container-selinux-2:2.28-1.git85ce147.el7$>mdqQi:Fj>?$?d, 0 X (.5K       @ p    ( #8 ,9 :>@BGHIXYZP[X\p]^bdUeZf]l_txuvwxCcontainer-selinux2.281.git85ce147.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.YLc1bm.rdu2.centos.orgCentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : fi fi #define license tag if not already defined&;0KA큤AAA큤A큤YLYsYLYLYLYsYLYL093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5dfc6217a38cd557adbe6ba5b7e219411cf816d86ad270db71fed1fc1d348517d1b2a0d5a43b7cf591442d0761acde6069371d7442a266674701fdb57317851e65rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.28-1.git85ce147.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3YdYA@YYoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWDan Walsh - 2:2.28-.git85ce147Lokesh Mandvekar - 2:2.24-1.gitaeff029Lokesh Mandvekar - 2:2.21-2.gitba103acLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- bump to v2.28- bump to v2.24- Resolves: #1469792 - built @origin/RHEL-1.12 commit ba103ac- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.28-1.git85ce147.el72:2.28-1.git85ce147.el72:2.28-1.git85ce147.el7 2:1.12.5-142:1.12.4-28container-selinux-2.28README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.28//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !#,SM]"k%(u#qXPNeR@Qwʟ=t!⼋6a\ycMEvF(ۤ1#"m$cە:gy +ջYCaAUu&D2_rGE2/=jA_K,"0@fSb i{+Ѯ@)w΋vbkJŎ#G$7^ [H|}-i , |=٪m*c O?do*9v"kz;#23g["t1I澆A]ۂ}v'`h @\\BZ&x=/2ڌƏsy;s{}֙(aD^$]K_CL|A/MeW9nLN}̈zrV8ln/܁zX"(IkAʋX'f}KjrZ$ IyIG4ݿQp7 m/8bliO v{'0LLY]wTN^cYش'KO' `l ֲ,v<q֔^f2>7f!4ߧoxW_Vԅs5"bfnױB& 7QL%l&푼xs^57aj ]W#ie)&]`urSzt[FIݯ=vʋ_n/SQ4x#E:#B9?GwjBO5*6*mV+ NL4μ iY)\A43r w}NP̟Oxn۹GbհwI//91>Qda5; WBi*PqֵIiܗY~H0lWVOLm;g Ujx7+!