container-selinux-2:2.21-2.gitba103ac.el7$>k^6z1 M[׵>??xd, 0 X (.5K       @ p    ( #8 ,9 :'>@BGH8IXX`YlZ[\]^Sb"defltuvw4xTtCcontainer-selinux2.212.gitba103ac.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Y2c1bm.rdu2.centos.orgVCentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : fi fi #define license tag if not already defined&9JKA큤AAA큤A큤Y2YY2Y2Y2YY2Y2093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5db1f941df54f7efedf7ffe8cbd8d8c82b368e07abc6b919ed9ee170eafee06961d41d2c582c66dd0742ffd06fbf9cd497aad97ac73db3cdcac5f31a86e6914dbfrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.21-2.gitba103ac.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3YYoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWLokesh Mandvekar - 2:2.21-2.gitba103acLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Resolves: #1469792 - built @origin/RHEL-1.12 commit ba103ac- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.21-2.gitba103ac.el72:2.21-2.gitba103ac.el72:2.21-2.gitba103ac.el7 2:1.12.5-142:1.12.4-28container-selinux-2.21README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.21//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !PH6Q}L/]"k%u#qXPNeR@Qa$t38pX>0fHƛ X jmu D( #RuvYqxxyvl$彔q6)1:-tح "]' /TLCF+ kQ |$]aH.H6dտW[.mӟ:l$mWh`,r9lv]rAg8c9˻2F6ۨ:W飲١f ;gzրj`$#aOnőtg5x^ph݁U_XFnr̵-v=+Bg#qamg)y=QEaK0TMwi1)l75J/`wImHѯ9M[h= %2'bG* ~>{gRWmāF!OS|w9D[Fc㋴xF- C.&Xb˱U50:ݢqgVýX=#mGhf_=,SnVA wgnZO^RdџCW$L0eutg C9<(R&hsY)ΡV=>u!seeoV9|jXQ藿3̬ơBQfCXeRV `wPQ!3ǨunG[[y?}2qE,8!R>˷O+k-V+y!I$2",]oJXv &, ('AW[TRR6z3 Ce]wÊQD!PVUhFa `ܧHfpy?b~1zz,P{Aʣ:܃6- | rr&Yg^&%fςFC1sknz<A_kI;m Bt1dNns~Hj< ɗ0=]EcON}Fv&-o Sq}=%gqwtjżך383c?/mbq|PSUkGX#-^OC-LjoۿD P<8vm2C(rbdb~Hp4)Ӌ/נs)z2~UqBA< nupQp=|saNr:Oc fF wGD+Fe)/2I8;qI.