container-selinux-2:2.10-2.el7$>fTqVc?<?,d  $ L ")?       4 \ |   ( 8 9 \:>@BGH I,X4Y@Zh[p\]^bdmerfulwtuvwx(Ccontainer-selinux2.102.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.XCc1bm.rdu2.centos.orgCentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : fi fi #define license tag if not already defined&6HA큤AAA큤A큤XBXXBXBXBXXBXB093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5d4a6bbd5a69c95c97159a8c60fff4ae48607cbf4ee63acf5ee226f15e867ce69315d24f8a9924c5e207ac361fa24340da3bc925aa220acbdfc517a5bcb9dc19c8rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.10-2.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWDan Walsh - 2:2.10-2Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.10-2.el72:2.10-2.el72:2.10-2.el7 2:1.12.5-142:1.12.4-28container-selinux-2.10README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.10//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !PH6OJ]"k%(u#qXPNeR@Qwʟ=t!⼋6a\ycME_#C.+nEG>ZeS|M,9ݠ~VӎDc,bP_j=>&cˑ]%ut:ܪ#?--QP$.dkSgojANr;CNc'bjKѬf^8ץkuȻFBlFHfA[0@/zMZ9?]dbޗ^0@- & _ӋFdT=2 L2.uAI>R'11ϖ+Z:_F=74ڦʷ݊da츏{] H ƗG=#B;E \ @4ֺ*^or7ܴ'IV*$dp칭!' xO)j7SdT}_R~ӻlzt5ာ-Gt7ZHLTXҬQOsn98jEJ t/e:¤gzgkHX†в?CiC*:|3ZKLN5yrwn"ֻ H##Bcs?1ERz,>sXak=vªvI']7 4]|3b@_?^j{x9p^q>Zuzbfُݒ [ם$B0>dЯi7Њ?4ԼM[]z'r}śE[^; v~7(y[ zF@È pg? M31z$j8LX@N!p t G4gu΄uEt+c 6' Ib_VI#@tfl/K7Jc[ojpY4&KkwNK l6w^d ^}ov,Šj[*>DJm}Xwh"(gv 1Lޖ?xd*[qDYyHXАɪ"R8Od(%w 8uE 47ajb9,3ujXFYXN+,gH Ff,c\* $ ֩X_1x V<Ȝcil+Au& R@Ɲ4PQXAywkJޑvvso[j"b@t#SPs_p!`}JL/w!]SɱE쯢Ihfhd ?Spceq({DFO7PUhЧQp~urCTכjmFegv`+As?G2$;<_Gbb3qQFRtYio&|Ӓ>aX_U?sEV/]/{H f腄 pmTqdGmz$~W HyO ffNmVLEؼ~WW+%<@r)Kr>d̍T7"-ΑWqySy6ڎEW b%MVMX*Ք\= ӫeaDKʜ8R-J7j^! 