container-selinux-2:2.21-1.el7$>j l_!(f" N$>??d  $ L ")?       4 \ |   ( 8 9 t:>W@_BgGHIXYZ[ \$]D^brd eflt,uLvlwxCcontainer-selinux2.211.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Yc1bm.rdu2.centos.org CentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : fi fi #define license tag if not already defined&8J]A큤AAA큤A큤YYe YYYYe YY093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5db61fb6f2b257ccb107c95db493ee189d0bec377fab7a10de3b853607c6b7e4b14f5be0abbe9dcfe3b2936f01220d671b90d6022ca10bdcfa26e56c236cfa2d46rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.21-1.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3YoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.21-1.el72:2.21-1.el72:2.21-1.el7 2:1.12.5-142:1.12.4-28container-selinux-2.21README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.21//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !PH6R7Lm]"k%u#qXPNeR@Q]ɝS!Cc(Mxu^]3z#AKqӫ_XqsAJP7],n,7ߋٳJGP<po͑M M1^ޢ* &Օ2S$E> JӨh3$2[2H9ZI蛑s |y$/_(My8pos\ qv1@8/&I725*5Lzz@(K%Ђ{qqvRY3ݢ;*)ڡ8RmKҔ[GEX|}eK[]#1O/{?,iJ:LcVnd_)8gw5krܯ$A:k:{ߴlaMM}]^SEØႎ?cOjn6-@@.u߶ ?tˤJe'g0yRom ,s 4oR#vxQDH9y>(e4*5´2Dԟq y`ܯ9ͶPҎ*)8gΌ4,.~l߆ӭWqUih@IpS(W9*u J#)͝JmH~!.)(V7<𩇮sgX|eN>3t{,XuaUyr%I?A^V EW|ƎJ*E?N~aV^o}wz/`m%Fj)]Ău|ȂS$9Ƙb3_U1 ˶Qァ6(<$]<5p"wJmsn9dau/OW$87tW Z *cQӡ|R(Iu>ƾkLbrC}؄:0DRMJ~\eVkV5*2P0*Ur|fl?<=WzƂl=sеh4k撐.#-?"4E4pKm'&qzuD26v`!b_q\|d͞H&ǏF7y)_DBt`w~ .<#a:O/#Hؕ$h$q;rLm>|/txt-w_^c6.tt>~CM:ovҌ#\Sv >Qӟ,T{[_u5&e@Aiو^K#_(RTХKm'dl)Eg,oFߞk}~bB<~ ONQjo[ [QLxZgIO9o䭨L4c@zU/aK>fKڄIA)!io%,^mnYV$18j7͖kOr p> :c6hF~>҂FC ]h~RHb\7*>ѱ|u~U'^.yH-@OdP~> m Ɲ}Ms$$dA\{7GǙ3?Ɂ it B,x*DC]*m>?