container-selinux-2:2.36-1.gitff95335.el7$>r(| 8%)>??d, 0 X ,29[       4 \      ( ?8 H 9 : >@ B(GLHlIXYZ[\](^bVdefltu0vPwhxCcontainer-selinux2.361.gitff95335.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Zox86_64_01.bsys.centos.orgCentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* /etc/docker &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* /etc/docker &> /dev/null || : fi fi #define license tag if not already defined&;0MhA큤AAA큤A큤ZoZfZoZoZoZfZoZo093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5dfc6217a38cd557adbe6ba5b7e219411cf816d86ad270db71fed1fc1d348517d18f1d39ac187f64de991fd9aa522578c5780a5d4df6dab134d9ef3524c124b6ffrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.36-1.gitff95335.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3ZOZZY@Y|YYdYA@YYoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWDan Walsh - 2.36-1Dan Walsh - 2.33-1Dan Walsh - 2.32-1Dan Walsh - 2.31-1Dan Walsh - 2:2.30-2.git7f2de1aDan Walsh - 2:2.30-1.git7f2de1aDan Walsh - 2:2.28-1.git85ce147Lokesh Mandvekar - 2:2.24-1.gitaeff029Lokesh Mandvekar - 2:2.21-2.gitba103acLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Allow containers to relabelto/from all file types to container_file_t - Allow container to map chr_files labeled container_file_t- Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container.- Make sure users creating content in /var/lib with right labels- Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc- Relabel /etc/docker directory- bump to v2.30 - Allow containers to create files on tmpfs file systems - Dontaudit containers attempts to write to /proc- bump to v2.28- bump to v2.24- Resolves: #1469792 - built @origin/RHEL-1.12 commit ba103ac- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.36-1.gitff95335.el72:2.36-1.gitff95335.el72:2.36-1.gitff95335.el7 2:1.12.5-142:1.12.4-28container-selinux-2.36README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.36//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !