container-selinux-2:2.36-1.gitff95335.el7$>rTمlsӄ{ց>??d, 0 X ,29[       4 \      ( ?8 H 9 : >@ B(GLHlIXYZ[\](^bVdefltu0vPwhxCcontainer-selinux2.361.gitff95335.el7SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Zox86_64_01.bsys.centos.orgCentOSGPLv2CentOS BuildSystem Unspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* /etc/docker &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* /etc/docker &> /dev/null || : fi fi #define license tag if not already defined&;0MhA큤AAA큤A큤ZoZfZoZoZoZfZoZo093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5dfc6217a38cd557adbe6ba5b7e219411cf816d86ad270db71fed1fc1d348517d18f1d39ac187f64de991fd9aa522578c5780a5d4df6dab134d9ef3524c124b6ffrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.36-1.gitff95335.el7.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux       /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyselinux-policy-baseselinux-policy-targetedrpmlib(PayloadIsXz)2.5-113.0.4-14.6.0-14.0-13.13.1-393.13.1-393.13.1-395.2-14.11.3ZOZZY@Y|YYdYA@YYoIYcl@Y[@YA%@YA%@Y6@X@XO@X+X@XX@XXX@X~@Xv@XtXp@XoXoXoXWDan Walsh - 2.36-1Dan Walsh - 2.33-1Dan Walsh - 2.32-1Dan Walsh - 2.31-1Dan Walsh - 2:2.30-2.git7f2de1aDan Walsh - 2:2.30-1.git7f2de1aDan Walsh - 2:2.28-1.git85ce147Lokesh Mandvekar - 2:2.24-1.gitaeff029Lokesh Mandvekar - 2:2.21-2.gitba103acLokesh Mandvekar - 2:2.21-1Lokesh Mandvekar - 2:2.20-2Frantisek Kluknavsky - 2:2.20-1.1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Allow containers to relabelto/from all file types to container_file_t - Allow container to map chr_files labeled container_file_t- Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container.- Make sure users creating content in /var/lib with right labels- Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc- Relabel /etc/docker directory- bump to v2.30 - Allow containers to create files on tmpfs file systems - Dontaudit containers attempts to write to /proc- bump to v2.28- bump to v2.24- Resolves: #1469792 - built @origin/RHEL-1.12 commit ba103ac- Resolves: #1469661 - bump to v2.21 - built commit 333854a- Resolves: #1463549 - built commit 532fa20- rebase- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.36-1.gitff95335.el72:2.36-1.gitff95335.el72:2.36-1.gitff95335.el7 2:1.12.5-142:1.12.4-28container-selinux-2.36README.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux-2.36//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII text?7zXZ !#,RO=]"k%xĉNμ5#+mz qtQs Os9gGAٷjp2tBjzTC ka%{W*u8uPhJ\5iO%DF!Ik{L' ,`əf?r Girabak5mM~jcsd>͑2ln6'Ṽlc)~^o+X"P9"nPWO!Fj[WT{(Z/y9e'; LT ᭾_6w2H,i~N$U Ҟ)7P?$i69>U9\RG^X|z3Ig>d3'kqXB+*Nʰ@PfۡG3KCB)sg֊Ԙ60E0Vr~#0`Ό!:8I#$t6z\0C2BsC!P 0'Ha( 1rp&j\6 !