5Ov5 X9#v͈Gj@s+2qBì+tܐ*J%z׀@3NSxc9( Hx@j-X"v) S1U3^1qa.2ؓJnX`Ӌb va 6#x>cL/4I2VivKl 4vߥby/ҡ>/9qǁbTLNrHI J~ S I}z;J2{b*Vf^N'feb/ 8 ~7{e8>h\]Yz¼Cf'B-.D-WΠݢ]H&:x % & Xri8L/5^9 !8}T&(Z2PFN1mNg2i؊Wh.U0-eJn?[I]BɂO.s 0%&Q@fάS"Ђ <[<4ÜFGw(9ߘG* FUM9,)d98+/WDWy4!i<:^ͽR -pB]ab XX5F oz1\rI߉d\$c\_  '^ՊE :$!k>P$ԅNh}m)顬Ⱦ`h:=V.5g@V]@& g16 aߧfJ)kɕWې~0 [ dn&<8V%օ#Hx1֓ZbL*L0]3&B` PP=.&%3jRH<]^O,`$6QmRͿmTTyx Zw^/ i ʞeaKݍ]:ʹ_Alvi]rv|{JF<^2;Woqc"y4ڷ .v ZB~ԭDtw}(7cIw[b߆%;7&%t:Q ,N¦tyX$zӥ&,. c[ 9N~73/!cF)ŻJ9 C\TeQ؂(F&8;:R WTOh8*\v5͈07Tř'O" n:[/[L?Ft0LOjO]7Otgha$/#sH(]-+Hib#aD8}ffpϮF>i-ŭSG@~Bt3=iVԤ&|'C0:0'],[0@Qdi=.QaM!@.xfl8C_?oz6Y ^XЊԬhb6.Ax Yy{V4Nٹ)8Kx X/-,Z!3͙_FVlx֮0J/T.D'U^yoxȫxUi _وΩ`Ifx5۾6S(AWp/\~ˀEeLKkkeUoS2 f yYSgy踤&xVlyuijU$zLUFQhwǍ̔,rUZ:m*%MmjLD*rxe==V4[( #Lנ\貉Jg€nZ9eƨjzS7BTz\d#jz ]T@J(5O }wxXrDld/Nv+@7Af=}rG 28yvMaGu aݩMnܱestmSJho`Mjq.)< d<>ݾ~$`W51> ݰ ^ Q]*yBpE A[^s)4J~YFq1O 'ò{1)fP0j[ @=Q'eɏ>[1Z`%mT5IG<[%52ZGUV,}S7*S@(n|d^O I[ٰDA]oA$1jv;mc?+Գ%Ǚ'Nj a2莳VZx2v#1D 2IEOQ0wp&*4—}c'] 9P3 tM" ML¨J?i6eѶzT>Zqe?ˈY:;K53!/!J͎<`ʐPU[bw.$QimG_-6'RSƻ;ۛ+~`򩿺(YqAgao/mq .#bzSՑ6j/ӿ,\19 ¦ZX;o C Ebg11gMpgɩ~ڃP\pLZSƠb%Bx!ꑍHcK K%{,l/YMd7^c48|#ݸpr3A(~HhcKInd1谓Y<}K?-Qj=rrQ[nDG$6!99*wd̒L3] z S6р.RlB]4lh*!w-4B 0^( ڏm 놺'pFVK:ip"5\-Lʟ$U ,@ڐ%ğ}w/J*<Mr)Sߊ&94 ЎR8nH黭C!,FX !Rيy rRLGIA|3XَWKTZMayqS_Ks,;ڟ1ު5Œ}Ae{,D?y34Z`x CS;'g 'pUc,+5V,?;N63A,튿p]OnI#{<|*s> ]_1PIqI&5\ f9P%ix.琂ޟoLk ?R]󝺇g0k驷Gvk_vkN,Ls.b&8h~rS[rЈev?v *8dONÔFH>m5* 2fW |zT!:G=ɬvȋ3)ؖsy ْ6RO WNɮSsohWmyb-Uس7/G9  T́<(?fůjy&@(vQQ6Wkg"F<Ӱep1f))σu-Lc{]ΡAdD2- #)n OB7v2&贰)|@@;q]v8/RydXҔ?'cΪ0o39D6tlxj,oYZo*wmRpjҶ8ሤJFdZ]}դqgo 稶!O!Pt޲}Tѕƺo) %V;??v#wejMVћD|>9=4U6I,ޣܹbcUnbEAcNHz#hBr }Vn*+Dмih~BDT)8.KfdFPU֪_Y/ m7 GךiE /\*ugZ+H/x˿FeJG>PnIL *}Wya'9#וֹE dF@"UDEbi2QVĺ/ģ?