#,RO]"k%xĉNμ5#+mz qwՕ^.Y4jS' N XltfsȦNYmGLo;$:\@ivvw.WLiq3*%O[fho(1%}L}*{ :)ʽI$&$bbz@j! B7GƷc3eN7r|iVI%1oRA\8C/9aXFRsQ& ͻ#D/{vQ1T߿.|,91WH8'2C@BgXleqGW/J.ǀsYon5(7EhL]UtњqĨ_ 7_ϞսJٮERXyY84<a@ KYGNː_pxY8g7$bBo1 - wc"LտB4uV!As^aפ5Pp8NH u9DT XuF3[{sK c!}8Q|D]I==q":H+GƥqQ{wT ;KDqJ`V!&=AT}V gL7bҔZ6H 9 ezྉj^NN,S+^ MuA2mcdl]#`gx,*GBH?6>Oa6[U+rF%:.mZ;s|yZ\xP ~5yL )k>k6ܶjrza G^fH&{tjz`z*iŒC#'$ PS guQ*LMchN #_C\]#j 3Ыr]eSm,%v[]טeS?|jy`P U z$` bAl(*byS$@{(dd [?XZyRelö/Ɛ(AoN?%_q8cFԅ@ruܵnY.~"|?D?A| 6B0q(<:yLOU%ΏH ]YGj'ڍxp֔FumL*jU۟wL*5߁Tgs+Bբy `rU+u YpJ@w(j<1@İ{}Nك}1(W@rHE$1Ԩ|E< 2ĄŊPJ7xflC4Ϭڊ/X|d8]eq{b͚"* 4SwށۻJ#X9YwWHaulj4;I[6ߌBμ÷*/:j/: #F}}{MYկ-AMOʅ3=|I| aS˞&%Zjx0_8i -2}B;K>Cn2.sh_|ږP~2y]pf2t8*H7y#'Ra\0^3UvFhYwxB[0ؒ@sqLtLz`/E:q?e#:'{]sXDs!ow-0Ax\ t#/tg*(Q7]jUD}k 퀹%|(Hb=IT/~#}H $h;ڏ2,V8O> $н օ0XId8riK&,UW" -՝ˌ6.\;%ʼ +2.#Λծ)$"z@Ŷ틷Z߀UlM顖O WNջRٓwuq囅03$jfgjq}`zv Od,KgloSN!#Rz3Ձ{5$u,ZsiawF2thC~Bt%z[,K1J䊁LX-q֜cāpHC;B{,THt׿8=.[B@[/Ƥfw5 rE  ģR2'8,C{NtG3_7p)@ Jx=.md.Ke`WP/?4pb*QVBT]o'{YDkuLpY]vhdwQ.hzs Pc:~{(  m|cuW8 A/˄O PPV96^Tt^]%~]~nhA V ;t9yCF7W%&臂j"ۦެ$ Yy6 שXuB/SOhB!ޝ< p#q3ǿ"m16hy..w Q?Yٲ P 2WѱŠVdXJ^Xh!Ҵ?g;|H0pg1ko)l}* RG"]3&cTFx hɁYe+sۚ nD};=&Qcw %WD_t=J^Hnxtꃛ{4RUˑ"U{:[ǒ*,&? #'CşT:n,fڟ0CPy-cE 5p/-.2_/jq❟b7h2يALԴ)%;@aQ1VRFƂ?,/}}0 ."P{0y5"^d YFă{@&pwZR*y=vʃ=#o8_b1 v*€8E.b0b;A<[_g{(v/SlrOe-ճg߰gơk2^QfްY jGgY5 l8^JeD I0-qJPɣ}BQX)[oM}Hw #i %3s9p爲hՖX,bv$!Rb_P1e>oKE.LUWeAoy- :Swd ?B.셻k9pbs\fjc 3GOBR$>`+1 U֙;@Ꭰn<ԞךBõb)>:le 1!y]~iqS=2o/dꊆ_p(}a/ZW69o鹸Q9I_X:aCHlR;I;4xj Δ'mAmE[vaz +Ai`W=/,Ry>fpLle/usz`}_5>lyR%i &&oW7{}Սy<`Ң!(f?P./e Hic]A-5NX~IKU.|n\J)Gfiga\ w)= |K~lu[Y*_pa%.5ۣW&:ÄAh٥Էd f TPɃ볤z %S<j) CS< 1AqqF BFkIK;ц-R`_/e4Q;Z}su(PA.2uqLXn 6@p|:XJUXV݆J;S2^rcZ4*ukA ȑ#)Hv"qGbK^)vm,CE,{mQsTITH/ f:\8Upy_14fA +`ag)=u#iEU\@: V戴!Yxg->ʣ]̥;+SMHj}ڛTrf) @:h!qatxi>ϸQ} 6I]k:LWMCYѳ7㾭qƄXo.jt 9Y:82@ٿ^ TՁuBKLl= @h0(+-q2fI}ܝw?