Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package container-selinux for
openSUSE:Factory checked in at 2025-12-09 12:45:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/container-selinux (Old)
and /work/SRC/openSUSE:Factory/.container-selinux.new.1939 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "container-selinux"
Tue Dec 9 12:45:40 2025 rev:34 rq:1321531 version:2.244.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/container-selinux/container-selinux.changes
2025-11-11 19:19:37.671178627 +0100
+++
/work/SRC/openSUSE:Factory/.container-selinux.new.1939/container-selinux.changes
2025-12-09 12:45:42.600167278 +0100
@@ -1,0 +2,8 @@
+Mon Dec 08 08:20:55 UTC 2025 - Cathy Hu <[email protected]>
+
+- Update to version 2.244.0:
+ * New release: v2.244.0
+ * TMT: ELN rootless user has changed
+ * Introduce container_write_proc_files interface (bsc#1253469)
+
+-------------------------------------------------------------------
Old:
----
container-selinux-2.243.0.tar.xz
New:
----
container-selinux-2.244.0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ container-selinux.spec ++++++
--- /var/tmp/diff_new_pack.EKgxyP/_old 2025-12-09 12:45:53.160613601 +0100
+++ /var/tmp/diff_new_pack.EKgxyP/_new 2025-12-09 12:45:53.164613770 +0100
@@ -26,7 +26,7 @@
# Version of SELinux we were using
%define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}')
Name: container-selinux
-Version: 2.243.0
+Version: 2.244.0
Release: 0
Summary: SELinux policies for container runtimes
License: GPL-2.0-only
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.EKgxyP/_old 2025-12-09 12:45:53.228616475 +0100
+++ /var/tmp/diff_new_pack.EKgxyP/_new 2025-12-09 12:45:53.232616643 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/containers/container-selinux.git</param>
- <param
name="changesrevision">efdee4df4e98b5f5fe826b83db5ff4a9239e54bb</param></service></servicedata>
+ <param
name="changesrevision">9017e1f8074db9b7ae026670b0e0216cf53f18d9</param></service></servicedata>
(No newline at EOF)
++++++ container-selinux-2.243.0.tar.xz -> container-selinux-2.244.0.tar.xz
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/container-selinux-2.243.0/container.if
new/container-selinux-2.244.0/container.if
--- old/container-selinux-2.243.0/container.if 2025-11-07 19:23:19.000000000
+0100
+++ new/container-selinux-2.244.0/container.if 2025-12-01 15:54:18.000000000
+0100
@@ -89,6 +89,25 @@
########################################
## <summary>
+## Write to /proc/PID of container runtime.
+## This is needed e.g. to set uid_map or gid_map
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`container_write_proc_files',`
+ gen_require(`
+ type container_runtime_t;
+ ')
+
+ allow $1 container_runtime_t:file { open write };
+')
+
+########################################
+## <summary>
## Search container lib directories.
## </summary>
## <param name="domain">
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/container-selinux-2.243.0/container.te
new/container-selinux-2.244.0/container.te
--- old/container-selinux-2.243.0/container.te 2025-11-07 19:23:19.000000000
+0100
+++ new/container-selinux-2.244.0/container.te 2025-12-01 15:54:18.000000000
+0100
@@ -1,4 +1,4 @@
-policy_module(container, 2.243.0)
+policy_module(container, 2.244.0)
gen_require(`
class passwd rootok;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/container-selinux-2.243.0/test/main.fmf
new/container-selinux-2.244.0/test/main.fmf
--- old/container-selinux-2.243.0/test/main.fmf 2025-11-07 19:23:19.000000000
+0100
+++ new/container-selinux-2.244.0/test/main.fmf 2025-12-01 15:54:18.000000000
+0100
@@ -29,6 +29,6 @@
- when: distro == centos-stream
environment+:
ROOTLESS_USER: "ec2-user"
- - when: distro == fedora-eln or distro == rhel
+ - when: distro == rhel
environment+:
ROOTLESS_USER: "cloud-user"