=GZe?I`59mP- 99rmݟ4:1K=;%P{~/~PIOt(Ӱ}[&^O W;ْ)br*2Qm㫐 K }k:ՓNRnedlP{spgP ƺ nOy#*Q,E T|^yI "Z!!\E; O[ )Z(s$?itu shcCN$RNT_?>-OÊ1r OӶjʕ@e/;q҅2ݠBɳkmg,cxF0kN+g@$iz(ýmߐGl7νD TS-!K5h 6M멱Ȩ[ͧD505CpMPodLT_Fsų,oةjg@ -IN,i_O ִnLK!֠=@ =Lo9;J2_̺R $J,+C EAkPH7 `#sF>h4F5-%G`ou%Y3H)jh6ALҁ+&gpZ:=GC`~> .J)O?#74&pDO!cLΐa+1Hh5NCYL@zη 8.S|v kOo/Q\JL&h@&u NCM' Kh0t/G|q󛸜|vFH14yZ#ip Vv8!ՐVYgޒ# $dCQǪ>} tdWU Ǎ!$TTzfmKV{ڼ^/-9]m$23D6[6 e _ RZ V{70Q`#XG~3|p^8 kYU#6u; vG,,oc"Uvj[DN0O,ׇ,t r4PR -ڿvNWs2LdƑ!} { `@ˆLNW_}"W]x+:3% ޤWTpfr\?{o\J^LdyU&yIgXk?X`?|}nI0ym'kO@(ބK|NngaF@^Vx%8?jZaOO8Oǻi%KibP쬸adC3)T 4p5-rr R ~E\yOG&)gj*ƋKls)Rd.E3O" V [HNnN,>zfyTCxn6[hmåн) <\t[^0 G·M;tAXuFZG*Q&h zty!(ʈ7,9C5= *dKL|x_PbZ2T׿`Ԁ)9urL:ĉ )%S~{@WA i."ẠX#$s'/L8\7Vs<\֔vM+J1*TӰm&'bSi5=s w!` Joqk{}ׯzrvЉn'-^~EhB3l^/Q:PP:p:T[%cb-wZ u5Ա+q*>ag|HzÉiQ4ul٥1~*HU ͖1^lC5PЏ?eϖr>6W(R} RGZW.CԮcРC!d‚{̄0ۜ2ᥙ㴞)!vg*GA37(Pד ZI-Td=;BF{4lGZIhPkxVM3!$A\0&p¯btLd'ǟ1qSknU W~hj+&:R &W\p .K[45O0+~G~) FвQ/',:YRnUe7WM nl  "οQkl{,t&KOYLs@( H sqYhWb\j< rHSF#<٭*HTn Jc8EͣoljYNo SZ$JFUetH.t< ri˺۷?GPrk1"ܑ!Ew^>b'Z>֝1A qR]~6tl4`=m6")b4i*.q˦}03FSO_yҤh̓ǩl!`b G_•ҙOFmX-3ZQ\U-PvY-&G.^Vkq}[$νg K$}GPKEI~ gY:vhno mrx ĖZ"E@!|smQh'ߚC?9ŗ7Z7w&Wc _ԵV@6a]A-M{i?+~l'ھAwgv4tKTk0Jx,]>< H}O%oSg?BrTUyaȸ w,Ai5ak+xFɱ<\C@T"s"6e|iPe#[ Աs̮Ggl-Q\Ը: Џl"hLOIH46O/%WPA u֝teC/P,X#? Xwn ?|tߓpʹC;P!H\$JG@, ~HWBȯZc$ۮ!IH19`ߛmQuQߕ T{ċ w+"C1Ԑ?{#hL,XQC%!j:߾i+fu;{K N1krw5&fV|F.1X(Q+9]ol;b@[v- E}ͦ¨E/icn׍zK "Bf藪&0N!:qV u'%|oXC&Y,J}i>gZJJu=A dzv9Ť2 Zu!S}j %va-"Tf$}ηK:Nk!=ݵ(\?0v*ذ^58f5 LqlOnQ/&›ż{] /!p10zVtԜ͐1/*pNd|PmN 7R>q.