(gx Tpu֮XR8]ywCKu;8 5*[+knFO)w fZP:U"w:@Դػ S 19(C^A <$rVwC*w9&ݾmgR_?mI0aTq;.%p)4g8=qvC~@7d+CT9Oei'?{5rtɹ`QZ`[2RDĵ>``|%wF1\ẩ@,\pQ҃J}Ѻo|S;\QɧE7G,6Y@>G~1u۝'V>u r*_Tv<$8$4"H6 Y=`t(ޑ]hgޒ+j)O"%:z Z.[VHĽt M]:Ox2g^f\; ٕ6s4"1@ @6éդXPUᦖ?xcd(ʘsRbC ^%hwv㷭ʑ1?d6+g\KJ[`K-9 3w FdwⰃQ-} ౿OZj7 ̦$ۋ*>nCS\\ľ6۳ u\l }g轢f6yr2Xh =tGUd5?\# bʣT_P=B o2X%c X;Rn؊S%Wrf/hcQWam/M@gϿR GOJRF~MJ\zx Ԭ|z5V?)HX7Iym5_s$N͒V&gq6xY'2͛4c-|auPK总5QwASɻcw\MjmKi]:fQ08Iuip\qkBrs1хF YFXõbWE=ϙe(&KY6P2\Я1g8jaΊpn>ĤG21XQ !c*A-i:? !I擣{)=?*R?5a^ns~+˛0lx93f|y%'">ߏ|u+1TwYbHߊkFՃM"m8ꉒ2Varky]Q&P69Uڷ+}IzY#fbޕNQ*\d'yVMCۯ_F5GomA |iu 2%ribd2v]VS@@+)#rLG.E}ԟ7 6LelM\E32PNr==dEbu4!yImvE~%.Dt.P8(ۦX=l%UG;u(ExDP5PwewfX =}8IYgwv}G_:jq*DB3L'F!*Ed τX?zC,!!{"J].|ݣU"S,)FCЗ;L킳 $-hS"2|S>81[>&t3i {]kף-?;D3Tsgx4{Mr!P[^ЙS˸W۠2LP jodz77810R-=TlGvhA=ye54zDRIcd L6lmc8WE[Od:`ir<n.D)xSn-\R_R3;j[G%gqz:m+zB7z,CL* *ĥ Vq 6.yLS(EdQR`yOwZ2WsLPcEDBq+3LvB$U9/J v8T%yy:`M() a 79ݘla]yDו[N7u'\ {Z?gp%5)L{#w}c} 7CzƑ})@pKL|QAdκRCA%CֱJtc?C3S*AA-ie7_'Xi&虱͐jUB /;Nqb҉:ۅre}z;v b!()wBՙ:hIȭU9@a]7k殘=QEW&k^aeCw!iW0Rz36($cB=e¦6*~{c.F0>ݯJ.hJ~lމn %n}5I=O Sǭ^_3CHR>DדTi AcH˭6 *A(?:=ãϭnKmxNT z;+Զzdw)/'#x脻}\s[uf*r\|rm7Aī_]'M!}yR1R Lcd%|eqj%8M^|i ^ڙݗ;z8?) 1l"W TY=]@k h_[d.\]Ĥ5h|pAi+08M\MZ;^61S"̿s.; #W˫,vM:A߱sCn)/\yLSh69ۢNd yV*xm]\:I:"3sg5NPhj# [q*3[c3vLH \l5qբnQ"2ӱ׬E ûSa/*j2 (Q 9c/;N6ٽGp Sr5PaxڮjRc,J:=P> d;` &Q02!J(?K ;!4 ښ庾-}A3V1NI3wx0wl2znGCͿC VO ɺ@&%MP_!wT f(^=fBdG t9N<^J2NM#fv)4n:qlڲ?*ѯ)*P7ox, XZBmxIh@La:x7١Nc Pn*`u\AT<}PME,yť\ f^e^y ޙF]wlz==AUTO9?x[ tƿÏQVqsA ,һB\EgzF HR1oj?=ՂxWP˄Pp$\w4x;m |fN* w{ξ}gF`D֭Z#_nsW,P]5ףxR-+ŕ &(V:!O 3X]SyO–OАd.֗8||v"Q'8@kNq7N9M'F<*\JV8`ŚG+V^t6'vzsc:R5u_1uha3^UR}+7ʴa `ޤ|.i`p!v"vikg/.$j+qɶOJ*ʆRRa)c!u Z>k[&)/8w҈$eʙ@wy#dΤXxH}mP%.hdyBO Okp*meo*e`|M `lj&TP)/^\>>YrFpZ<waE!tV6RDmeǹo;9|-]Kt gZrCeuggqrCX 'ŁJ "BN7z줨HLj.IRŦAS$o6_^ضf?Q/sm-$Q^%#Lh~o3;dvJ[OюkCixEm@D[ K6b`0tN5ndd*NnFeFztYGJkxlO` .