container-selinux-2:2.33-1.git86f33cd.el7$>qo="(>??d, 0 X (.5W       0 X      ( ;8 D9 :>^@fBnGHIXYZ,[4\L]l^bd1e6f9l;tTutvwxCcontainer-selinux2.331.git86f33cd.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Z.^c1bm.rdu2.centos.orgCentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* /etc/docker &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* /etc/docker &> /dev/null || : fi fi #define license tag if not already defined&;0MuA큤AAA큤A큤Z.^Zi'Z.^Z.^Z.^Zi'Z.^Z.^093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5dfc6217a38cd557adbe6ba5b7e219411cf816d86ad270db71fed1fc1d348517d11cf13c63a6d685d84488e64f7e0d8f064737cd3a4d7cd7b16c9ac118391cf962rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.33-1.git86f33cd.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3ZZY@Y|YYdYA@YYoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWDan Walsh - 2.33-1Dan Walsh - 2.32-1Dan Walsh - 2.31-1Dan Walsh - 2:2.30-2.git7f2de1aDan Walsh - 2:2.30-1.git7f2de1aDan Walsh - 2:2.28-1.git85ce147Lokesh Mandvekar - 2:2.24-1.gitaeff029Lokesh Mandvekar - 2:2.21-2.gitba103acLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container.- Make sure users creating content in /var/lib with right labels- Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc- Relabel /etc/docker directory- bump to v2.30 - Allow containers to create files on tmpfs file systems - Dontaudit containers attempts to write to /proc- bump to v2.28- bump to v2.24- Resolves: #1469792 - built @origin/RHEL-1.12 commit ba103ac- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.33-1.git86f33cd.el72:2.33-1.git86f33cd.el72:2.33-1.git86f33cd.el7 2:1.12.5-142:1.12.4-28container-selinux-2.33README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.33//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !#,TO]"k%xĉNμ5#+mz qs'Rt`% _qtxmDǹ|>GlOx6+$%KK}s^8"-Xe(u=A wjֲoy EN.q{HcyGF0.),X7</12"2Dcո#Lwcd_ Mj5Ƽ8;2VN0g2gP^_'ᄡ }mٵ֚c^}I7^zB1mC`můC Dtەin.2.)