container-selinux-2:2.21-2.gitba103ac.el7$>lT}Ɇsw6';A;>??xd, 0 X (.5K       @ p    ( #8 ,9 :'>@BGH8IXX`YlZ[\]^Sb"defltuvw4xTtCcontainer-selinux2.212.gitba103ac.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Y2c1bm.rdu2.centos.orgVCentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : fi fi #define license tag if not already defined&9JKA큤AAA큤A큤Y2YY2Y2Y2YY2Y2093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5db1f941df54f7efedf7ffe8cbd8d8c82b368e07abc6b919ed9ee170eafee06961d41d2c582c66dd0742ffd06fbf9cd497aad97ac73db3cdcac5f31a86e6914dbfrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.21-2.gitba103ac.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3YYoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWLokesh Mandvekar - 2:2.21-2.gitba103acLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Resolves: #1469792 - built @origin/RHEL-1.12 commit ba103ac- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.21-2.gitba103ac.el72:2.21-2.gitba103ac.el72:2.21-2.gitba103ac.el7 2:1.12.5-142:1.12.4-28container-selinux-2.21README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.21//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !PH6RMs]"k%(u#qXPNeR@Qwʟ=t!⼋6a\ycMEZ֜ZCc?mFBg2Umt_52"p?t 8[uv5GE^鄱PBp%ߖ[]ا @DS3촟11NWMJ6H`cDeT F7¬Q۞EXyj]}Qljo֊[OKӀ=j-}))!ǹwdD}}9Ev̄ xgdD5V=!zupM3|`jyetrJh>pvs;rfyv5IpូO$7a %L+U"j ix@9N T;q:9'\ҤK_KIx8g5=ݎr.Y@ +ԃlO|S88$WiYH3b(;ywb/s .RݔpxS#p9R[Q()Y(@V' =\M+fwo d QOLm.e,8Ӕv=~-NyFU{!w)BXDvZxg[aop}+}˂D&@]n]9@ No& M)LxaH0u%)uqI>–艚z\9KVݱFx\d>j8ʉ!eCc&Fpd3N*'~'SDفw8Ni2ZQ "$Q&fgVTw+6kǻ5 #d ! n>O$}n/_ErM!?k BC0ΔUPp|"CPt#~ݒ&qGh&RcT 0A|{hB^kd?7oG]եi{\}Md]a5f<fB.Tc[ʜdT>3Rш8/&ȡn 5hX.?ơzoE+@ELX#7?ĘۉQ3݂R[ɇ,U('/x}?sF6{&2}Ar>rG-?: (륐Bav$8c.`X Q"LXNS;g`$]CqIId` -GòC=5E^s|]n)_z#A6hwLڑ[VQx=xZ$;z]arS)LKSBݰot!!:4\T7^.