commit container-selinux for openSUSE:Factory
Hello community,
here is the log from the commit of package container-selinux for
openSUSE:Factory checked in at 2020-11-06 23:42:45
Comparing /work/SRC/openSUSE:Factory/container-selinux (Old)
and /work/SRC/openSUSE:Factory/.container-selinux.new.11331 (New)
Package is "container-selinux"
Fri Nov 6 23:42:45 2020 rev:4 rq:845892 version:2.150.0
Changes:
--- /work/SRC/openSUSE:Factory/container-selinux/container-selinux.changes
2020-11-02 09:40:27.173613351 +0100
+++
/work/SRC/openSUSE:Factory/.container-selinux.new.11331/container-selinux.changes
2020-11-06 23:42:47.115530479 +0100
@@ -1,0 +2,6 @@
+Tue Nov 3 07:53:35 UTC 2020 - Ludwig Nussel
+
+- Don't use BuildRequires based on shell script output. OBS can't
+ evaluate that.
+
+---
Other differences:
--
++ container-selinux.spec ++
--- /var/tmp/diff_new_pack.IhQI5g/_old 2020-11-06 23:42:47.767529226 +0100
+++ /var/tmp/diff_new_pack.IhQI5g/_new 2020-11-06 23:42:47.771529218 +0100
@@ -32,8 +32,8 @@
License:GPL-2.0-only
URL:https://github.com/containers/container-selinux
Source0:%{name}-%{version}.tar.gz
-BuildRequires: selinux-policy >= %{selinux_policyver}
-BuildRequires: selinux-policy-devel >= %{selinux_policyver}
+BuildRequires: selinux-policy
+BuildRequires: selinux-policy-devel
Requires: selinux-policy >= %(rpm -q selinux-policy --qf
'%%{version}-%%{release}')
Requires(post): policycoreutils
Requires(post): /usr/bin/sed
commit container-selinux for openSUSE:Factory
Hello community,
here is the log from the commit of package container-selinux for
openSUSE:Factory checked in at 2020-11-02 09:40:20
Comparing /work/SRC/openSUSE:Factory/container-selinux (Old)
and /work/SRC/openSUSE:Factory/.container-selinux.new.3463 (New)
Package is "container-selinux"
Mon Nov 2 09:40:20 2020 rev:3 rq:844834 version:2.150.0
Changes:
--- /work/SRC/openSUSE:Factory/container-selinux/container-selinux.changes
2020-10-20 16:03:29.521813228 +0200
+++
/work/SRC/openSUSE:Factory/.container-selinux.new.3463/container-selinux.changes
2020-11-02 09:40:27.173613351 +0100
@@ -1,0 +2,7 @@
+Thu Oct 29 07:52:21 UTC 2020 - Thorsten Kukuk
+
+- Update to version 2.150.0
+ - Add additional allow rules for kvm based containers using
+virtiofsd.
+
+---
Old:
container-selinux-2.145.0.tar.gz
New:
container-selinux-2.150.0.tar.gz
Other differences:
--
++ container-selinux.spec ++
--- /var/tmp/diff_new_pack.lpOhWS/_old 2020-11-02 09:40:28.469614595 +0100
+++ /var/tmp/diff_new_pack.lpOhWS/_new 2020-11-02 09:40:28.469614595 +0100
@@ -26,7 +26,7 @@
# Version of SELinux we were using
%define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}')
Name: container-selinux
-Version:2.145.0
+Version:2.150.0
Release:0
Summary:SELinux policies for container runtimes
License:GPL-2.0-only
++ container-selinux-2.145.0.tar.gz -> container-selinux-2.150.0.tar.gz
++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/container-selinux-2.145.0/NOTICE
new/container-selinux-2.150.0/NOTICE
--- old/container-selinux-2.145.0/NOTICE1970-01-01 01:00:00.0
+0100
+++ new/container-selinux-2.150.0/NOTICE2020-10-22 21:07:11.0
+0200
@@ -0,0 +1,15 @@
+Copyright (c) 2015, 2020, Free Software Foundation, Inc.
