Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package container-selinux for
openSUSE:Factory checked in at 2025-04-30 19:02:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/container-selinux (Old)
and /work/SRC/openSUSE:Factory/.container-selinux.new.30101 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "container-selinux"
Wed Apr 30 19:02:39 2025 rev:26 rq:1273366 version:2.237.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/container-selinux/container-selinux.changes
2025-04-02 17:09:00.278384006 +0200
+++
/work/SRC/openSUSE:Factory/.container-selinux.new.30101/container-selinux.changes
2025-04-30 19:02:51.474513139 +0200
@@ -1,0 +2,7 @@
+Tue Apr 29 08:47:24 UTC 2025 - jseg...@suse.com
+
+- Update to version 2.237.0:
+ * bootc/install_t: allow transition to container_runtime_t
+ * Allow containers to mask parts of their /proc
+
+-------------------------------------------------------------------
Old:
----
container-selinux-2.236.0.tar.xz
New:
----
container-selinux-2.237.0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ container-selinux.spec ++++++
--- /var/tmp/diff_new_pack.SXzlRN/_old 2025-04-30 19:02:52.262545999 +0200
+++ /var/tmp/diff_new_pack.SXzlRN/_new 2025-04-30 19:02:52.262545999 +0200
@@ -26,7 +26,7 @@
# Version of SELinux we were using
%define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}')
Name: container-selinux
-Version: 2.236.0
+Version: 2.237.0
Release: 0
Summary: SELinux policies for container runtimes
License: GPL-2.0-only
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.SXzlRN/_old 2025-04-30 19:02:52.338549168 +0200
+++ /var/tmp/diff_new_pack.SXzlRN/_new 2025-04-30 19:02:52.346549502 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/containers/container-selinux.git</param>
- <param
name="changesrevision">4244f856ea34d20edb903a6ff28667400a4b6c18</param></service></servicedata>
+ <param
name="changesrevision">d7e420a1166c8bd237a7877f76fa9a0e484a7c68</param></service></servicedata>
(No newline at EOF)
++++++ container-selinux-2.236.0.tar.xz -> container-selinux-2.237.0.tar.xz
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/container-selinux-2.236.0/container.te
new/container-selinux-2.237.0/container.te
--- old/container-selinux-2.236.0/container.te 2025-03-13 21:24:19.000000000
+0100
+++ new/container-selinux-2.237.0/container.te 2025-04-28 16:29:12.000000000
+0200
@@ -1,4 +1,4 @@
-policy_module(container, 2.236.0)
+policy_module(container, 2.237.0)
gen_require(`
class passwd rootok;
@@ -984,6 +984,7 @@
kernel_getattr_proc(container_domain)
kernel_list_all_proc(container_domain)
+kernel_mounton_all_proc(container_domain)
kernel_read_all_sysctls(container_domain)
kernel_dontaudit_write_kernel_sysctl(container_domain)
kernel_read_network_state(container_domain)
@@ -1615,6 +1616,8 @@
allow container_domain container_var_lib_t:file entrypoint;
allow container_domain fusefs_t:file { append create entrypoint execmod
execute execute_no_trans getattr ioctl link lock map mounton open read rename
setattr unlink watch watch_reads write };
+allow install_t container_runtime_t:process2 { nnp_transition
nosuid_transition };
+
corecmd_entrypoint_all_executables(container_kvm_t)
allow svirt_sandbox_domain exec_type:file { entrypoint execute
execute_no_trans getattr ioctl lock map open read };
allow svirt_sandbox_domain mountpoint:file entrypoint;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/container-selinux-2.236.0/rpm/container-selinux.spec
new/container-selinux-2.237.0/rpm/container-selinux.spec
--- old/container-selinux-2.236.0/rpm/container-selinux.spec 2025-03-13
21:24:19.000000000 +0100
+++ new/container-selinux-2.237.0/rpm/container-selinux.spec 2025-04-28
16:29:12.000000000 +0200
@@ -111,6 +111,9 @@
%posttrans
%selinux_relabel_post
+# Empty placeholder check to silence rpmlint
+%check
+
#define license tag if not already defined
%{!?_licensedir:%global license %doc}