@[>}Ti1=xN~ԶX^I[p0 D֐曥H9C͂ AϷ `+/ZLW$4jk>ܔG8a|҇,}SE\6o\Cɵd`V r .nJep$%Zu!fikб3N>ȳd `xCl33he`0H(L'K"K1:&M2=8.)陡]F'FXMP䋅ہ `{H۽tB\侖b=Qu^GqO J+[C'lk3g^\@--!8|. 1eE(KȴWj̜=Qs-"@mf3Í2 QV|GbVKN':ᙚM:Ʌi(:/_MɍH];CWP fb/ZmD*$hb٬$[ SOvO[fwr˗]Og(65]v]j5}3b:?Z;=i &3vu=_;D![Ü% ׽,Bag6c! uLVw+zk0IqE23$6X 2#`t[]-+!tia60ӥA*%P淪zU}6;jJVΌR<wT7!8EI]|kP-1C.t/fJc?njG;l uV+#g#HRVeIn:{np|ETty 2$jF* i_+DBKV{o &9vuB wHOui|2d4Wm3tI};5$Wlȣ-C%^Zgh2WY .jDCPV@*#X~t#oZl#'Sk%7A %%!ٝc?=+}b!yOö{{!3ѡmˢU?C m_ECp`kqPɑE]T?}FXݞk9~ p x FX 6dSbAޚsk*f<~lD~36yWٗ }PI8j}_$D"-% _NR 8jre'gTVFy'75Eϴ 9(+~2@=.qhm9$.˶[!vm^O兕 F}E)oUp|LbT܍D r+pu>‚C:\\)\%\o${7nnX$f.Z&rTzӛ-6ʅ=K6 G8@AR2Ouuc1{PJ"kש~PDNI<"l_P\x\L0o^gɕ37c<ɬ?`߆$06e[ƾ-Fu@bRx:ۇ9^H"E|Ȧ>dRiv!C&K[ {r>Q;k\a:x<ժWOu&g@gj@ϰGJ &I'^A؅E}n%OKRl`G/54?zB/`y]E~8QLhc n 9rB+ZdȀ7cϓh$84OZ9m5ޅ:}T+ 5+XBxY#\XLwH)-W4Rrቔ&]0]A׺ql5@u䟨 (kx7a/T1Bʋ8كDru_hZ!Vзau..Tŀ䴴?Nv44Ce|t+D~,+Ж%\ yMd$ (a)ǐe1݉xϿ(9cj\1% R? @C^P݄z hZ/ELVʆ̿f}gPM YLu*'>BRI>$2ڀEzd@nٟ fQTW&ye}ڧ ͹/#S6:[@w$ p- %!LUNR!tXz7W\[@R߀T<Cbۚ0&C& *tR8%#'xb2? b3IV *O_bγbSw6TO&C~ B6y~^5(^ X|zxFAkJ u1@>;E`TJrwٖ$ܥ6oYˈITU%ݕpvwjb&iSi/\V!? yC0UE?.f]@z)b~xo1oR+JQn;RrvAzzO-yP4[^׷K! ~gQ4bCt7;q:'}|!Zt)!cϭ L;5OY>r5џh>7n7&lS/Ś9d?bkJQaLjFƞ[vZho젺o/-eLo`~WJ\ ;?ym=%~SfZ1CZeMu/@KI6m؝ 8:fj' >T4`u&ͤ}fE!8ff6&"_|ZBk | 8ao1! +U޽@f^Thp8iQ|j$R}-j0g1[>Fɨ^a$?-3S9:&0G/cUj#{P1GSI3Mq2ZegCz,ZAX#0}pK} _'S(#yp\ODC.9X%4ĩT}/_0w-"4>MuĵX%IiEIHMmqNrZ#ASs;JvFKKI;ud -ׯ?9lfbj[TPn*y 1m`93*1Ty$(P=ސ5f*Outbʭfœ݆*^OǚN3BgЈBa,9&f$6C]K #6y%L2$<>hXh4[{Dklx; $E_S΢OKBÉK @RB#4 {s~=S dݴ_ Y:7 NSIp2=-ۈ| QR7sQ*d |:~˙%k*'ޡ6N{AhhovnrJZx5Ɲԑ}W dT,H | IN'7u_Eo:Y$/1p7Оh)oߖˣ~#zդv7#>d  zw&N;[]k8C+07#8jR`՟>ϼX$ī5 i%V"+n;YJqq9/b =vqW@Nɕt[XgzK1s~;Χum(< yӣ/Vvw $:͸ ô P(-V?W5>8Sƭ{Jx%kJH=b /忦5 N[,(G' gRĝˎ{0 wδnwHRډPF$CiGsऩ) e0x"ٰL4Pb`Aaz!a$@T}}D`Bz ymXUHWeOz 5vYz*-*vPv G2K,­lTeͳ5.nw ZMtIӢҩL3QF0UWma\w@Jٕٕ[^w{~~_8Z;: eBeh֖ʊ|*rBQxwjNMT'=z0LmdY*faJ&-D<!HhNFP(TbӍ\iD(ȯxG,s~*5$'њW./aMS21A!?ZMD;㪽B[`=\ܒNk d(8Ok=C@);} )^>QoKA"Bnc?cgܭ眬uԩz X]9+︺פwWt Z=;#L>$M7f~hwP (ۇ\[LÄ[7NguYK0sGeG 6sI&{"zh&%5Hu}bJyh=Qٶit5q$&aV5ʉrR4LA>a4D\x']n,'٤1u-<۱Y֨'G]Wq폔ݣ~ 3YG`E_/ U`m hd4 KWxO7tVENp/tQ,t;6<趦L;Dln )@!Gw,7[IWɢ ,2&4чasYo'4b̚D, 0=BeO-ͽ3&A]AoF@!