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/container-selinux-2.145.0/container.te
new/container-selinux-2.150.0/container.te
--- old/container-selinux-2.145.0/container.te 2020-09-10 17:29:43.0
+0200
+++ new/container-selinux-2.150.0/container.te 2020-10-22 21:07:11.0
+0200
@@ -1,4 +1,4 @@
-policy_module(container, 2.145.0)
+policy_module(container, 2.150.0)
gen_require(`
class passwd rootok;
')
@@ -104,6 +104,7 @@
ifdef(`enable_mls',`
init_ranged_daemon_domain(container_runtime_t,
container_runtime_exec_t, s0 - mls_systemhigh)
')
+mls_trusted_object(container_runtime_t)
@@ -115,6 +116,7 @@
allow container_runtime_domain self:process ~setcurrent;
allow container_runtime_domain self:passwd rootok;
allow container_runtime_domain self:fd use;
+allow container_runtime_domain self:dir mounton;
allow container_runtime_domain self:file mounton;
allow container_runtime_domain self:fifo_file rw_fifo_file_perms;
@@ -147,13 +149,17 @@
corenet_tcp_connect_all_ports(container_runtime_domain)
corenet_sctp_bind_all_ports(container_net_domain)
corenet_sctp_connect_all_ports(container_net_domain)
+corenet_rw_tun_tap_dev(container_runtime_domain)
container_auth_stream_connect(container_runtime_domain)
+manage_files_pattern(container_runtime_domain, container_file_t,
container_file_t)
+manage_lnk_files_pattern(container_runtime_domain, container_file_t,
container_file_t)
manage_blk_files_pattern(container_runtime_domain, container_file_t,
container_file_t)
+allow container_runtime_domain container_domain:key manage_key_perms;
manage_sock_files_pattern(container_runtime_domain, container_file_t,
container_file_t)
-allow container_runtime_domain container_file_t:dir {relabelfrom relabelto
execmod};
-allow container_runtime_domain container_file_t:chr_file mmap_file_perms;
+allow container_runtime_domain container_file_t:dir_file_class_set
{relabelfrom relabelto execmod};
+allow container_runtime_domain
commit container-selinux for openSUSE:Factory
Hello community,
here is the log from the commit of package container-selinux for
openSUSE:Factory checked in at 2020-10-20 16:00:25
Comparing /work/SRC/openSUSE:Factory/container-selinux (Old)
and /work/SRC/openSUSE:Factory/.container-selinux.new.3486 (New)
Package is "container-selinux"
Tue Oct 20 16:00:25 2020 rev:2 rq:842071 version:2.145.0
Changes:
--- /work/SRC/openSUSE:Factory/container-selinux/container-selinux.changes
2020-10-10 19:03:54.320469836 +0200
+++
/work/SRC/openSUSE:Factory/.container-selinux.new.3486/container-selinux.changes
2020-10-20 16:03:29.521813228 +0200
@@ -1,0 +2,7 @@
+Wed Oct 14 12:57:07 UTC 2020 - Thorsten Kukuk
+
+- Update to version 2.145.0
+ - Add support for kubernetes_file_t
+ - Allow container_t to open existing tun/tap
+
+---
Old:
container-selinux-2.143.0.tar.gz
New:
container-selinux-2.145.0.tar.gz
Other differences:
--
++ container-selinux.spec ++
--- /var/tmp/diff_new_pack.knyGMB/_old 2020-10-20 16:03:31.745814281 +0200
+++ /var/tmp/diff_new_pack.knyGMB/_new 2020-10-20 16:03:31.745814281 +0200
@@ -26,7 +26,7 @@
# Version of SELinux we were using
%define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}')
Name: container-selinux
-Version:2.143.0
+Version:2.145.0
Release:0
Summary:SELinux policies for container runtimes
License:GPL-2.0-only
++ container-selinux-2.143.0.tar.gz -> container-selinux-2.145.0.tar.gz
++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/container-selinux-2.143.0/container.fc
new/container-selinux-2.145.0/container.fc
--- old/container-selinux-2.143.0/container.fc 2020-08-06 00:05:41.0
+0200
+++ new/container-selinux-2.145.0/container.fc 2020-09-10 17:29:43.0
+0200
@@ -1,8 +1,11 @@
/root/\.docker gen_context(system_u:object_r:container_home_t,s0)
/usr/libexec/docker/.* --
gen_context(system_u:object_r:container_runtime_exec_t,s0)
+/usr/local/libexec/docker/.* --
gen_context(system_u:object_r:container_runtime_exec_t,s0)
/usr/libexec/docker/docker.* --
gen_context(system_u:object_r:container_runtime_exec_t,s0)
+/usr/local/libexec/docker/docker.* --
gen_context(system_u:object_r:container_runtime_exec_t,s0)
/usr/bin/docker.* --
gen_context(system_u:object_r:container_runtime_exec_t,s0)
+/usr/local/bin/docker.*--
gen_context(system_u:object_r:container_runtime_exec_t,s0)
/usr/bin/containerd.* --
gen_context(system_u:object_r:container_runtime_exec_t,s0)
/usr/local/bin/containerd.*--
gen_context(system_u:object_r:container_runtime_exec_t,s0)
/usr/bin/lxc-.*--
gen_context(system_u:object_r:container_runtime_exec_t,s0)
@@ -34,6 +37,7 @@
/usr/sbin/ocid.* --
gen_context(system_u:object_r:container_runtime_exec_t,s0)
/usr/lib/docker/docker-novolume-plugin --
gen_context(system_u:object_r:container_auth_exec_t,s0)
/usr/lib/docker/[^/]*plugin--
gen_context(system_u:object_r:container_runtime_exec_t,s0)
+/usr/local/lib/docker/[^/]*plugin --
gen_context(system_u:object_r:container_runtime_exec_t,s0)
/usr/lib/systemd/system/docker.* --
gen_context(system_u:object_r:container_unit_file_t,s0)
/usr/lib/systemd/system/lxd.* --
gen_context(system_u:object_r:container_unit_file_t,s0)
@@ -112,3 +116,4 @@
/var/log/lxc(/.*)?
gen_context(system_u:object_r:container_log_t,s0)
/var/log/lxd(/.*)?
gen_context(system_u:object_r:container_log_t,s0)
+/etc/kubernetes(/.*)?
gen_context(system_u:object_r:kubernetes_file_t,s0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/container-selinux-2.143.0/container.if
new/container-selinux-2.145.0/container.if
--- old/container-selinux-2.143.0/container.if 2020-08-06 00:05:41.0
+0200
+++ new/container-selinux-2.145.0/container.if 2020-09-10 17:29:43.0
+0200
@@ -490,6 +490,7 @@
type container_log_t;
type container_var_run_t;
type container_home_t;
+ type kubernetes_file_t;
type container_runtime_tmpfs_t;
')
@@ -530,7 +531,7 @@
userdom_admin_home_dir_filetrans($1, container_home_t, dir, ".container")
filetrans_pattern($1, container_var_lib_t, container_ro_file_t, dir,
"kata-containers")
filetrans_pattern($1, container_var_run_t, container_runtime_tmpfs_t, dir,
"shm")
-
+files_pid_filetrans($1, kubernetes_file_t, dir, "kubernetes")
')