̵eYj4d!6^]e>C@{c Uw꘨yiGX{[Jnu`J*%L7cN< ^=Bi9,)BfP@07\|TBðq7\ GD!xa٬s"};e0RI6wᗥPMP^tU Ը4Qle{}\MMKiͲc&P%q%8[9AO#91Ch15FѶM&EM=]-2sdLgx]׋^c͜f kD(ߧ8f)f zǯC[9_fݚ*%g mJuO.i!D-kDSO,g-P&4V+T sNnRxddu,N7. MY1\g ]E  l I@ģ~~8Z;gUv%JsȅC2M3;M[da+Lg4W#Á*SGPEN3=\dL$ŋ ="$d,x\}ɤb潢XPΝxy5<Ƌ\(cҺj"] Dj[f>e,Ÿ CشY`/s0ԙѰ W`\7I|N>2r&&z4X^٬%&BU1p^]62$=dAUg ͜6?(@b!MͪPʽ|,}3GגYƞM/r궖W!!čC [mz96lJg jn _]{;+s _X*s r09v}.n.ay\q&^3)~fݲ pe#^ :h1sd 9=h !N\gȌm)y FSx̎i`A4(NS>h[\.л݂)Cr^"!&j3ly;A >R|B8ʌȠ,CWtS2HTe58$1z9vi,7Ҹ aBr3b ÿC,^Qz!zAYz,9n1Z%n{]1'~ʹ0mn5vUC7`kC8G'"C.F cc_| |Y&L5~۹BHʮgנj"33= 7=R(HzwS&\uG><Ϻo\}7#J✨Y-[{ KV DW A$U_ ~wJF&wfaNmi^{Q|D>!nM |^B+c:b{е`}V'Q=keްƐ%W$|{ fJCcAiU%/L8CKFCҪ]'#-7FQ^A HEZf/l`9!l.3_qZy@Əlj%(^wX%xa"VK;U F`5L7.χ`Eav.'Ɠ tFiMξ])Hy9U$4 7062=M>Q7d̲d,y`o^[ O[ uȶuɨn:yORėqR؛"YX2}9Q~r5kCH"{A uLJ7߭PPtTH11E' @F'vg=^0('"CU ͪJYPytG|75Nl:cȪxsytFHNk[h@q1Ǹ9##JD!2bBAK$-޸vg!tJ86e8.< ڙҜRojD[[p-W0vbSL4{BSGXHm t"qaXD"sS- 'hibD,ϡO(Z= jFuO KY%&}2PANA2ڵ2J!1 qI*e  H@@ 3u)ڍ%l=G=gGVe:6S,uS83އͬo,v/U$I'*l,aGbbh>*֎5Hѭ/b1wWC#lÏ &.=(NJB!ɟ;EA_.6.IqZ.QAz@mr gs'WD4/ 24 `Go}1lai⬘+ڟya1"‚%7!%Y}(oeEf:(Y:T]Dhno8U*΃ǩ MDYLmٻbLzbv&zhSlpl( 5BQ/eܔw;ejoXl/0vbJXl 8R.c|;"NM]^YotGsyH 6#e|!y삐vcIE)E]v!_[LrD1 ?X&*z=5k;i<̢rxeM,^J_sy)|Cj7MKF8}?Sc޴DN 8IL*]^+]5ǐ!s!mGs;ZJ }ul%[5C]ն_|'r(~jxЉe lI+6kK^S1Ey7&s>%E zTҀ \Ò}N.d_"h%#3ks]6HJeꤹ>uS£Dk^GNZxMᵗT:\{:6ayC@˺٣?;a楁z=|m Ni)@%ӞL=A:R3Wkϥz]Ox>c9m*;B˒iSҵ!q{r|j>{1"m*x4qimZ}C5Cw9V"2Ùwjd$>PHvv^XD:CNx$:E:˦dȓvDY\\9إr$fE6B-_kXO;y-~v#ƃ6G_~-yFA^G5{].yܟ`"nRg#|j9'B++no4q[93nKS$V<n/wk~mXbSm DCnGi&i[o1p=Tl982G=b m)?s}JO2X:q)Bt4'zy Pmׯ9I˟ˌiyXt7St&ߵ*﹗>-sSin}!zwf WK$(lp7*O!^IXBBx9H`꜑=nc"pOfvkx'/%Aד2kyFKO:@iaѵh>|pLf%8Ak0lȆ?s"cje0 6gH4 5yd=h3(lu;Oj +d+3h+ZP#LB1\vXΓvݦCI2"8iS:P^]ӷB̸ zƂZ7PrD͋"i@EL"ù՛G8 /W~('3nRLPVp-)ŁÃZvft1ԍK\M Odqmul?Hտu8]$L-/jx57yNV]/+~oahnދyK%O:k^bs}Ύ``Y-̂iJeigڰ{Αd/lic_&$CYD}AYè0<P긻KW,GWת7e6<}k1.w-wY 1J?': ,*okR)<*8\ݤ RN-3'+IQ6=|0էjAbz򧳬:cm K6\@6EIYm^q:K7BT`u;jW83.