{XztOJ?@eF7v|`wh?={H!\Cl3۫HfSc2Xw )՜Viw%3uHȂW߄7+V\ TvIÙ{ѪRubrY+Woa8Ex9ʧвpt8.k".{8K'u*<-BGN3MKt]ҳ DL6[2}oOkxtɹM*HxeNp|²c=82J鎏%\`O=wv:[pdm$E#4Vg$:n*-d3 zeH*=yaCpQ Qf%S \®II{-++@%&Ϗ i{}3uBvP-Nm$f:94c}Ւ[bΡeh' 4l*pa%lkzFSۿF3*: ({;Z携5IZLy%R‹6ɪnmk^M>ʣw& 2i2@cq\Tm6| O'+ʣX.qS-P#Zr_bG gղUpfs-O,hgFOTߙHj#G@u"=7#d&bVBw>^@-cۖ'+nNO$(U J%NfٚyNc]"G&q,g_M@&LeH)|?n6?^`hənFɢ7b1}ެUlhBr&mHT\b%& Jx+e nvM5ot#ė-σɄ2q)Ö0,(e/T6Ê,3"U|0+#T#ZـTu8M*ƫ)lsIT|U16XTp'G:͍gRN2$\%# 3e'\t:/==+s(M<*CLnmI 3R0M3TäʀYFA#o_V) < p$7iSmDwRr OuQ`tVyH' =6=faC-I9VJ"Ne!HU~@Z$G۷ &[tW1b{o`w1QT ~khqqgŠ{6]yxlSEƥIʬ]7LLft^a=!᳛P\ԶjedgGMO5?*hzNxA&CkS|.u+\lQwpFu a^TW1n?r췁K^E'  oğK:)^2{za4FFa=;]rGbj\a/zǖ3-wR SOD;ǚJJ|+4P Gd| ^9kNd wkOPt<&%.MwFiY rK0  Qv$S d#9ΚLڂq:bu,h1%c6^ȪjTm[hTCR[+$lS Z¥[=zVYմ2ȳIV&4>^lRbxh!4O2ޙeC= K~Ϧ&Fzz>C"8cEHʼno|I&Q*^r˱AqޓWi2ɑBq 2!K3Ό$J(]KNc/Pe4DߤW~J^费bsp)\)& WҕϡeRx^u K[,FeU[K~tCfo&28q&C{&p\l<[i(gAWJ9琈DAhw桥⁠6zjQ?FU2AKKQ}zNK~&^ƢZYU}~ʼ҇b xv۔I-XUi[{ܜSYToP;yziFkl6Y(nRKvn#Q9+1~"#|G?ve]sʃ$~Bi}{6[yn_=! ָkX\o6Jy:ほFZNX3ธR+ЈUB$TF,9a%8UJkz^$oh@vW\iT`" KL(~ 6;yؼd5]ifde Qne%'Jtbx#2EdJ ܘI"`)s/%?^rk݀gM)k(\EAL˪gT$! BG5T2<`,Γ!_i]^}Lx76.镻&MVݡ_(9ʳbu_%h!yó^/] TuZcT={"|S %NA봗PTkK?Zг-nУS`#/ڣ7gEځ7nh4D} VnYXBĒRp-K%w<?7L\Z`|*36|HBXKq9)]1܆[V\u ?B^jfy,DFj%M5\'43q55Jv<&`jK*Qp$y9iv;X_Qyd+&KNQԌA`ʅ#n@'b~?*TV8Z,(:.;gm&*ڠ@.$EeϚʕR}|Z7MѦKjCeAJ£l }e0RyxE-nTTkslՃĴ{Uqn߱sT,*Hxljׯ|8W߭tDe`fJpa 2;08{jYKgdl=-XɌu3ll.rĤ-+bdǪZjG _L`4J [n&8Wh _T}%uSDSg]r#C sn×^ ܃f#;_uΡ|Q`- PX_/%fx ~U'!r~ʡ=­pys9<.:KAJ- _CϪbmbMT}Bgbu^+fr>'Xv]mȟ[fe'Wn2\kNڎ}UxrMdt3J+uF5ڼ=),3zrP/8)ڦx .5{DKv^izM簾PiLԪ;3TULܑ RMN쁁[G RY)hPSQq;TZ#tzKzfĖQj*NH9b¥4= QtTX?G܎z‣?jl a-,fܖgi5A_BԷ~6@Z:m0H:@JI-[5uokE˛‘iC̹kT~8z:&̹"ɪ\Γ§ Eß] vz19;3nᛒf{Њ;il՜Nq4g[xQ$[kbPl6o KUلڣЊd"i=p@ ) ةk-sF<7 lszS_ȏzL'%g}v#-}tTO - Adnňy:|:j5ц%"myeI'RG@w, VYSLL;w~e:OY-@tI3Ogz cmzICOr#Bԭ2." 