container-selinux-2:2.21-1.el7$>k8 X 9>??d  $ L ")?       4 \ |   ( 8 9 t:>W@_BgGHIXYZ[ \$]D^brd eflt,uLvlwxCcontainer-selinux2.211.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Yc1bm.rdu2.centos.org CentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : fi fi #define license tag if not already defined&8J]A큤AAA큤A큤YYe YYYYe YY093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5db61fb6f2b257ccb107c95db493ee189d0bec377fab7a10de3b853607c6b7e4b14f5be0abbe9dcfe3b2936f01220d671b90d6022ca10bdcfa26e56c236cfa2d46rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.21-1.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3YoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.21-1.el72:2.21-1.el72:2.21-1.el7 2:1.12.5-142:1.12.4-28container-selinux-2.21README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.21//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !PH6RM]"k%(u#qXPNeR@Qwʟ=t!⼋6a\ycME[5-?Ә b_EӉVFSɑ5>iuȊMtL8jEEvgei)áq̴QOawDG TqN9A$ZyF[~5%U:8 R96(3ILHf)ro:VKxҨx50%c"as@jj UqC?b^Ve+:BGl9 U!J3`J-Nht^j;m<@ ~BA >kHͅ3XoB2,YF=|,kuD}RLB1FQ%2nÈ !r,A30KU֨#rWqVkZANk1$zdU&+vS<ӰL@m#C9etS15R{Fo?`^ZzozkYM"ԍ=V}KHa9- R9Pc I'rD)WxAaUJ}:!"q;ޱtS=^0Zi-P| wI!Ec!m 'H8IP=eeTnzSwۉtK,MXI >rvś 0g㷺jf_}|HJ\ZhV 6iz|'UrB_8 }<^mz~S'kGOE\Q:` W+gx]\%$B4Fj3'ϫ ]pbALb2؇dZGp )lki$Z=;2:L!UԶa;>y-P$6=M^0j<5|jAri$8BGjMN[Ⱥܴ{M"/8f]˝u>.9rX=Sц%@ XǨl8DfTԔ($. Hv(?gJ<1SugǙ\ #} @jzu[LN [8J $[Kq[hJj;j*؅ZlvI9jRz'40ÜުWGjۉT( m==ɇʜəO5plقݮV5jMWA^FСrhRކG˳CX>o- }WaUnEԥWLJΕƁS[z}:[L2|T盨.$U'81$坾|8nGk& uZ?AGֶ6Fkh֙ތie P+26;E%fbZtTGnpôZ .>C^]`r8g./?qA96[f_B4eBaYC` &7XDJ$TSI URSQ̴#?1fM?