ϏJx,owF{eEtYhE!aɍ;N֏lڹks$h;86ʾ9{7LETf{3a q>}*t[jK(8N^?Sw PCo~^Yz݋i(o3iA옓b qua`5)E޺cn^kвl d7]kOIs5yЁ]+9CKXNasiZ# P0P`W~f:! .O|&v @0#F~yC/4+ѹ`W-@*)`=R ~~(ݦj# 0U$1]#d)q΀;e\0D!5O0pM4ӴE8Rj%f>3XMUbI_b|`;5\`riCn QN߻xY=7T2Ё5:%ǘ /@X%H7(l^e&KHtB{~/iPb̖j֥dMGZs-*\vte6(5cIRZՓf IMrVU6Gu}{-2\V4~EcmƒjǜTvC U/v68XĆC-tpnk]sxDٔ.Bb=§qswd F+|>xCQ܀<Y,󔓘pX Wp=3!GB.5O̧l}\KGhNQM_)E \-8X#Y` TΞ1Npk0-.:3FZo`nWSC)c(4E":T^Խ kt6%>40M}QteS[ґKBp"FY&9 Hpth(1؆-=,ǩ|PC!`d *g<"ȉkĦ yybFH5Vܯ(N|y g2YP7gߗpmgҫ6Ens;. 7nT!趤!0d̦8d9vSV"f1-U|l`^|x^ycJK"a= `>z&g+K *TqΌd"(/Yv%fE#+0k cGň|15"ji12Q8JJk :Cd""FT.Ax00m; AF{7GKTVk'nJa'#w{F-{D< >-}_σeo9(\DꫩTkٮZBETev]-Vk5Gvx倉h]cr]f%x2ф捇BQC_"PC@࡬b+Beq< ?!L4&Л^ڌIWJ1a^ƾ׀:^ekNdO2LNҢ@ͭtr ovoZ?2bS0ڮp:Lm1"_Տ!C(5RS%']f ͡1_qxf[*L!2C^K;̇2c5/Οo !0 )^gE#D, fHL\)?URV*ڑvUΰOX ݕr(kq%'_*SiҝfYa'E]dvPg[Z!I OXaNKbt} )CmI q1 a /2,2Y^yMuhonq H*%چBψkc秀jbbN`D0#r,B%FG1-qa>G⡾+c$r]KuQe1MAUWQ70r9W @&Y gpfG5Kf8n3x;&~ԒMq9\VςҐ".*vWWNgl/Hq%)mQD]חglst u)]g ؖΔX+[x6afoZLj%lwWR7 uN@ PJrs7ݸ1$4- F"Lq|4BuH"1)-sAo@*d\۔ڔ2"|yumQH>]|(0_8]ˁ>CJqԚ~,s`!A]Av[ix~|3v:׬ Yѐ[&pK89'\ȿmgY'{"@ܖA57̜zrEni7f'!sENJW{'qQY) ŕ& Ю{aΈ6htʹʈ$ow^Z ע|p3ABKlOss9H_IZb=&a`ˀXP܅/,*@S~JD,X#p8L"=g~Ve 51DJ'T)9y Gm-)&O!-xs{c>M)2mɧy@z7^JO:BG`~k\5[^^|e'Xyd.!n D$6_߉zD%Rc{. na8ys4 L\>=/b8+|=Owf>JG;-b\GWwx^`y3مV5|&9 %\!SkE|et{uE0-h"w\c2fno@eSn`H=.B3Гc拢nsOyq+L13*.,$]5k[5&L-'[N$8E*m*e;Hp]&ɱ@'KG.ӫֶ{+|*ۨ nV%8Nd5z1ڢ#ķ 'A;E$4: `( kCC_n̫ԙ;TIKG4y/ȇɢcl{=3_/DM`  6,eCCObh(ԙG&2EdIWYVf|8$*X>F lo2Li'~I"Cf%M‡1iEf\ ^pWYv|kkQ嵴(˞Ӏo4@ú znU-HQ:3(?ݓ9^z"j%J%2oL) ȑ///tR~OM.