*osxypK ^OGKI{]m"Ym[`f1nr;/[Y32ӄ,>,0!b*Yrso&JZCkU"% P5I'`M`hx(4jQ9ɟUK1ݘaKUyY*r|ϖ";Y왎pSQ4wOsZ[Z9@zܒ4S>b*e, "- ]?ue(|;=b&TŠ؊ZM)7h˫{C8mw 5Ufkxqdo?6Kh_x,&vUm>2G'Hl/) H7XbRYtLȵ3&!qa͛^;l#/x)~=gùs(ԩ|c[w,\+t{oT ,Tr$f _Apaj=pj`=C Pr #7+Wv%4No[-8e~7"<4 A A*7-AF߁6tI\jY5?USj.'bPhU gX^+̆vMORDCg56t9C$ W ݮ1o֐AMrik5Pr ['"ڻQUo" ܨ-mS!b558mE CAmgW}2SvdC_?tP) &PF㍲c t5*ol.0}cr2¢t(p,j\t ϓ}4W@$zkYERHc%m;OR?1Iğe~'۫B,+[5mg=~%Pvu0q׬')y£K JЌ~a.4f-}T"[c /"l7۲e>_ B*?hKyr1`CGO9A]9^-_p 5=$&p,d!&%{ *w&op%..Z.YxKcBxssu;֖c[}I[z{*&< Q\/q"eT'2- ]x}?-03'[v dpU»]̙Lfy,t'@ݧNcI>uH:hr/]/U`a^PVJ:KG禶2Dv<,Л͈f+5دN\Sqb4[b0PaX@ Z̭F.j&p ^fOU/Yp{dfU_,{7Φ/ =%z}]AςY䕳F>zBx~QnkmZ9ĹEQM 5^h ҁn[?.ȹ]27h;* ^!,;p3f P~KQF?Rt﹇ic?0K7btHl [T;p09g!f3]*<ʎQbSv̬bqjQ!݁ n}5ۑ)>,jH@_.* @͐dUЏ'Z2$ms.6Sp W=069 Q9{97_ˢs`|ܑ/qk8TO\Uv"D܉Ul֘{ $[Cd2|X7N6VD+8\/LRcpa<ꪀX C)LNO40@Z{8$gw}]r؀@NiUfUtH" }ymHxJ+eIg; l]A @xP/3'=קPc_?cq,Y sF:{U&iܒ5n 4ZR] I˨I0,dl/g}dYotP 0 ޳,{<&d_WK^dq ~=y\̪5BE=·!̒ ΜJ" P+d$'r[(XY}fԞ%B(ٽf/1=y=.$&N@uevrO/-p͑{|1/b W% Are3~@{X9duחim l :`,6~J*tV 4lA Q߳rCȵĮRZ,ҩ{._/o}w!.&e!6мt [i沯C mK(Id2CV?Gm `;v7:1^U]L)_ DQm6AmxnUM3DlXB`lB7BIwJ>F XUQQӛpGHJnm~ªdb)ZY*şN2͹y5/` zj" V`h'ˈf_+ r~H3dCy߽JTY4/UMxfHڌ9߲GBv 9s"u)؋w-kNz$"w cxY~)üEp=9B L5v6o _$E,_'p&qmCA!{68Oy\fLMkty!w`0NTKt|ǽ/JU1บZ@.tmy#ɳr'hGfK0]q{>#bk"//"U2|(!~ dI 3C@1(Yd Rs'̆ Uzq!uc V r `jVžnYE#iˆ˄8 u9bR[=ᅶgmO?6G QXj1?bO+nh+yڗİ^F?O$ :!9Tj-EbJgma 48V>ʋq}RKٛ׈C!s#&֩1Lz\äBj9diƃ79ރhUB_ɪ[mg,flZcz%>;5ؘ |ELI`PmUAoJx*th4qnX3~c@Ǧ= s#FS=2U򬿓kAtߔu&]xDN^,v2=(,pdy x6%1N1 dWlj"\@~k}[rRsY>c81%ICxkXV䁝&ƒ5dj[݇+yW!