1!5ỈgKAo=ע zPn6G*cKXoPw+ ){?9AWNhpbr)r.a#!FJbm>V[;Doլ~&GH&F9g>'jj-/rhWWMb rjRWjRq%4<:Me\Һ腼rxھ1_GZ}S9]pSOa! ?OHxߊ߉!4 Heg[jy.תo <4ċc ڍPW_9ՠ**DD'@[{^$4r$S o;  EN)mytP)+UW._zP$hDS9|qѩ!*oݗ5햶%LZ3_30k7BJq.3jԂ3'hTE"Xy9)a&ҔbsѝdvbxLWaEn$Hب vJSY3"?ab( }~5Un#583)+ JymGYZ"pl$jT5>_ {ԅ0^^5H[Bfh{ugРN$'J #=j36P_G4Nqj ?G}`zg"S~hbO g,sBE5AAgf͇JH򟊪Pdk&пIډZjy"Ovs^,?GY)G‡-dTذ)\s~׬VV$G{)2d çQyyGeETŊ5Fmy\ 㝄u%3gJĄ~}w`ׇQFv湮uMiFnpPhE$ D3/8E O)2֕ F躵#lt+0sqʣIgcTI-?sw0deV u߷-dhkCM.WR,9yٞ(1g1eI H?Fz C(wP*j khr sew@.zS#sZ\tڜ:?fY}NKauN –^ڢ[K(|fa4]X p܁mkPe&8]7g8|f!B8ڪ472G컳qapϣLqgNvg78f:RIfI“lx{]0ʨlJ¸d^iv?L)]\D{^27^@_mGSL /B&MX%M} @I8wHGy=O¼`_Iv5[== PpgWHxNg?)"5yb&(/ Nn|2:hS}~x~Mr>Nc *z$~2SÝԕh:G̯~3Dj+{XIEW 'H/lv@YĎNƲ' ,nc&f6مg-H3K % iX'lkTӰWhf٘Ece L?s%q0 "+ M3oj\Wf%i+cs[_5UbVjR 3SLJl nkCLG*t ZT8 |).F;Bʺ~LnbҾF_(X#gv%tg!M&/7Яַ'DKp[<'CƵ||8mY>SFǐzpd:Jzl˪kՙ3qKwn8( |ѹxS+"E7<Ы>{5 1h4띚CT@Jc)|}Q ]w6-ݥKS21W#> m~Nh‪2ئv\X}wb+__B^ܲӏjv`1Pl|{O x]GHU5޳p;yi~76a2e;hJ\:53椧&u WNui=.rY8ܳj WO 6 ݨL3By-ѭz >"uS 5!ryhhhJew؂G>Ʌ|O~͞duT] y;duQdXDY y6;דE;n'`iG^7^6[T>qbv?q\w%;)"g72K R(2TnY 8t41&4SQp ,.CE5Nk0Ro_UHB;xy Bl,kܽۨm2dĦC ׋,H!/2-?x!"j8Wkb7 NTPٝBN/yc96cZЄp<9nzvM/죐%l7$-)gty+ϱ lEhhjsCӳ~|2 uUfiMK&!I3z'c$3Gs9Lد>qh!v0g. q A3܋]=B  YF%@ee?D;-Xšr٠R|iis\K!{ߏ`1y%>x';Efby&TDYk9of VԩuJ) CB; (Jv[o)?v?Ԇ㳚,*2{F,l3 v^#K}te/j,b&5_9|UPfxuWtef}KeI%b se^qTʶ% gsh)F/w̸yx_nF<:6%.Y -)?UWEiTMbTM0aQoU6:֢e+(gd9@H?kٍsTX!?x6mczgPs:{*e!ie[55}ZE"٢W6:U4g>Q;5=m)؈2Ơ\ O!^-wѨ}^DLfbwٗU`lH&F2SG5dDeS+Vi.ˠ%ƾxvI5 &{!c eKwRΛ)>UWordg<Ѿd9'kyÉpw1L(y Y#_ O#XTL?J<4VTWު(8`F$IYwKphKEZvAX& ]>*g8J3D$!ﰟ!H0, BV(&miZhE [BF#yHyQӥ䤹?