ی)ߘ3O,} mdkx&[3٭lͺRzɠ4A&~]ܜPW+~[@՜=&Qov%IjT"lԾ/|Ny@8c;M|tT.Fs(Mvh.6^R(#$ksmsqdk~lj-;(dC227>. Q^';W<>3%q_Kס`RTzz exZ귎JY?{8?!549wwخXlY%grA4b߾cxh-Edlr~|:RfClBгD060b d!D)?|nd}6"ӆy[dimSo2[E -Y9v}O![rwE#sa,y!ƚG3 uDV9x:RAq5E 뙪aFߓ*Bq * #ɜe|[ҬT`RH"\="ۈ쁶,h9.U.տn8M\@ZYMwI͵, SrG,eAfs>(&8~ v\~Wa M 'uk-4y%nuݒ{'G$s\DIӧY0fe|$/;>elHM}57^Eؼ?&Ls,^zi$f=Sw'wo%Y-6(OOXc fIkc$%ɑAPpNJ-4N@TI'z]>Jsʌ9rURSx ,^u-q^Oq,(FK9Rgu5gzJyРsa˞ef}"JV6泏s:g-\=Dt٬a s4LȉYJ:B$Ғ]|u#k`\˞qìJwuU޷u#r<{\ӁafF8J3kqEkɉ+,x{/nyeT9۳z{{8Ge,dV,gR4H'5_kU*\ І3d?d}4mj|D Ô|Q.1Hl"E.݆~Hڶ 1"&hzL b"l?A ɯG>?ni"(rԑg }\5 G j݂VjcU?>ACk I6q9K6Lo_bϹBǚjF<877R7GJWz ̛j*u mn eDv0q%$}"m yi=֩WL]^ o㛵;Om40kGLU" 07Q-à٭d/ݞD1ψ@>sRogN dZ+3Sɴd[Bl-VWب/gnXwYskJe q F'.[˓.>V!e$0k %CxNW( W 7\>~V?_k8m5&PO҆JK00ĐSS#&HtiÝ2Hy禡cRd:O& ؘNecsxh/7@Kq̈́1\n8UMy2s^)e%ޡB*#܉=`(^f4_d|qT}bR唡o}q0rB#%V&m4GV&ZvVCMSiA0|jnJ6h݈ƩQrmesX}HU81ok}W$!Z٘Nt%K)C‚04QC"]f~py 8}aR>Pdw^q&̜wh&ky+6F3o?C_/ipnZp0 jnPKq׈L~q[% xAh)S{c*eEl_Ⅹs46LTB{/9]azO~"[o7ӀÖp<݇ s'6깭SPPϽV RUz&͝AR{X4XaTk+p|jV^w[ւT|5?ʹ;h+z>` H&J"1vpDˣ{䀤0!ڿh'NlW x pg{{hs!vSnOkk> 0zWBr <¡E$XoI\,eM.Ybւef{ ΀өH<[%ɏ[6|sU`_5ZO%+fdkn 4NUmhؘMm5dUqDI+7ŗ*Os*}y娰HYg+ֻh+zT 7#鄺9\_T?Ƌ3/#-p>K\By$/COg.4{м oe/(ω="ۣ 'a Ƈ-ܢKSܻ&q>%:qb'*oqH%r k6z"C9b$;bT%1/'Beoĺ+cغtI:Lu PsK1u{ܒ̮֔]kG}^j=M5o}پp搟Co5فbb eݩm +:=t ?FPVnn]21ZjL "9Y XRb_J$tNܿD5EŬ|cHQżiIU>KyD ̬Ļ sYlq3b{ׅQ\jDvkwݖ ^u%Ȃ2XxVş,2є|uoW9C> _ BSy0gb-HAr}K "xNӊ\a?cO;'!rlmAdeɾPFےR01Ssz^x$#+E0Jj9u#NFc򥜛At 5$T*Q!fKVr IXt y`9 C (It| rD6\,[`Zg@vq!/NHE)W #cb,~|8ﰥaHR7a(R""BI+ꃏ榾qq8D\H,pMTMG } & i1zHE=suڕ*D K&}l#nO웿Kk \1;R8o=0LD7 J< &1E%x]դH*G!