&Wd;@sy3oNcpSx 1 ᵜB5]\0Hln oh}KZЦ6mCV,R^ tI#@6D@=(W|A:ap<.sW;[;1#d2~iȕ/~9^3M= 9y-mxyo no&QB:2 nq8>_O|%^0.0,G1Zi _3B+1=uH bI b 1vlfѯB͕t=!f&6:cbZW^^TI#~$h%XS Mc`$_V Zhb'0) #4n3o$zX*LG(YL_] m!VE.5ZrU/fn OͰ*){"iʯDܥ1C#Ů+HMkC$!Ҭ2h$3OGG8d'~hj.Yא3hPsP/U!7["5}g懑/3vǑR]dSap7)"sB?64@b2SvY11.K?GB`DC-)#3]mL-ra޽>6 ]$Y8k$G+8eZ,`H:%U8cjc~q#_ -N!Qs3ns^a *;KY7Q!o%Xo!HpQMtvwY]e(CU=U?Bz5/yj͙'U]{-[YTFܤ?Ls2'Y:Յ刳rc2"+"FfOC$DĠF׌:3%#HE@5xP [գ^*TnpdDi{V,fĨԀdU3kU|mDcBoJPn#@U,"z/*jł(-;p)1~$rH eksJ^!r[aCQFy|(ٵH(p&Ϯ}8}w"ZŎh1!f|rn+%s**(vFs6S3lnz0$W~v~gc2&uacAMLkɽ#~+0 I~Ic߆ɠq>0YfVkqp" A@'vv31S'H=- (١CmnwpU`*Kp爐_)vtt'yƒΓ^X)THK߂>;51#<;މ"p*v a>hw;xFcљ4Pp(L5vhO[]vg 9UM{{= nA*8ݯg0mxMO` [#ٖSP])R禙Ҟ3r] QY}i.W590f6>8p8S(wc9-uCqRiXw::BNlipBƼxo4i`g'mWhȾ"AGkD J=Nr^jϠ.76'3u ?5#oW::rwK=-5mm'D`|BʫupfM؍‚;4m摒Uik.9ӫk lAt+ FfJa"< ܊7E~,ǫ| ܱ<)Ju(t~3 ؂xtaY7S:9`>DwH{v\+c4|}Ĭ@1멕>_,fa-5fG?*AjG=Gu# 0H)e3.dѫհMݎ XZbDݫ1lenaC샡s .W3g~P}|֜W_/Z0/:=? ´k&-LKo:k'g΋m"݅fi)7 r Eq{5ݕ&Qx \E:oe\8|1] C@yXJ|Q`U@ b-C iYZ۱=r2ş^r c9 =@_Yszѹ/<{ a5놳'}H8CWfk6I*Զl&utˆTAl%2byO{XUH=R0`+6d/M͓il*!eJS6}B-|rcCOVz`p7<wmwIJnEӡHZnav5 | KLweHޓS<~s9؆%-q"sOlhTQ鄣v{κcSvE,NKF]ڈH!,۟\[Wj⦋s@qI@˜ωub)<-+ҔfEFu"du\ ߿W&/xaUrŷ1 87#lC}eQLjl\bs$B \yA~vdeD^ؼX|5uY=4hd ,}/89Sm GTb&^GK;ɳ^.ŝtz?efU*.|nW4cpM5홆OJ@|.F9qHGY 51@ƫ,2L.Eb.aCkd؟I7 e"lSiܠK)Qi 3+NBJ<A*3"/a!d8 3Mj,MG^$ABH&C0P^TMP%Ū/gݕM]~9?yGZDbZeܰąpk+۶WBQG+4elS[*yAex,8[G&x08d3x*b xchBgv3'b'۞`fޭ{>(*P \SI74ə>^'W1hqAmܴQzNS2s|K~ӗ? UA/ ?DI[[v_1. zִ"P{%E+-hۆ3 -º@7 @W3Ìߕ/5YZhaSz}å~ѣX!" ay+CS:G1Qg#.A%zҲ "ޢ gñB2Q-yGQP{_\ɒnʸPΠPOq3%-Ac-sgd;Vu 3".bo`"گAmbttlpU]]&f피Aسz;lspc#H7]! m hd0>X`Qqei)&m2tDS]!Z;b>|o!=Kkk;ѣ/KFsVl(J@(=Ha0f4ũ|:CWہ#vv rLS,hĬZ)| ZUW*ЅvKrZ\`\P/Pϴ5y~-bUX>+-ZY] RG}* p`5ŹHP4bM{y>~ײAggg?hke?4T J:PB>ySK"gZ+IԻ: 6%XKǒY m3п) XA{Ҋ{,: I<@"0ћ#*eik~؆GD*a'pϵۖD% Әv|o}X?UGI0Xkiwa@FטnA ~‰a]JrpM[,˿iُ޸sٗL+lb:igI}#?