<}'pynNwZ0잹#0Yle4Ѣ(fZo%ⅽu8"a~`tœ@%)DZifژX CVaq$ߙ f jn~@0L^͆DnHeݡk#+.B[{…M) "t,{в2M&j'l0#k'i?6"/x;G?!'NI캹E|4$#Hy%^y?rriM H0޿ՈApEI[@ maND]%N*yy?F)O T-~f wc-zKe G u7/P\}jer;@ҘUHH'Hg!ʻTJX'OR,hD6Tp~_C gGgG t=x7u[|v.ZjАqq EGTsBV BHxqbqCxm[*;ԧ-M" ҟ(duow.#IXTuwAc .+cTwwGoB&v觳}Ǟza"=вsa뜴, #o)lu+ 2čikgV'ޗ Cc쿳Ř2n:o(X(\ˠhڛM&ҳ2V2"wú` ^;R;uD4vkU`Y ]jKK^@kW9kU𩖅.ӏYh\o.뼘V*fzɋR>1,m6Vڥ甫>v(b+ Wҍ!X STYčS~dښ-(D{‰:&Dxm.+T1d*;\]ǞɈw nOZujm_wc@NlΓcRt6MQ_ط$*9wuݡfu 448q_i,`CV\/rt{Xn PϢL9`t Hl 8% Mu@$+ጲLz%\t/nNCmPK$cSy1sBCɔ0 ^J҂WE3HtSk ZD_a1WrM1*h,v&d3ƾ"L1#w g-~5.J aqkO "=/QFI2Hc0*cpzNj{ UJHqIӘWЧM4P\;cr5_}7&(C_aw\Iy"=99!#4]q;V;7 )%DQ("aq~8<:I{3i⨣=ofĚ1%=PIΰp Fp'/eIlpƪa 1Y6uoSX-UzAcc-j3.:@D)2!X;Ccd@li0bath2(&1Gq)=uʇ.OT+\0 }00{wdy=Cmᯟ;yI)o`Kz8ȪX O"4CoF\?b+%xU'9x -1AlBʇ$"Bxe}Lf4z[&.m{=~6@֝O )9Ndp#Ea)O&LS6Ɗ3A}z1 h]sNe/!nxANFpna+iR`w፜ѮVo4&dHEjΙ6,* E͋ geCv[Msrj.Q Su`Kj=ȶBAz=Yh.[a능m"*?^zcm295Ag@j$bnqPy#.TDK_Oc5 ]R2`WzQB-w=e~Ýb^#ϖ; ҿp~n^`.`5wJ+o.EӘpɣ^e(gxNS5]qԙ( ѷu&C $ R֊>oɔbߌDРa"C߸VCFtD@.SB->O,'E klR|REhrÌu ]Ίo22-&]ֵ/R^GTU>]֏ _*#;,}]zMwE`C߳O'uͤH,Rܤ=I2DLSwkvyf dƳ.hi] JֵgLt)MG5onK7G 7er+d m#lVs"G DH.,;J_wP z}A--n^驶mK2|/~ƚlշDEљ$toE"E$R ҫh"c?UfPFVP*w};LD|&b62nQfy [Yte2A܀ (/}ml< ?J zr~rh9zOֶjSTv>9 k8PQ[fJR}˵l5E>aޚhiHnpZijKԽrZվ^iv._/i(4RA;}}ONY~XX(#rK[ooY@5sț$it XBYHSDL#T9DR_,H4(`1Ba r7EH}j#׋jHz//TAc-nGql4UNѹ@0uQ'9R␱oT7X^g  :C\FYqq,Cqzѫ+exsւa/sX7լtBil6 &YڜXR8Ct$ xP꼶qٯ&+풴 e /z Vͫ0|nCq XpB6q.Yׅe_-@$*\z:W<9If5_ D.V Զ~}yLNP)]~aPZn@|op99v9k_dca`p@Ty;i#d: a2EZwRpZr`ު,+%NvxBaX+5*޹OMw\3 Koۮ'zb[[T}B`h}xi#/[w<%t\ך>uH$f2bSQ[Ĺ,.h163o#MI.QԦB: z O ØƥH$zۛ; zn<J! VW#{[vY`7Ϝ]dD&|lB14=/}ƼY^ehf?, ?O''[fS!sLiP[Bv7S~RR6gdE# hyDlUʼ,rW-T? `㯰|tw98*CKșl-'׌J힭't;) }þؑT u{9_IBG9u׽1 p_G00uPƺ=$Ia]_‹_8 X$с^FLؐC8B)ۉlBFEJ8r ,gLdǓ9im(3Miw1701胵Dձj8ov&aԧ/Dh 2p'|[~p%W3Hk&E($2&?-[uVHkXclXym`Nt>Ae n.a~uyUs1&͚ ]cP %y(u,:Vw"FXUrx5rX0Nݧc07ԯ 8"spӞD͘ثc]@sb!0J T25jBjz9;䷲[eƛKrZC S_4IrLGÓT'ִpTxa.2&zkD%XjlUdCYrVLɁ g`kP:ډ셟fK*#p%=g%agg4ED#7By+}>iEf7IFSQ?XI0r z^V ݙ0>'6}:S?9; K\o Ϩ{Io*١}vN&((6@Y&lV:wXD\KW;#ώ ڼ Ҍ|HC:,R5