commit container-selinux for openSUSE:Factory
Hello community, here is the log from the commit of package container-selinux for openSUSE:Factory checked in at 2020-11-06 23:42:45 Comparing /work/SRC/openSUSE:Factory/container-selinux (Old) and /work/SRC/openSUSE:Factory/.container-selinux.new.11331 (New) Package is "container-selinux" Fri Nov 6 23:42:45 2020 rev:4 rq:845892 version:2.150.0 Changes: --- /work/SRC/openSUSE:Factory/container-selinux/container-selinux.changes 2020-11-02 09:40:27.173613351 +0100 +++ /work/SRC/openSUSE:Factory/.container-selinux.new.11331/container-selinux.changes 2020-11-06 23:42:47.115530479 +0100 @@ -1,0 +2,6 @@ +Tue Nov 3 07:53:35 UTC 2020 - Ludwig Nussel + +- Don't use BuildRequires based on shell script output. OBS can't + evaluate that. + +--- Other differences: -- ++ container-selinux.spec ++ --- /var/tmp/diff_new_pack.IhQI5g/_old 2020-11-06 23:42:47.767529226 +0100 +++ /var/tmp/diff_new_pack.IhQI5g/_new 2020-11-06 23:42:47.771529218 +0100 @@ -32,8 +32,8 @@ License:GPL-2.0-only URL:https://github.com/containers/container-selinux Source0:%{name}-%{version}.tar.gz -BuildRequires: selinux-policy >= %{selinux_policyver} -BuildRequires: selinux-policy-devel >= %{selinux_policyver} +BuildRequires: selinux-policy +BuildRequires: selinux-policy-devel Requires: selinux-policy >= %(rpm -q selinux-policy --qf '%%{version}-%%{release}') Requires(post): policycoreutils Requires(post): /usr/bin/sed
commit container-selinux for openSUSE:Factory
Hello community, here is the log from the commit of package container-selinux for openSUSE:Factory checked in at 2020-11-02 09:40:20 Comparing /work/SRC/openSUSE:Factory/container-selinux (Old) and /work/SRC/openSUSE:Factory/.container-selinux.new.3463 (New) Package is "container-selinux" Mon Nov 2 09:40:20 2020 rev:3 rq:844834 version:2.150.0 Changes: --- /work/SRC/openSUSE:Factory/container-selinux/container-selinux.changes 2020-10-20 16:03:29.521813228 +0200 +++ /work/SRC/openSUSE:Factory/.container-selinux.new.3463/container-selinux.changes 2020-11-02 09:40:27.173613351 +0100 @@ -1,0 +2,7 @@ +Thu Oct 29 07:52:21 UTC 2020 - Thorsten Kukuk + +- Update to version 2.150.0 + - Add additional allow rules for kvm based containers using +virtiofsd. + +--- Old: container-selinux-2.145.0.tar.gz New: container-selinux-2.150.0.tar.gz Other differences: -- ++ container-selinux.spec ++ --- /var/tmp/diff_new_pack.lpOhWS/_old 2020-11-02 09:40:28.469614595 +0100 +++ /var/tmp/diff_new_pack.lpOhWS/_new 2020-11-02 09:40:28.469614595 +0100 @@ -26,7 +26,7 @@ # Version of SELinux we were using %define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}') Name: container-selinux -Version:2.145.0 +Version:2.150.0 Release:0 Summary:SELinux policies for container runtimes License:GPL-2.0-only ++ container-selinux-2.145.0.tar.gz -> container-selinux-2.150.0.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/container-selinux-2.145.0/NOTICE new/container-selinux-2.150.0/NOTICE --- old/container-selinux-2.145.0/NOTICE1970-01-01 01:00:00.0 +0100 +++ new/container-selinux-2.150.0/NOTICE2020-10-22 21:07:11.0 +0200 @@ -0,0 +1,15 @@ +Copyright (c) 2015, 2020, Free Software Foundation, Inc. + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/container-selinux-2.145.0/container.te new/container-selinux-2.150.0/container.te --- old/container-selinux-2.145.0/container.te 2020-09-10 17:29:43.0 +0200 +++ new/container-selinux-2.150.0/container.te 2020-10-22 21:07:11.0 +0200 @@ -1,4 +1,4 @@ -policy_module(container, 2.145.0) +policy_module(container, 2.150.0) gen_require(` class passwd rootok; ') @@ -104,6 +104,7 @@ ifdef(`enable_mls',` init_ranged_daemon_domain(container_runtime_t, container_runtime_exec_t, s0 - mls_systemhigh) ') +mls_trusted_object(container_runtime_t) @@ -115,6 +116,7 @@ allow container_runtime_domain self:process ~setcurrent; allow container_runtime_domain self:passwd rootok; allow container_runtime_domain self:fd use; +allow container_runtime_domain self:dir mounton; allow container_runtime_domain self:file mounton; allow container_runtime_domain self:fifo_file rw_fifo_file_perms; @@ -147,13 +149,17 @@ corenet_tcp_connect_all_ports(container_runtime_domain) corenet_sctp_bind_all_ports(container_net_domain) corenet_sctp_connect_all_ports(container_net_domain) +corenet_rw_tun_tap_dev(container_runtime_domain) container_auth_stream_connect(container_runtime_domain) +manage_files_pattern(container_runtime_domain, container_file_t, container_file_t) +manage_lnk_files_pattern(container_runtime_domain, container_file_t, container_file_t) manage_blk_files_pattern(container_runtime_domain, container_file_t, container_file_t) +allow container_runtime_domain container_domain:key manage_key_perms; manage_sock_files_pattern(container_runtime_domain, container_file_t, container_file_t) -allow container_runtime_domain container_file_t:dir {relabelfrom relabelto execmod}; -allow container_runtime_domain container_file_t:chr_file mmap_file_perms; +allow container_runtime_domain container_file_t:dir_file_class_set {relabelfrom relabelto execmod}; +allow container_runtime_domain container_
