Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package container-selinux for
openSUSE:Factory checked in at 2025-09-03 21:06:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/container-selinux (Old)
and /work/SRC/openSUSE:Factory/.container-selinux.new.1977 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "container-selinux"
Wed Sep 3 21:06:58 2025 rev:31 rq:1302416 version:2.241.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/container-selinux/container-selinux.changes
2025-08-06 14:32:17.961541057 +0200
+++
/work/SRC/openSUSE:Factory/.container-selinux.new.1977/container-selinux.changes
2025-09-03 21:07:11.752039574 +0200
@@ -1,0 +2,6 @@
+Tue Sep 02 11:06:14 UTC 2025 - Cathy Hu <[email protected]>
+
+- Update to version 2.241.0:
+ * Allow domains that trans to container_runtime_t bpf:prog_run
+
+-------------------------------------------------------------------
Old:
----
container-selinux-2.240.0.tar.xz
New:
----
container-selinux-2.241.0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ container-selinux.spec ++++++
--- /var/tmp/diff_new_pack.so6nLs/_old 2025-09-03 21:07:12.200058505 +0200
+++ /var/tmp/diff_new_pack.so6nLs/_new 2025-09-03 21:07:12.204058675 +0200
@@ -26,7 +26,7 @@
# Version of SELinux we were using
%define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}')
Name: container-selinux
-Version: 2.240.0
+Version: 2.241.0
Release: 0
Summary: SELinux policies for container runtimes
License: GPL-2.0-only
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.so6nLs/_old 2025-09-03 21:07:12.244060366 +0200
+++ /var/tmp/diff_new_pack.so6nLs/_new 2025-09-03 21:07:12.248060534 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/containers/container-selinux.git</param>
- <param
name="changesrevision">10cc7ecacd631368e23691a77dbfe63ac6ca855f</param></service></servicedata>
+ <param
name="changesrevision">5997aa524734886d35e187f52de2546f25c9f500</param></service></servicedata>
(No newline at EOF)
++++++ container-selinux-2.240.0.tar.xz -> container-selinux-2.241.0.tar.xz
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/container-selinux-2.240.0/container.if
new/container-selinux-2.241.0/container.if
--- old/container-selinux-2.240.0/container.if 2025-07-24 14:16:27.000000000
+0200
+++ new/container-selinux-2.241.0/container.if 2025-07-29 14:12:52.000000000
+0200
@@ -19,6 +19,7 @@
corecmd_search_bin($1)
domtrans_pattern($1, container_runtime_exec_t, container_runtime_t)
allow container_runtime_t $1:fifo_file setattr;
+ allow $1 container_runtime_t:bpf prog_run;
')
########################################
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/container-selinux-2.240.0/container.te
new/container-selinux-2.241.0/container.te
--- old/container-selinux-2.240.0/container.te 2025-07-24 14:16:27.000000000
+0200
+++ new/container-selinux-2.241.0/container.te 2025-07-29 14:12:52.000000000
+0200
@@ -1,4 +1,4 @@
-policy_module(container, 2.240.0)
+policy_module(container, 2.241.0)
gen_require(`
class passwd rootok;
@@ -743,7 +743,7 @@
allow unconfined_domain_type { container_var_lib_t container_ro_file_t
}:file entrypoint;
fs_fusefs_entrypoint(unconfined_domain_type)
- domtrans_pattern(unconfined_domain_type, container_runtime_exec_t ,
container_runtime_t)
+ container_runtime_domtrans(unconfined_domain_type)
')
optional_policy(`
@@ -1335,6 +1335,7 @@
container_manage_share_dirs(init_t)
container_filetrans_named_content(init_t)
container_runtime_read_tmpfs_files(init_t)
+allow init_t container_runtime_t:bpf prog_run;
gen_require(`
attribute device_node;