?zI"d˼ L|&::9Q5'*&?.B n:q/"Z)qԅ`֦L lX[.B~U?"$R,yH4X Qa8)R7F>jV<ATtoV+$oc ;DIF+9_Lj:`"E,̨ }h▵7с,Xd0gdh{RQwzt9sXD3#XjneR|XrK3kBvY! "cۑ=FH.]Jt0jְ>w w+mȨYM l.WsO5\ 8߁OaO+jb3V2L91Gʼ)$oLFhK bH"KA0 r,yFr6@d7Ց/M{%НE̦ZzMԄO^?GLJYvq ˜C FVD9G܃ی \E-^wZ#ڮAβ6=[t Nyp_V]f g ^~rz޴X_wK^3Q~Mtƙ@ESV-xϞ~tqρ`W$)kq4],.hv%uezr<ͪ -TWJlqWl͡J/a(fn7Tc 9$sy$OJhauA/;j[&-U a<9p5GH9%}YlRwZXgG%1O#~jRyrh^Oքicʟ 9?F(*&;i]F9J&g9Ƨ{$|Muټ*xd(Mцud {1W#ޏX O0SA o@+?\ !&o#v[ldNûE^P.z]M: ̧ qQQ\m~ SҨ8 ?W?60u*:#{>Q_SSDA= '?b ˫M6F]k(}HNfgw! g+`MTx+ㄑn9zluB+ҙ0sCwٙY yC7dͮȄ&?#tuIexɕ*mE:"Z؛Jdz@lxcFT">p=Es~H ꣛Au):%ڮt!|D7|=ug2q&ZL<{h<ߗB5'5i|"5Sqh+L+çv:y8䩓> B{4Q,ABx73!MsF62' sh`*CPܚFXZ#а5yMy, Vꬬc < ̨`hdX~'&bxPW}i8NV61RR܀Ĝ~ Ay\=7ճ|6P"ań:ă.Iv, Ry"N#YpfF&_$^57Wgv|.]|oMs6xʫ_X)3LHF{x5! fȷ^CݣKC(.}@#g^1u[4 2Dé-q!z λ׷:19ܖ.E@ߜ@%^dQ'X`jǶanYT %6,X"ʥcWn/+`䮳fiT0b J>Ev, &"gfA6NڧK5P.En)d-GNSBmT=%K<.)~ $Xa`_ H/>eM VWݕH#VDFrhlz;p`1mӗ]a⏾/SI4k?P`;d5FCsxi_Ӛ` ՋVd+prQYCO!+j_`{{@Q| QxS\ֹ҈Q 1-?oʰjhɉaxk0i{<<ȍƺ+!-_G m:D$mIŠL4:h9;YOuX?cuE`|yWC>-Ud 4p_[?Z*?\Z&' ;CkC7zg|}߹D?v :H98^bwe {cHzo,=pH~&2i뵁YeZi$5WJH4pGb#4`|AqV\`6RF )=<[;.9 tMSy 2ִ +Vfz) gbьz" Mˏ:bV\LeݮCTfj>`j!WqɝX]e ʠ&MH:m@M KE0sm aTFYyx;'^,e>|`afO˖Ϧ:%F>(3ydyd6Y]Op[yr/g) F4y@ A8{&BTq z+*@sL'5M`2d`N:\j QȼD0r^au5ѕ鸧(Ȟ_pUz)6+#3Ms}\j}5lQCi9Y.;ݦ5ӆ/mDn7"1d5[񢝏N 5ĂVB5Iq}JYeO1 u*e:4y_FmvHE;J =xd3ZH.^ (qsڠcV ~ha@ϊ* j"fI2GZmW2l 渒j//J_IXk^c^mϤfL񼩡yysa7f=D۾}w('ntXRzOѮȱ, OG_7}WJjT5_7fj(@t3cL}H&*2)7,O4AR#RL$&Tm^>R1ɫS`Z 㸣ՌF(Y/ ћ{D?"q2$o?^T!!*[Iddcnn zAjU3r܂d;#|} FӜgY#۸G _('+1|]U28 dr)Pdz%|Ɓ:V}Sɝދܭ;\ lIGrWͤ REV]Zqo0vEXG0KהTiv`|˟{;V#*c_R9o_;ݖ xAi1#jkR^Ii< -s۠[`=P'8׃CGJ!>B\K[+~u=E$ȵ xhR=0|$Y@YZ']"dDX*LK0TAy#R]`P(ûrB{LDA5XQ]B޹v/fT?Ual-]4'|G[oice8a/:#ڂuyh߬v_O z859 $9~tovV,cuѝM=z?Gd,z_Oh˥X!aQi NF<;&-U7Sаzec:bQcV \'rk[]ogKH@P 3␶}iPcڄ;^]y:c.&N2 &Q"5!2ĝ.m_4e\kfc fV#Q4̿a 7g5Da]Q%*˅}L!H@0-ۗx}Ihr#hhYGw4||fruNgC 7:{Ա0I(}8 }\9|'D[Z*kٸ2<_7;$ |An]9TCYTwI"_vIH"C3 h+Nu|>lx>Ynضs*mxDW~]1[tCWN3G_i<<ѫ%Bu|H\39Pz"MMΌ#q-;aY ;Tʒ^ T}T|z& :]Hni`ف0eSrR;w3o -oY7z-+]/Ɨ1+ Sr;T{bgx0m /Qm].