commit container-selinux for openSUSE:Factory
Hello community, here is the log from the commit of package container-selinux for openSUSE:Factory checked in at 2020-10-20 16:00:25 Comparing /work/SRC/openSUSE:Factory/container-selinux (Old) and /work/SRC/openSUSE:Factory/.container-selinux.new.3486 (New) Package is "container-selinux" Tue Oct 20 16:00:25 2020 rev:2 rq:842071 version:2.145.0 Changes: --- /work/SRC/openSUSE:Factory/container-selinux/container-selinux.changes 2020-10-10 19:03:54.320469836 +0200 +++ /work/SRC/openSUSE:Factory/.container-selinux.new.3486/container-selinux.changes 2020-10-20 16:03:29.521813228 +0200 @@ -1,0 +2,7 @@ +Wed Oct 14 12:57:07 UTC 2020 - Thorsten Kukuk + +- Update to version 2.145.0 + - Add support for kubernetes_file_t + - Allow container_t to open existing tun/tap + +--- Old: container-selinux-2.143.0.tar.gz New: container-selinux-2.145.0.tar.gz Other differences: -- ++ container-selinux.spec ++ --- /var/tmp/diff_new_pack.knyGMB/_old 2020-10-20 16:03:31.745814281 +0200 +++ /var/tmp/diff_new_pack.knyGMB/_new 2020-10-20 16:03:31.745814281 +0200 @@ -26,7 +26,7 @@ # Version of SELinux we were using %define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}') Name: container-selinux -Version:2.143.0 +Version:2.145.0 Release:0 Summary:SELinux policies for container runtimes License:GPL-2.0-only ++ container-selinux-2.143.0.tar.gz -> container-selinux-2.145.0.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/container-selinux-2.143.0/container.fc new/container-selinux-2.145.0/container.fc --- old/container-selinux-2.143.0/container.fc 2020-08-06 00:05:41.0 +0200 +++ new/container-selinux-2.145.0/container.fc 2020-09-10 17:29:43.0 +0200 @@ -1,8 +1,11 @@ /root/\.docker gen_context(system_u:object_r:container_home_t,s0) /usr/libexec/docker/.* -- gen_context(system_u:object_r:container_runtime_exec_t,s0) +/usr/local/libexec/docker/.* -- gen_context(system_u:object_r:container_runtime_exec_t,s0) /usr/libexec/docker/docker.* -- gen_context(system_u:object_r:container_runtime_exec_t,s0) +/usr/local/libexec/docker/docker.* -- gen_context(system_u:object_r:container_runtime_exec_t,s0) /usr/bin/docker.* -- gen_context(system_u:object_r:container_runtime_exec_t,s0) +/usr/local/bin/docker.*-- gen_context(system_u:object_r:container_runtime_exec_t,s0) /usr/bin/containerd.* -- gen_context(system_u:object_r:container_runtime_exec_t,s0) /usr/local/bin/containerd.*-- gen_context(system_u:object_r:container_runtime_exec_t,s0) /usr/bin/lxc-.*-- gen_context(system_u:object_r:container_runtime_exec_t,s0) @@ -34,6 +37,7 @@ /usr/sbin/ocid.* -- gen_context(system_u:object_r:container_runtime_exec_t,s0) /usr/lib/docker/docker-novolume-plugin -- gen_context(system_u:object_r:container_auth_exec_t,s0) /usr/lib/docker/[^/]*plugin-- gen_context(system_u:object_r:container_runtime_exec_t,s0) +/usr/local/lib/docker/[^/]*plugin -- gen_context(system_u:object_r:container_runtime_exec_t,s0) /usr/lib/systemd/system/docker.* -- gen_context(system_u:object_r:container_unit_file_t,s0) /usr/lib/systemd/system/lxd.* -- gen_context(system_u:object_r:container_unit_file_t,s0) @@ -112,3 +116,4 @@ /var/log/lxc(/.*)? gen_context(system_u:object_r:container_log_t,s0) /var/log/lxd(/.*)? gen_context(system_u:object_r:container_log_t,s0) +/etc/kubernetes(/.*)? gen_context(system_u:object_r:kubernetes_file_t,s0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/container-selinux-2.143.0/container.if new/container-selinux-2.145.0/container.if --- old/container-selinux-2.143.0/container.if 2020-08-06 00:05:41.0 +0200 +++ new/container-selinux-2.145.0/container.if 2020-09-10 17:29:43.0 +0200 @@ -490,6 +490,7 @@ type container_log_t; type container_var_run_t; type container_home_t; + type kubernetes_file_t; type container_runtime_tmpfs_t; ') @@ -530,7 +531,7 @@ userdom_admin_home_dir_filetrans($1, container_home_t, dir, ".container") filetrans_pattern($1, container_var_lib_t, container_ro_file_t, dir, "kata-containers") filetrans_pattern($1, container_var_run_t, container_runtime_tmpfs_t, dir, "shm") - +files_pid_filetrans($1, kubernetes_file_t, dir, "kubernetes") ')