$_acVm]X=Jk2`f"k:4DDlV S:^y8t>Ёzo6H(Vfk;;z8# K(5`G3 ޺v1:`ts_>-"0ç V5ټUߘsFALh,5 TX ^;a5suJ<ͽ3nv$/m"pm K+ gF0C$t#NUbXh]<_ѓ@>e΍%*(Wޞt8SDQcmO+ϊ H#d76lvW θov COLN nKa.]6t)Nx=,80p}~$t(P@3|{ rSڿT۩_oV`v8&cgF  >d$O{7N 珧yj!N>I"_ 'XJI29h*+2)ۣ6ls#r%M97_0HQrA#F!7`v u!8oJeptt":{o8).9R{_KձÅݢt$3g2vjN6hh84ݽL{27*7j[wuMN5b[>'%]d-֝MF?*G csz?z@8󺻘^0v>K_b8/6y݇&KYC^ʰ!5ўÔ02KfK\` *;RK\r6:S*WxiR= ͭj0WdvK_h,Cw+wR63SQzŃ:%UxMgRz/r5OŔ$KU#VlR?8Q G O!Fy+nx 8xŽ%Rx+ mo$qS4'aQyhݦ@8j4Z2Ղ4%U& !r6x[0x6Ac#Ѐl'둑d!gj& !lS`pƾiהH)bT`Kƕ١ 8+g R#m+6EsxbipцP S1y7Wq2ӥF䔧-]&Flm& h4l=gZۦ\p^ЊVäeXnm Mx-)$(Pwj@3fpVW\^#<:ϻC{t ϒE@`QtI?i,9h^ƯdM;IGۆ~%sbOT5XGuzJke꽏M#3@<dټ<{ VaC Pl^øM1ysOg,'D6^}rr+ N&?s;*8@gW\Q`.6:n!MeL# _BW )[膙5{őH'hnHRNb9r(ahnn8GV7%n9tmF@,D<%jZLbu(0ǁ/m?;"fe%cLP3'D0 # 6yGA!KkkSDQ/3fbK,wm_pK82(6^cOxGʣJQ0g*NcVI'|'cR?5NcAxD9q47LGb}&[۹L(g^v$Fgw /-{?!,LxYUWx෢ 0R' cFhPǬL =nHX0TZbSUMPܓL#niɌ5x^Yu3l+=":'&iiNc ?7o ~]1r rnB@ H ܥy<鋤')D1cՖtSQF죰 2+1 SCsy5KfU1VdLJQƀiCոSDc?8Y,:ܞB:UwGQ}lSa?O jyEWq6\ f潩^jXgy ߒK@zb ki g:3ˡGs~ ~ۂ T_]W'V<%u"P sbMZQp.j & o{T< pk0l`#aаxCp5 "H趎u^$Ȭ3)aJzVQ!Dtqd<M;^Kb$(CsF8;ClUg^Ts>ubLZW̔̽zJbdG߁Ju#!AhaRzdTHoeg?9'|4klb2.I1{PnEV kfȩϝo8#c+SS"ZB}M>j__x^gܜݗu$Xj|s $d oj̘Lbev~5ڛL=z~%?R7 4SfN̿KkI4Zj{6P&@NFKH2}Z]}ܘ{Sgh7}Քl .SD6\$ %J J`|i%בk`wBʥnt,3s'mzuY=cRyҙo"թQٜČuxAB%R9|D PwQW(f:?Qe2}2 k)FMT_DzPlZ;Al$Dҍ>W Ʃ`/oN$lѬ4v T6+ -׊i`=H/U͡Կ$@UC^LEa/1Hd(PǶځY,ks{AvD BL@gwAcX771xo"H?n "@?eۅ7o[E{6^޵s+ejz\/ƤU#,ʽM{TU0w?ǭHXʅx&w$e0٣XMꨋJj M$Y^cxA]7zz!RJۗUC(l4D|A7Ɨ1TORZk@LNY+vXs&y`jo uD@p0h#öwT/_ep 4VG [Puы F>zfV_ޥ?9xn3Ik3$X(+*^ܱ%%bE?i~(O'3a<=yV8i) -[Ib4ekEx[l ,5yQ`(3a":R g޶-#?\W9;,<~q'ϝ?Ϯ1N!R儴>*pf{Ļz].#z s Rօd@Px?g0rba iHn!(?M\nח m"5iW߼AU)˵ `gj)LU:o[ ; |~Dr$D7"zCN]UJ]h.XۚTk%3`g'^SMV{;PYxyߡ4K ;VȂ$3QS|N xIb3+1C:>xDY* !