׵\ f!yԐTi3K~:l\ͼoU8 DOΘ4; >JX2%XzLɸZɢD#J7ý)L"}Nk+2sU|: n98NU[eɻ/s,:nFwZ4\[3L"09_](H4Hy^,)pV=r07'6϶9=DL߮wRnu KJ 8ʁ▔`+$43f<(23n}D e=ORQq8fbY<%srg/y8^:-C6*_@ x?QjFNߥ؋u2RΥQ,u:fl"=q}w}"ˑҗC}˒nٹSyD,vcXՋH'U@asU&SUnOK]У[,$M{DcپpBWږ}Uaǫ0_'_'FeXՏ [8BT}h7nOۙW]Кɂy@JQ*b*aZkG^B:=\sjLH;$piuӦvt%c1z.ZW@kN}>OD "? Iqsyh/_,R" VTTX#'"8bb d6B7eyV]1g~-~b4>BlVJاV1$&D1Y+k;12<(21)o.SA0<U`SsC@'?b'aDUDYf]еw?mف-J:q}tLT<"\|cb8$W)mc_PMUd)_(p)ft&tegr#I.&'Fi+p{:(*+lNryB!ygw ylEm N2zﮋ]*InQ1 XZ=m2w?߆kEB5P$w?a-/oR1e.E~1LLw 9"->'^LL0>zt|'FR؏U9 C|ɺ-pWz [-膪 m9`ٱ\ m $}VpQ7.r@iFX֤(zBR8ԔшMO+pi$pHDR…GĶFƬZud F}=EOT2K@p3r-V׳m|*n% Ȱ9JjOHkU!( UudW<_5oqZ n|\!yOjW!0aKN{/ש.sî:7u'H_JҰ_ʜ^*isU&rwRԔzg lmUPpFq!ic*v%:`c7egyw=JeA#ԫ_ -#NbV& _6bfXNlRsdg(GdΦTg!#JaJ5)B6!uAkp=W@ef4[S36왁}tI;Acp)ȑM@u[gk]m4rDbn _ %wn.W ^IyS$2Q*T:\5 ?VJΥYܠmm0?~fv?QC|I ˃$M 9R 2:2|&3&84x?4WGAjw.> aY+>mt 2|j{tnj 1G lWٳ _fm!Mʓ#m,\qxsHFU[["V%\L{x駽A'Hl&:uVS&C!V{IɒRilpG7v[Qh<^* ;=9H!6o&wj?RVN2vo5Y*"\x8|oK3"0>{hI9-Y#X:`ܢ'P3gP"ŮPZ(rU8Y2 [{?*m[}@Nn돻_,6Nr|9sB-AHF_?XY aO~.8Z7 Vf廵Ǒ p$T(p,k Ȱd{M$g`){O`pfl;\sbIckq܀iNW*yd×*sh7^Ui+m,5a+6=h99?=N 3喪Vl2,TC qܕ]ji$L ~Q3s>+Pa0؇ 5ٽzQPg@bUrȶal(uRN| yxcG MFmȈ.4f̉24+JLW4ae '٣Ӕw3e#&N:2[0y!CakSÄۚLq< p)bF#V,A(nb廽\0#@Dy7A!kh+M+;Kc?aX}(]ԈciYt3?ot+6U̠Qh K$&LuB??6Ǝ1LeE-@x2#PqCuDLK4p{o__P>0iz /&ߙ'%9h !\B+]@_&35[K4`R܋ɂ͐_M+;bz9(u -Hd25#ލb3;+?,#т5ZTvK\ `ˮ3fҒO cfh܆asJ|d-2)/Ŕ݌Q& CxeD{/.<57-DO)h[ wھҗCߠII1Si5 sqOA^=>)ٓgvP`+^/a xT"ەVQBQQ'x]~6W<;C$A_9D/BNqkB #Vrm--WSH9̱Z9ANPn*q3ْVɛJڻgkΛ|LeX4(h~tDkSrKI>*JG?">tb\h!$DlrWxrý&їU=iQ}Dr9?#r1gAOtHtzyiOe(z6{lJ/$d>wx< 9]Ce͙(7$)>IWjo)(Irv,eA^2U|@j$?DAq<%hvmt8;`)I&k0^c+t{׌"hL2c_ eng9u0XvN Z,|InFB!m'=*ه'6Cb>Sww>yhi&>ܵ6 ~ʴbtey M__мD * b3 3"Q\vڊL]5#Bq3\u 5s=>ø'`wS1Z]a⹝ؾs՛ΆV(Xo1 4- P(ŇsN,/mE, ld\Q8(76ǖj#Ɓ5?1|珫]FLY2`K-/``P  #V_IK V7lö P-,UPmB  %l<ٶܡ> o\=a{}ܬw>C=hXgLӨuhm0m%ɵ~|<4,dˈ_c,dtMfS1D`(+$Q mZX ;Çɧ*ŻY(Y=şL -*>2&^UHs5I\sI*jPF1H_[ěBhHCI/sWNݏjv㧸_Hފ^6' m|L?2%Vc]G9u#5Q}Nm~T/%`) ,,.݅EILMڀ=c5LwbB梚`i{ $Ƙ,Wy9[{Tห"P)BZ.~V.T"_d?