R˦ܢ7lɺ6ίsssG|M_%WcGu3̂bTsMgӧl T : qd\DV}i)f4~| ءsIT]"mi0 Slk ms]]cd蔅3\ʼn}'{N_Iyhy_iYb'>|eGl+(:"ݱ #%"oB;&w2kmIƯӦ2+Wf':Eqq2 Xf)܅^Sy{1 ɐr ,Rnڼ7dZ["]?HF%.yI);z&7sMKrzV`ؒ7.%ii X7m5`d1z-AW [bΜޞzEq{m1GN~EM.K]{qU}#"_]`Qn:k(U (o@.c?3f2}uwMrG$Qb;-vJ}*C}yyr{BU嶣9=3aX?z.=beB5eR~`uNW;:IOvasGlt VUh+mNtfц!!FlՏ0s)ۭnR%o 5'K_chX2H%& ab6уC1X˟ {"Ť4Aq;H1UϧSIm/g,U]˨*U阓 a`/RzQ3̇5U>InK(WfE6%j.WҦ:ᎧZSth{ ЀG/%61?&ဝV v}B4W+v}u[2A!@b)s'̷3X64|b+q&5lÏ2AR?k8IM&D7A cyv:WJYuL^D9>%[#k)+U3<_ΖCxC2i=r4yG%vϫp2RY ٫?sc<$+xʮCf*ދ.VOsfP22S fWkhM`Ũw-`̘HdO=8ה9<K9cmijqP XU673qadv ,*F¿lҴT{rX_[ATfI,0!=T~ʥ <6GFւ06LSTڏ˩RuɥqRȎ'ANI%/;_bzDbHb2wOD IQ`ypyx &g(@"ۢ# e2ܦ&Z^F$Bum)n>KpW\aI j hܚ7ޝ>c/hmoKh@E.ZbCx6_V!?dj>rgKO&@ k$2 Jg'#N(PYIe"u7=^WaBʹIq7J2q,*jU.Ax{Pd] ??buo94aW!@]>   |09^k|c[oZRZ[+D| ܈Q@!&%D7̴ǘjcnՑezlWL ĩtmE^1]*ɂbsP ,3uUτ BlyylgmO6׸Ͽ!?Pۇ ?ظEUgЃ<T]-PYb%xKFBcyR)S1},PD(G>/^|CWʟ! V2V>9 McNS;vL7|< Ax-WdcIj*`v?ab!*ֲ %řDhmp)W6_S5Εa%[@|笉(Vj_s`GyZL]FJPVf~NEzIA02 (6IxPr?,4DS}kQV>lީ^v>rMEyIķ{ƍM4P޴E'R˜Gɒ Z2ߪ4sK;qxԟSm$1XĵOUhBȇEISXqgAE*S&D S&&Gz1r=%z!.B<<\8 \{ `3Nl0hS)T. 4 (;ΰ_>OL?0`|Аx{Uvto:'7x O$),h$ 93)3l?["G#'w)Az+tV>jqL5rzjY};s 8%˚8%IYUZ8vREIkLXoDyNuN1_vjYˇ>|T} @t/9DV{>PA_ŽKs(`b_rUD+o0:9L=&s/Vmx#}+;Mm&yJv)K|{v,/ftt7 \n#+ZQ7 ]7ڦb˃#2V@^z}TOs*'IA