ێ`<H`l $%鎴LM/&?^ zLA}76NfSs+ǧ )Y%w,>pJ-`„'̔LcRD@1@?{ O$'|Q0ĸ;D`7=5(J_:{;՜|ľB6Yq2MaLDV4ꦲ[5ۓ[& y?#uoq!˷H>M.7Ѻ\Oөȴ#sbLagա\:9Ч+$-*,[rs*ދsatO|LU3qtAg^ sKZ\X8;CG*<@7ZyCLdB\gCM/bTa'DrcRvΒ${V*d ~PRKSjiJ0n;ȽM;R_ǦCo2ÌG k*Œ2/llʹ g)ɹw nC!Q\MXO$K\+$mtnFG"tEd.7Erj4183`.${Xe1֛=mt#*d\A3&u3ސ_s҅U]Y;AD' k*@I]M>B;Ar6{`#=ӑː7PM/,T^ C2ZW8~/V4uE=zvC6Êۥ^&LrZh'ntPHTKhFC[lWVD)@`ԚG^}*Bl2,fi: Q8JNI514*hGE ^^1yf/. pZ)^۞q&q x6W"q?bɐOŃϜyN 0>,ҽB|e/F`#+H~q v?{KRK9 TVaY qT^i=`{F/l/cgpR;xf9m6?,\*{,kRKE 0ü4&]!:T; ^uJʓhĊ,fP:~W:QOdꢵs(1zq$! lM@@ maA/zlOCtk(BQeNTE')j`7^.lKZq[27XGAю|t5GbwI|)MRG/p|KOګjL"oNZ7#ZUZ.^ýFENө !:EܖX34`cJ,Nj9 Tב(V5`i՗q P.YJ`+ 5 i:N@m v b!%!}ҚD8 D.\vOR$kFCAlYIR(i0?f=vK.ڃ|\!"ϺL/4ޢE|ۚG@2%;b'ŒwnX”pD:~=@F*YA'đ\@|Mg޸ubFtHFba,0Y3#(:KPYW!l jg'ӕ6pR89(S@n,[ tN٪ؖڔZ$Ȅgp؟tgoi50LASUGr"h.k@hp1c##y/",o*G4 .9 tn2߱k鉈M٧`2F}R1"sb;ͪLGb% )d<"ÍjHmͫ;5xjR'e>we GCD5Ra␬?0%tA^NЅc'0JefL:Yʴo|!@D#炯1sK&Eb%~qaz@ w #7"SGKRIB&(ºQ9&#k幰KP#0{' o5ܒEq35!}~)63[FYn-{!K.;*WnAt Ej+1x OZ~>& j=k̪#yTlMm鱗%m݃ kM!Ӎ}("5( Ky&16E9Z3?^V6.7z'iR8z-ľmx+O,d tħ/G틨X9Pfr=H}L's2qJ&xVss ڜXRViC#nPs?^an ð_f#ޟlPa(s; Q 4WūM߇=LLɉzBؕG%cs~i:^ɧzQg֦t&!&<+e$jw{XFW[&}#ՙ'1DN}†fjr rbY >0KFwm/s_)XKRishX Y7U ֓ތ3'X: wx#4 XyP3:uT !n W-$؈=!g|Md6M:';x$ +p-04mZ)zU?KZ[OFt?&sU;1&.C7kVZ8eA}1mz9 I%\0@&_Y[l$_ueHyp JNu2jJ&(m?1owJ.&TXʄQ.VGMAsdj[pqtFG}Bdvţ/-]vGAWub"?jmUvn[/Lh K 0wt$?GO2q6r. iRc~"%}\lq5&~#PY^D9TA|fI[*+Fhѥ*=uYLʑˣrgskr *.?Dj?0z%|iO*?7< .6oH&7v`REL7zIFc0F 7}nD֋>a .>! m؍DȤ+TՀ9*>v&`սBx0٧]~dw&k`zd8q)JHDz.,sԲah=Pl8@$_g5&'hi@KRi$c9  ۳ ^&a-%w>E9Ǖ؆ dQK\r QQ5@S皽j13cjT U3 cl3`îB2II~-J})(ϨeG}]䮕Dye=zM'`40s };⮀,d /[,/ ^ mICAn)H zc$gzNJlOD*b{xt'Q$d1Ԋ7B!Q>QG? 0O pZ߽ k^>DbK?4NrR$*.p9qV| DO YZ