+"MgZ/i@k|#/@Xӊd2+wʿ^=UԎM/Gz"c#a2&CA j!™PF=#m*4a{ĆS ; zT-+y =Tf+TIp؀FƲ'[A}tݑ1y 7B63$/dVK԰$sm֗7AKtuBX<IosY' yb!CBl}G߫QUZ Z25=1r#̼E9HN#8&s*>컗Ϟ@];u+Y]5` VlsxHI9kS.ױTs12ke BP`TX-u<q5Ź݁")D@\c1^w \ܔӞUyGyC`QÂNXXu4y.k}q"KGp.F5)ѪoQz&5V:¤l܀ b!+bJ8nChTo)TLvKjÂU$;l1u:vGUGM:NX)L.&K9: inyrȁzA$4kkf-htQ+RfQ;Ӿ3G< CE|kǯ2#ƶy/=NFfY. 5"_*zԯZ^>g92&T\؆ä;qЉhéaEּ!]OEKz(޾భBhz !Bʳ(Wb7!&;p[7#t{:g_Mnhj1ҿe֣T^^ˇ+|920K UVaźmP LLպM94ӭ2/!_`ICܵ)h-8ߗdۊ $B 2b("'q!(?n9~k4$+y>>˗$5kl 4pƦO©Ĥ3rv_^ReW d'5%P~ybz잫 9 rKT_4)hwrfk.>ϧG_Ǎ\k<=((l9BPR,2 {b."HoeC5T\_>N]yVu(ӷ8CxkP$ ny.s$tj|j@o8"6PEm%a=2{Pj",VgX[n"*&4v)Uk6r ow&vQw8H`$#*~=߂Ƚ=}fA6V>(b{br.]Xţ\A~SM6gi\s+GϷH?Yc[b Tc2 }-6אB SLZq3qB'6PŔ+Hɦ/= y6օe4CJznu 1Ca/T W9>k{m5qfmv?1 @aUnhz+ofMm<\|LQZcpI0ShVz{ó\ktXu߉?=pt/iVXez>(LRX֬kLt[p.pzkpw=9u)Ӱ6=M*x;bS{9JJ&Ԋէ;;(=R&KOeְNa|F ׺pū0eYO#ϷL @URDm@J߇$:VqE [V}"j,`BJ[#DZ#HK!,&欻K:9W#QծG8Y18!xӗB2*޻ FF Ǿzj2KH1,:گ,!QYyRMBrx@C(#D)Q#軼/R;˵.ߵK :c58@Q6Cmv~hIЎwLgg?`隿w9DОm/ft)"hOtB]V}5 d߲|e{tNSlkh;tzt~zrf5[|N ؎/;^:0 G(XDAOe[S?Sb+Qc[ӵe-2 ?`|Fx{$h<~ fg68Ժri@M4Ho+P# wVs8{L.I &y$Ǻ;[,"\DI&o_C##٧=3G逘6=;+l4yV17C4yy*91ǤO<`Fe#ᅀ4tLˣG jj#b, Hx^\2P xtMT}`ENM܁uF`ϓ&P\a"ExaM+/!K`kdn֛&qYsy>IVn#=Lo7Am$ $Xэzr\4b,׾ 㺕c&m}'*m~c˶ \(ЬEĦö 勞v*&7;,*#)x$&^R9㊓ Y ' {1,P)$]n`{PmFuO k}2SlmגkbD.穇<(%c ZOτZ|ҙ):eG&Ύ&*4K^&r5Q7ӻ7pB<զƅ EpLAzf |}KytGn|3fIl\CXquMX4<4ѱ&VsC̿8O()x8/,(i\-͠D?gWm{/fm}7kX[ dy_aTQ YKl75:NY0?snl@!\my 1BHYGrRu)l4$' z.03b}GՙJ`c B qqƧ ޙgkͲkGSmZ ctnR! 4.:7-LjxSYzKoom"j[-0lAzխ#_j!Sj}ظ(że>|}Z"[K7aq8)U3pC7zݽA@/9lA#<W/_8nF}?zlL#@j֧` D™.9VψPyUůx2h1>ofхJDhkdWs;2$tT+ nX`}߿jD(lIYXA-Bq/6Q_5)` jIqvl%ݤwE=><:D4vV0N"%3?D2zcuCsVHwl瞰ȓ FU7ئ82rKYq.>NNٓȷXReƴʶFײՁEiP2ߗ!Ք>brx7R>g)AVxhJc0r!g~-fJK$o-^;LhpUZ2Ȃd X3:-{Q(z//Z;֖ٺ9?S)_0tk8[#x)@UqvQ{=l8xˑA0B b#zj tF'J(0l|U[2 7@H jGw@.%Qsn72 -x"(G̵Aڤ_P9ݪWTbUKX/jG\ F,'pxWbETd`HɧJN<)<_T j _Q#7Q-K[4rzC袎YDBJuKm_Ұ٨Uf 6<(wauO_#?!W_2{ |2gUj^cbT0$DŊ}~Cc:Ȣ ,$@)F1|\'}-.#74B 3t]40l= !\fEQ73E\/y.oZ.Kf Ԉ"#ߐဣ3#!M4yq)>(g$8u=\7k*~.Br"mu  H?&mWr-՘(h&Mo ;DrcIm|A##$J`']{}7)0Lёwܜn_L e=t-LIz F7@hD \/N YZ