ބkck HU5D'~;jT徢k1C"L9aRXTRW+e5ڴ^RKCC1O^ʱSDOY5[wmL^Pz5ڝ65{-6N lmщ?2?p #Je_/WOV!Q.zX8'Tm*-8Dnt!]Us)Jb93YgO2{O R.Xk BFǙ(Zl4a[-FtAvų/BFbfv>0&ZOZKCVӪ(V)Vb:/ N\-R>&Gk7:;{џY sUœ:_ -{،8)T0Pd4ߤg&a3 4GZf=gS~ue&Z.Ds(A5ؑNd5(^l38)qN9I|:9 ؇H?;X 8ae瘋)lTQ{2j}5JȢ@?,t%aה g')ΥJXC{|^\q ١#H.RuzYNܬa忣;e ܯMSeGwˍz YwF.o\2\p N|歊w͕v Y1,K'ab8]xU5dƵ^C1u|0cGC( WN9(77C^fQoமsD?e)0"RIP:3^M~eVCIs79UМ6 tNjDqޕR׼ ؾ |eI}d' [Xs ,PVtbTXl(k 3WB8h{4s0LrvR,V4S r畱JslbOXArqv=nTL36R֭<89ӊ5  OAot><xgRhw^Pgmh֡~ky(gKAAv5Cnaث--3'ٛb9Yd+~lSjo-i,B:և;Ya9 TS7 |(2ILQBw7 )?4{LBP!dp6DCG\+> cm[јxe+т)\,-J_܏'}3$L8&B%ؗ-5vȱ&?abqRW=,[@8 nX-S.ը o U*hPJciFgV0T?z$Έf uN/m4d=M}2cIcJT)FAΌ{?C}e -%;\9)cu4K"C&0`l'ImZ5Fi/KN2 h m}^>Ϗ bTlu8CHV2Nodf?$O[*^/5Nz2F* Hs-wfr7iw/ Ӆ(:Nku(',) k[l7SvFjG֝f*.zBX;rsl!@؏$e྿-1t{1l+0.LpCq6YI*{Cp̸tƻsfv(SieP!U3x,p¤>Ge3k3cc'^N`IJ֓P3]lqpS `X Hno "eEud:[% G'P['$⢀̶ycF[}rRU.)^ynR ~Eq/Yh/; @'p}1q`6mREe,z7s6h%fۯ4-vQn/lfbll6Cۆ>v$)`c\^ AA~~;#ٽʽw]9cj$GefѶM_(ʛhn8:2}<ͥ9K x'͗dw\UaT'oO>~JMф܍ n ڐ^9\M'\f1.Hk줫l8] xoUTq.6_H&TʥAݘC6~=@(]w)T~Ia ne+hjLV2$c+6`JvՐdHy8d$3ZQ*+z ?-|%һr6ᄇX|G\R@w?BgpVYmlFU{R2pIyˍ~ۆ:C64 IsxJ3_}LNF_̦VغyLhI/y%&ǶgJai`[uqO&ח#]T DQ8>HT3XurFM}r?yV! P:&q$h(n)ٱ k_J o ѭš5DxX|J),Ii,[`Ro,u:%xCxA/o'Ng"]/8PHZ | [|hZ5w̖+)]#;jW4jl^|H<Y"D{S^&({B yB}kD!^_eY. t0:fv8 RO%|̒KDT\VeNny3n=mCκUPLP9)q1y?!A/<ҩru|l וݡ29r@bdžc>g:"` 'nzjh[!YQavJBHJݩ}?N Qxs&||9XYO3jLA5z1 ~Y3KUuXYV; 4-Hۻ7rEem>+DYNߵZuc -{( MP!qrQ" iCif.kf!fln A hQwgE d3lˡFP?U.sQ&~? !|`C$4^KhC[u'Ηar]3c %'iq"uUuMC t9)-ǚz_hi/|vꤘ}AaAyH@) ~zIm`rfYVtgC._&픾2+k~t< Y)DM`jSFKگӟȷ1ԞzeLu@*ܟq>,I/kW9{j'nBC- f3Y=\R>U&])mVL[t3ڼ4>1ԥfTWƖTuܳ9eBec+35XvӞH/dVv3l0)@ Dz2GW.':V\,zp.-$]+N6XA|YX\FU>iiby”ke tjW_fSR~4j;PK5In~c'x}U+^ºt@n±aֺ993Pqt*SF^~ Re5O# -ԃ+c-WО7U/( ZȜ8j6V= «Sv֛\2@ ^odKKHOb-49f9^:g z!4'b=!FyY]L]@TJn7ei}?ɡiOP"(-wO w6I K>סM0qT[lƧa=]CTsыEΫn.4[g\PEn`c>NHf͕uxIicDVazxTb rH5`|6oYi ="sMpK!;G1n__[tp@b9*^h4P),_Ń+8U(G1GWH/sPy+%w,)q2*2Dx#.(Dx8ൽ@m={3h b0b_@ f>#e|TcW 76( jGKe@ϭ` "cOtCy%o.a{M"7]١MvV[I7Q(m3m?^lJQ-wPVS2 !˸Ǿ8^ydcAҞ YZ