+L! ȰyM]]4 G=ם XҢHmͭW/y\ˇHyaoA&FD\{|^BB߷]|vހjƸ T#z(؏r،faEAC[9+㌶SBw$iTYamXC~]76 Oh 6B`8URŽTe62c2#jLWs%;!HTC7}⇷eyBwyl@-|j,Hx+$E} \ctw985*%KZEN)@c@4>aqD T1r5OA2?nb DNm0'(KJzԦ{SJHlP,7w׹PYNvo #_+c~ŻOpM"4v|F 42Z&ЬWx -Rx+Vdiy ]ft3vB쵺e􁯖GKK|:(s]n9%`W1"b@!ksPYRѱĎn>֒ai߅-1X BD*f]`?a0bܔ3Z:`ۚ f*:aX9Z!x5 ϔЭ$ĕXj@K6q58{֋nXp'm^s#@Fٴ+xE!soyH9v#a{5TblI@ #'on*T5yux7 HdEUIKfRxs'+*Pjd̄v;Pa5!NBH=\JS"Q/_!wd^ԨCU#2h;EMnVGaCUoVr@joq[43GǠJm9[s~*Nݒ( Np|tE*!MN &3#h,gjYR3 /svͅnI¯dBchZr[amƆy Mx^O^>l뗦٤-).h)ocHPDzp9  qh7466]r<0k 4w20)Շ8sjPܓ)>ޣjbB" (z:_%nvTTJQuVL-3t̮uLDM %ԥK{_'Fs!Bu>=>UjpyT&[eEW=M3'a.Q/I{Ețx&.&$Ť"RՇI6+.!ȝG.qKD.lK*9IK|vSiE):UlgӮ'WHk:x߄m%F"6e.\`>hzP+(Ċ ;meMPX-l9\tQ}J{OyREr*G_!XOD=Ih ?p;d+ Cy[7 s3zyz̓K.iշ_~rj|ߘVfPKwvs[~n|n q5PRH ,H\:|Pvʹ_V~ȯ['3G9:Bu?^ 6H9 ekۗrAG0?kRNìكu,l] [nO%^1 T,2&S]) ;I!閨k91Qk2(e BEG6N$]`6B g%)~xuf#ɫvcVjAN&p^ j;~w.Żťsjm^QJkHs* ?y MՏuո$@_okWTFYrkDC6•i֖)KngkhW!lA2!aȳt=Y°Fn8WjdB&pp3w&u@B@k::tlm0|3n19Lmö~]ɳp WnV'`鸇i{w{īJדݏPmϸ*:XM6][0<=ĺ8X,P>lI/o_Q=Cq :LGAq^H΃;׶P qMj \YKi,bt {vl%aH6%: '؄-l!DQ≏˲4 rNY.jr5`1QQ6[,M2t6 Tw @z'^h2xq7|}( `yW~i9AotvB„z ȁhO/K51"^TUGNx')MEp1K9+(iS!ve~0. aSt9ש;ڰ`M @TPaKc#LTJ1 ihy ,6g3#l se2Jpg1-U ̬FF"+}f@XqdcQXk_O48[?X$$o5}tRxI EFXӪ%=GhRB_+pÓZ DC4|?-RO3v4\qt&/psj>N^ ~'W,Fx/'t0ihZ.j@n>nYD0P[(S+$l[,ѬybYq_!ˊQ] 6}5oVPw,Z_A}@wo+.X$8=5C(8'W<-/L?11ҞpZ* =(Sbpؕ|O2"6Jk9B<^|2XU\O55IɈxI@=h_ʹH\{'vc^|qUD gj7?3^@^zwt܌<OUx~>TA0v!K & {L3;Ͷ|p2/a]Xa]< K'67Ls ;=6%!QVCV4?M*k'G]~yϟHĺԂ3\62--\Xt5[ė(5~S.>]~uBu Xu]k=$98F-;턢^q,p Ũ%%֟huXm„Y\R/ `bU!_#'QWNO]Z/'GçqMtLB!(M@;#X;ElWb* ~yj}~ڝc׺Ǜm TFT(=9LV'ͼ?%DKM|jG@ d'Q8hGm3DL^,S&aꜬЪN[#,u 﫺Ζ=”hRT5/_mͽ[=pJZgŲT6f^,k~c>=J1xo=Dtj:m[V>׎&̢ ʧ{ҐmRK!a>^,iyO=,{x4-F.s 6W^5j5I锸 fZ+3Tn]7}s@ _PwIC ՐJG >[WLRr8ˋ+ǭTYm })HG< Nf4(ǎer* ׃D8qs]صKxQ^<`2:RKچF|^}}{K I =Q!־&c' ,k_#KJyj?{@F̰n<h^ҙ":ø)&@Mдzu]vf*cQǏW]Qjb矂ڄYCl.AK-[| +%\9ɡlawP?^u"q:)L}d TF:e΢Jզ`=Zn IIY|vqUjNL.