@gedNy&L^a JA\'xDlAS/v'Y7qajGՅ>0W 3t!^3Uy(gPꠧCM~V.TrR10!ڤz7!ҹ.?hP(XyǀiNOT ,3 -=' 6ynØTSw8Y)"jQ YSTipΟvSUv1Y'[-T6U.xo#~fuwQ^ LΗ:bQ:_o9uN c+skmYifcfF]?$G}ҮVdrH\J |qH1r*q7` ][;?G;+xVdأ-\05%Wι 2#Yȫ/r]MmOm;%wR]/@mo Nۂ&ug?"FR85ŁXO~HX#vV}SUf{wIJ^s .¥~'*fq9AQ,B-Y>pz1Z%*4Zڬ0ixYS*ST)1hp7TҎ!#xdۑdx4?9bRs9Xrō 4Tn"M,sP) na E>l:IYLF{$;N 7唃n g~JD[`;*C<&Šp-*idP0&kN]DtQ& X1{q*<)ٹ@sXgiw+KCKr7 h~#ci1# nȢe9 /6#.ݚ~WZZRݜlK;6wf2r>!fm \(Q  gw~yY/l ,ja(8(*ق^5M<΀?6dpn>}V-T`]޼P6fcyJ yN:POx@K$DM$nl2i+6M3kKJ!W+!CLG%p[/BI77nR; WGXۤ+i~.zv (xKKdQVJmfg:Ŏ0bGu$⟩Җ\ HFŁ./DęF]_JR$7dt7 Q\5}53)W 44$$J^H-`rˊaĢe!p2lya uo!Pk"SHk+Z J6)L.pѸ83AiTsi3PH@|Ϸlrե#=f5Lq-Gń1nsZ,CoqkLYu$c|"?qǰ0 \0ޔʜls4vϨU1Cn~By}e=\n)Yߚ*% ҃?tL"JxIQ4i=ZȣFR]Z\3@h'bn+oޕJ`x+kg»m %e]At: BlY?,C਼|D^Ӡ[x5hwtanܸxT6NW<nnXFnbjO003)VJ`E>q.( o QHh+֬nԂW>/{%6 Y6"y1K_-[',d&$y/Lo۔ K!$ DFu ˱y85m0.o-!2dvb_;{jsWVQ꠵=ax&] Gy15YRtI%J4܃GPFJ*ovSckdGw,NBBsX.(EK{B_HaR{rLRdV\vJ]`,$H ؈i<Ǫ8<&0;60OB0Li(a ~\"XZ0Ӑ'j0f!֕~!l#tUރ­0)qؤكb4ΜӒf{5 'Њ{pt!.UT \!}2' ' |cB]-~[Z)'_ 993^H0 ${ח!nc'|p.}nI>PW@Z؝Eby%`5?#3N%Rk*)i"2vb=xn@0C0($Tv*p 2iL{(pV8bI#յIs`I<ٕk+L8j<8}KiYi}qE4\_g~fNd#*JGfQaV=+p3Qb'+ -Ify֪hpgr|j%@h\xmvK]<)N/UF[1KȊF˙,t#jmȕ5KT)Ri;x \GH}fЊ=Ϋ;3F#XbD|zb.Wücf-ܱ:kP48|egvIcJlq.dCxkҞqm؀P[S}3!aH<b"@֣A V\+ ܚ$8aAtzH;?Ʈa. Щ2T.h+3Ad3+-?%- Rj?2=-!k5 N;.yl%-bub=͇}^f7P"\1[hꇞBh˔ʮ-"4If$LW3ʰnJʋKh,Nap՗6ZW:ĶTaV*1RsϗI?/:ۿHrV7p|KXY9B2ةSrYeDA,Qܯ M{V$Ĭv%hˣֽL}RxfS/_Q/ȴz.6Ԫ6ZmUăLc)5NƔoّYYe 'F$&RS/ºl?Ą(L.rZD)gv:nupqg`V^ޓjE<QHHŸP`6"FWdonF.B^js*|0t+oaqG=\da[3 P5(xC8 ^)m}iFvmjud_[:0$e@ɉ5dtzs>%aa7|%\潰4BFGh/9~Ad8\`"*&~=P=E,m ʴ:Y 7sB(m iPyn2sJ=bZ@F}׼a/kF/]£ YZ