=}m?l# Y/|c^T3`-/eew/5Ͳ"1/Tsg)ބssFIg=}R$,fs!r's[ڈ]adȶA疣e\_i5k42d=( WX˒-u`_y5^Qyb@^+xA3sO݈acpY 2i, +>?kK`h‘]"i78 w%VQώҊէħ]A'Ҩ[6#Y0Nto:=, HH9߸O<QE&v%g\cjG<"+qUt9ͩM=Th~'j')%-qt ⤄h{g30W8nWx ##d/3Ȕ{Rz KdJiu#R"14"•4¬5Zv.qC+X-"0EɧYC;]pO:C:gJMOUqV炠Q},yE)D 7pc;eb %R M@Pтu'@8ќ\)al.~'=VA&DA+&X`Rof?-4Lԙ=g8#_Y#c󜎰 .x syb݌=\5ɚ;oufܸo, h`Y:Kl%лR03zx:QPzGq-bM;>% 5sig]a1a'U]uCƸ)=QeD: n٠+>vrw BX"K3h [QaQW)(R\ ACѫZ|{~ΨXx6ۃTޡ9"MÚm1?Fqn5FC#70_6\pЬWl)$!kځչvKgJ> C;Z zq~N20M}jz]RՖe~"7e$_"wh rbfќ }בAF`ؗ\nפˀGa|Ja`q7.qyib(<#q&}6n̂4.+-jed5tz:il[wZpq>e4L< awO$'hH)99~re:ln_3 bQ茓BwzL I@wOze;boͪB+v8DN"p]X=2D_ _*f0?T(遪yl/'J DBI#.eݝ| K\쉂5SEeXۺъ΁tih Q}zC|V/_1ݨD _ $rog-wXDw cJIo[0Fg KG@h1իxZ"M9cG/Por*OrwоĐ&ˎ,M{ 3߼jCe9gNt=\N)I&t itGkq>-y Hyq[90ExX/ " 2GﮙM, wRRGP5I[!6q:.5+ %WB%7&Xa$:hKWlhnc+ޘɳ#G3MeaB-{By 噏5FezNn&u.YA"ȏ'%EZÈxJtm[$5}c#5q?>K7u稫7lhKip/ub)' N1av'Zj9Tp5+]G1^`kon7Fdֻz"8>xSj.X-{31D6XzvCnr/2;&e.e L\A&wb2Ն忉Kqal"x_7&ۥJP Yd᳼-V̆,vdL^0U8& 2  uS]|~=&cܛ.2篃r_Uʕu9{xӇ|bETsjPAmLor/DxrߢubG$bnuuJaٛVugmD՞` )^Wfpk8ҕ2J`֬fy5hɦR#wa"\{5)8RӣI8I D-ڒ s>*Ii>@'PI<מ!+Pq}9񽐔,9>'r_UH:0>\>fO4ʢ|Lq:LPl^=@B|刞(.e _6(q4E%WL3ktҡlIG?vŬa &+A 99ѳ2_,EϜObDfQտBb}A Ȏ*7{d$ O~7zZ")2]٠8 I0X0LRD#F<"XyuD%;ԌRN>SIo~`KG4$LLS9 >e h(SCFGX3.cwxkT%4߂wg$iHIWk0W/{,>?plzV|yڤȧLIL&(|.O׀^]fQ͎4w%.L/ɧk"“/)@rB)džx>-o~wN'<ВEC77~UmN~ m4S46)7Ұy[u*^O^YG0 Uc,=*ݳi~0⁤]F1(7x({=uXE5Q[2SBlQްJƧҲM- zo? g[Ӡ(tS2vSƝ"6pW]Y"` M:j+3[GC1ςbQirPJvALU h`Hٜ|8q=K>Id}c?I,Sdw<Dkr~F4Η~(EqEhjlT($s@0$+{Gۿ"5Z{/]IM٠ hAV+Rۘ;>yDy=dwk0Z&%8oJ{ Wfxw#/L;7-(z IwPlb;Wo-֤ VAE$gg#a+{*}.$4DmIr dBc B9GxfY`+xFMezpFWz1@Rd {:9 UR?8px{7Iz_hAQ fO0ߞ)&s&eP=[o+& yM"֚̏,QJESPUT}z,PWU]0q,@dؙS ,ygR!P>'PRAoR$"[yqq2Vm^HaZ{Z"NVC.͉Q$&k=zUԍdU9rVޢ $@ic.a!<8e\%K:?Lg` 0|OL|Gƪ$Pq,@^!"t%}Yދg}0zAIXevT7;Z|AWFF[7pvZݨzCKikg ~~KK @t55Gu.k^%qce BYO8$8ky/H[ tU3$]ݣMA1L5:6@M`-,R_p{q6hI }fb'as􊭚3#!u2,ǝ}qǐVlM5I9tTӄHqٽ"ԺNENƿf\ܣ)b#^ YZ