@j iWk9 >)Z){{0%%Kxddw3J$fNjH hs8D1dFatMxN{4˯MenI(TFp9xpܓ <]Z\+Għ{0q^b gՃ7Sc Jy f&{J]$  {*B(C*"Hf<\䯮kroB@ ^N}tDFwsZE#9BP|lϊd*@8[҄cKClCݬGg2PH&\ߩ֛o٬BYqέ+kWs ſb{ jR:kҏ^ṽpյ/]1h@uv'=rHPWS1-.dmcCSsBUh[(;K;<yD"oJYGwQ88^wXXz5>Ser ]3r{(P'%WDo wJJP1l(8`9VMYAhi *薚Tft'Ǫ8ʏ5m[}\#*#Kw#/i`Y͏t`ްaĝSgӐ0R>%`_i ^ӐrjiвȭgmAjW@>k]tmܩpz|w;xgo;{$R=x8 |Qd*EgV~S~H fʞl!+'m;[vs,2Sj,60;ҝڍ?<ʞ5jOq"fQYBdWJs_`>ͣeʆ0}h,ҥbbB%wooI|*lQa]b)OF.(T~y`sUuǂlQM~^n*46ۃ=<\cpa,8X77]lRM}ǯܨNF;>.! (]P˼|ΠwڟHNw ZNٻ 1TO\Q1_4Mv} K\m1?*Y} h .MEAPQ9YR (g^(4HsܴH?u="qJ{dXcdi.Ӳ^TTUV5S18ҸbӍ+9 F,ڭjb[;hi+maj+ 覇mX1˼&!c˖:#( Y"S3c%ʳn/[)-"T˧%j9/\(~CIܦ5cxH -jbhI`GwڤľYǚ}_h}ځ3RU%{+U9z({CӗZΕPAm=A4Lt |tDpNwtߊJj3v!̸4 a*WMx3P3CFT'xƣb;`-p.+Y9~.q˩H]{q5st4uWi5cDImȦ,wY %/TvXFTa[+JD;Sğ n!5eg| |P\=ȣ<~)i Hu cBE.%0qjjZxM׬\u x<1\3 s8C dg+&fOygH<UTM#vf 6> $+N d!_D[ePvσ?ȡP9gqAB:%J>i`4'ue^S9>25Eҝ8DkbmDˏ/Iqq4yi0m ubF25IE+NOEeܛ!pcGFȾ80h PhYK 5|{B|}Ξ("nuH]Dk9`T5vu,c!2eG"1(ېwP61Winq…Mc 8_p|{ ̧K  {ڦ̉ |,Ȇ؊[¶NͷFt:9C4%"[UL~Yu7B汫Z㌖h<:f̧||f_W"gAw Q$f 0rU9KfT턟m)3OQ}G񡯸qaeNjH3:6WmTW^9翃ϩ'q]upVu%]2mdMN "+#l>rwN]e-ξioF+iUw=HXi4bs! ޛ !Vq)17|[iķq܋9OpqlMh5!)96Eq>Zyj@urkd}USQ/ rY ~/z7T,0w܍)YS]UmhbBn/N W!_yf9rh㧭`%0ȑ"ll$Ι! "b8}K9{5yۑ:rB: sj~PqLZũ 3_gǶvh GϤ t0^aճi-~^\QYҔmW/>38^;rACS8:cA xWH$XEWY0.ˋ" E /XHSNySMiFp ,9O3[7_"dlw tpD!cX xS ֢>,aȪiܻ+2G=+fbpnHyz{R/XhU0.Q6YJD-_ )V.$pJs*97,i wp7 4 AiC%sN+#ߺГfpgz|#;-\ܘJ푣|T[,$:j5$q: [tr|Ժ$CPx=VP 4F ՞6e!iO`g"wuׇ:w}<)E#(h3y59~Ca!5gO\n}MgE9Mh%5 5RN^v跳(\ov+b[%'z:hy݈ܣA0;Ԑ-Řlog%4-eѸ5HB`A=CESOOWhy;l%֌ xƬFjW'x6Q%v۽LOϑOp(},*0< DMPKz_LnXaͽ_' OL7]:cnΡ޼ix ̏rg@Wv]&+]O-(` F67ޒ4z3uTV0SX*HxҢXvxqwgI~>$' Oj^02n<'b‹i״ؽ b~7]>'Z& [@;r1{%tɜ6XཔfHzvx@EMVK,TA8А2b͝;͗Z8bG~TS:.mVP B:я( ".4d^1qm1fH!O M17Y So~D' H2`-L^|0{F]k*hjUV'{Z2w9S L*JaxuSu]v'uօ&+1n Ҧ{y6h-$D2\ *bp= %lTbۨ}}^lY,mbveH:4i2}o,x@tn5-i& rka|_^A V^DUCجj`;J̳lmZQkU8Q K&Aw׈9rO Mq0\*"Rm}l;=1FԌΪ΃ Zs:NXBOZ_CWv:7~ШEK__H7 ¯2(tI$oZF~/`3h)&<QGS]{lт|)_>^*$ocMl¶ YZ