@$1$KY% Gd٤' ~$G. ]/B )i&/w:^.QZmi{xl9D%%&'t|ZKk9N6 )n=D|Ui;ԏ듃ۍBxax๑;ikxHF S-01NaSHZ 5Ŷ_8CMd)TS9<DZC%4ڋ``L)TRMQ-rx@-Z.QAaZ'U 4.!86wY=iٞn93OxyB_ %6] fv9] ]Kb;|ޔ@USl7$j]V1gk0^l ĸڳ<.z׃\)6ZQK:DXɕSh~݉ +-G &'8%#(X i)7(nI N͆oZ5h[ܶgG˨@8S[s1#1glpb,y! M7CfJg&iE? R͆Ng0BD+f"B0Ң& ZX^ uORƽk!I܅|}`kuD.){]{:u [}RZRU>&x{GW|RqWTh%ߩNJ`㓖(Yy6?X|N2E(I AӏQb0g^.>+.i,rk5PnV8K8#{/hC S ̹uXߔtmًZD]K kgfT!4fF@$%h* v䶅@bqV^oã5n@SWWuݽ7Hڪg4?)?{D'UgYH>L@6ߩqnF/Cĭ?XsvF J/'H5ٸNI/B ybpM_J$ J-WZ r8ɩ[(Gj'gQ$Չ:&f}"&L-cL(zW#H8_zp%ё%#Qs7{S=*PF2ÎPLJ}`f9]QY _Q*I&buF  H$(Ak(ԂY6 +̚sl =Ez{/,'ΦYm|&'zF6ڡ%jbHJ#4+ބԳOIhL>#0ٯ^XB`9-} " I-L`P0N4^4"VɨĻc ]'myD٢)PQ _%O76+~|ٿ|=N zYqJ۝;azڹu/8o=͹ hu5j0_3`&/Q0Nmi)ffCzF<̋}'Ѧ~FxE'K~ŰI Zʼn(`;)-b=r@m溵_/%_Zj0n1*7 KF3Pg,}+I}2N][s}&LaX@e^eg`(g`uuGqB;ºj=e8s\:ͳ54xT$ME{d§i}'ifoPh5 $ TU:y1/ 1:qJ\\:OEas)g}ۊ6MtHHCANGnىpOg)H@+Am0/_Ks`V>,̕,O<}ђ@5+OQ9oW=9'JрKہO,wA+0/KJyk2-mVSLER$\3G[@lpȟz7:e #nO,HK$&cva[8M G`ʩ?LYAǯjHu>zRs >vE!45 L92$pYٗlA543L쭙ZB`.P,AqDZG .8s+N d+W/'[:?$睭)?˂YdhezEdLyb8\ۂx$j:8ϊwx`d`y@Bh;cƷJdL#6C5 ]Ԉ枳 }ҷrAS*v hВeD\2:oXUf./izag@eȰB<إ6 d5sr|^7) N@;R3 .+%2tqsѸ׃|y.yE؏zL> ~Q cWz4L WPN}X'{Yמ|6j~u[ICWfR_R#g"pF OIhP{)?a5&9QpCQI[Y,QkP{NSn ("TPɶ-Ūx>쯯/P(p [*2îv fk{zG ړoĬ(3Yq Oq-|PtU.d`>;3~-$_9֢KB-|mIEyإTm 5|ke\5!Z5eᘖsm- ove8- +`]vD9xWu)v QOR1NČ˯%u` qQUu&HU|_Y&|.B0)hJߡKMa gVKd0םݎ`b&,<m|U[|z RQ 3CʲTav-UyKgSSTn$>ؑ`łf AX$B8t=V(iy_ɭw 88Mj^t2c'QxO/`\fY2jf f=IRBi3l|m=p]7RÙnD$v݃V}DZLH&P&w6E.fmU|e6gͥurF9^Jx`R711z"݄>fT*xXPyW_^&HT#K]OQCۨnb^"οLowAn#1چ,?UJ E :Ob%I\Q)|qV詐Q*`u痚'$XyKCԸeN \g tzWzOl7Zޚ[+8%#^E"6%$ *Ò y0Ϩ+a-1@N{^E4[oV"-{!WLrX%C)(b$#;|>/ZdcR=s<@cƙ\DsBT^gedTe/co\!sVXKvߣRJčUĸ(z?p-03E>,8،#A^\,֧Hj Js#_?!F$w `nU6WtkׄЎt.zg)9 rAMTCuuf+ba j`mp"A`fĠ ,i{U',n+th!1JŰe20Jo`/Ða:^TTmY'iƳGں% {ATMQ}H[[3jK8KÊk Xڦ^ڔ1vO f\f=4 X Xut_aŬRK^.]S*ӈt~ʴĴrEW 2bRsÏ)!*JO`W`x,,ro wgaY,fegHs,Dǟ"9Z& &>.1RsZ'LR%.pi+*E ғF3U ob"-oTI1[=mQ˅bsUvڒWWu@mᣫVK15$.~^ ;(_UDzB4RjԉLBe<[@~3FgP i'7bpf痽Zڼ,h1X5O!؛_Kž3ooQ22el YZ