<& Ù+1|diNQ\dj9.G5XĄC-HeDC/ )+~O4,> J,%g\Vatm~8&DZf(_]gxV tv1ݢ^X K},Y]O2xX.Z7QxD[H 4i&$w1NwzHox=kLmI|6Gބ R7LjMƠj\n|U*#gOiJÇ+jCinɩu5T:vr݌n;DK7(!Aݻkdtl3Q|3JsA 1@>sJKfG`[az&~LӋ.2\ ZT/7GO C0u;16q[j٩|?j r|xl5.Yч ܶQyq}s4y_M>c1tN/45#Alzy'V:Gj gs [GK@Fl_yڟhS`ƘRo>H!M}ȷ/Q%BF0f|R2?&/}>.i @29Ȥ۩MRÿShy+5ЀxifG5?m`JxGs'챊buvCAK^ec>f|A5'aY"kT_cM;duY]ʧ PL"h K 2%bڈ[Htz/+ƭ5Q1|Ǯ%{< ڍUV ƝQ}LcYvۻ9 qk>ђ Ѿ{m5h]j2V|TaŠS'ȫd/ *9v .:eF\inkޘ$8+dhpAl}ngzpDQ~o@48 <"$8Jq1+]c$! s'7_(7#jK%ZhVm06k&E2^:7gO>l[=5Y37I23^nQ{erF[]ͤG~nB+7OY_1~aYz-c2WlQІ3L}+݊\td4&(plU\tu.ru?"1̪6h0x+ƎA$;&ƥ~3|lQX [1g_aVĝ˩tN `(1w++4?w8f*4Ww{A-`.ΣNع"["! rxi52E=i$Vӷ8ٜv%Mbss Hje54w7;>[-I0\_y^T-(e.蕊XܫT88'{٦({s6V0($,R2; ˊ)˾SNt¸4iqYӬ8T04@v\+!C h(Q(aS~ 9-@muOT$~rMm8&HqL37(6Y q/~5AuіI 3[}}VZ%Cd[w`H[vт☾I 5?^^ك)$7k}f_a _T0𡺴5;zbaTGAo155&f=bZ3e#ߤy=9ǭ QғB\ M^.)/:_^w86\eU'_祔EmןEc C7j^<l:z(GL>c$%Շŭ9>ش5P2J7di◽= 8L e.ʁzi\Bc823>S=5`4`cW<(ooEg퓝Ht3^-hpLybP-1hŀb (x.8D_1R4,YlY`r[=PAL=n#i# > 9 ybOW T[Ԥ (4p`T9- W}0|awLZՑ0uCl YRޅ uI pPDʙ[eHix>\ W`J$gC#sr)ׇ qB5cXF?r+bJE[)cp%yRy{z» 0Ѹ\RTE:NvU,;~J(9s-gȩdiI*ۻ<آQAΔhD `Ë` CwDL83윛i[Yx~+"V0Ev:RDW7 ݷeTYF 6+5J75SG^i.Gl=9fw@*5ɕhFuRn:Л{<"Y`b[]laQH:PV@hqC&zRo@@UVJmnygP.9m4nzh>O`d;) $s4cú^?a|9I#1?kDV,nX˃=wHu/%m_ w<@ 5av%X>ɆŜdPN!H6`)05qIA,dž?#v2ȜB.Q Fٷ*+uУL; 6 622+BAʹySBɺf bxX"olN IcWFlWCJ|>I'-YŠ{~K h@$En Vݞ]z#J9MNh?5. co 2PyVdl& gGExiNsX'WD{O'GH5#Wmo3'bw!ڔUWNO~cPXv-Pw5vw5jW5L EZ;гúvz(}TX+cYofet}|tXi#4w"*j=jGs1Dl2*B8. '7bj^*?기A@<5^:ALL5dd܋d\)ش-v~fYt5# ִr=Zqupdp%Trͣ̈́@Y%  šx ']þ5IG3.ۋ,ԍs>\"VBL{O%(Yr{ kd渍B2?2DaI=Ⱥ3,IOV9}< VPaezRXodx!LRxd۹>@]+L>^#PVZuM`uFL`/mޥ1NvTlqP{["B*Nq VT0?Bwe Ԛ jjXٔ\L+> ѮCY6v- i KI{(y0DA&=k[bmAYψU+;BYB72KI6rMr,hn[; hp.45X^^;RyW˨~3ӿRэ_ѬuHæ#o9O"iRF Ag:JiEQluVNu C jA WNd})4 9jvBmYـ紹XyI|[EhTJ)$\;CDzn/`Mj9ݢKA,wЙ!)6C>~j.!B[_ݓǷEM(n|Q%Hl Sa ,ö*Ɠ+T8bfGMfo~L\4`lW a5y`5S&Ч'.13(un̒.dB5mB_%Yw "P[ltW][A?Ʋ la=b5Ydq{Iyi /HEbR f G W+az\W86q螱RKMXҿ6 W͓7SX:봛Nq 0C2n(bU.|,zOYb̀,;/dVjWx p[(b k󥿑J9*P`^,;@ufvjBJMTs vDddM3Z2J։x%'¶CW:ō$ VqkKC5S:%5H 5f 6 3Y|&q JCx&7@QvI{(7v}=Y$3U00Q&ۥl@M,/v Sф,uQ-$jf}Qp=Գ FjZ*<34rt$ʓL5U!rW)MD9Go >^sMdU D\ 48 z5˯bJX˛.{}קL}-'g#LBIL%zCܐ-'X#[ᡨ,tV_BI嵨G@ aO!t@{IȫsFl̊CKlux6 t9]Uuf6(tH%R|h=)m 7{le0i(Ҏ7hؔLFa0gHh(/!v Ru \Fmĺ-)O ̼4 +4;lHj$|<%h/e\ VB9REt mȓOLM*~f\&}%KS5q]/V0^y|3' <߃ .+RԜ}T[g^-Z\06ra2 5p ]X@\PO˷ huK PiYю1ί ٫u^IqKtuMIPCLֽ]b1ۏ@HI: Mƶm儷y%'4% '+UtRQ}]ra{k.t#zGCr]w"BF+^Cm YW]޶]A] @vMQ;-wA}83 ެ&ԀLN!h};~Rbzsz .t-E`{.~n\_*UnέӺ[B|Dթll):hц f:Œgp7zN?*3 CM, 3~c4{@K?.n"^`|j޼xs?,J"9f<^;ʐyPZJ@w"^{Ū55AA7H1m~tk,-Eyc™h.%HS=ZY&Tu0 /cZ.Pv icH 4n7[>f B877uMԍC1 w@-|R|,>5dp"Ύښ>R1z58PF1AN$aWŗT@6<l E NN~~gyp֢blj?| D-ջ@Jp$)umy7G}4e9lRI">UΦ6FuG&JύaY9^STj^E$4G2g\.UAkvDVOƋn2~OO:Oކ4Qvw؉2\>5[1[B,vyT?kPNp %?|ڑB9]+f$mfzn^-)TNO&5;?F9Aj*~͘#^ dT 6 C-׊R*N7gO`:; OÄN%Zߩg<¢#e"]}Yi|sO)s@Zc^j:bA%𣽆ۑ^&H PGqڈNeΟ !܃/TbIM܂vxGT>ҲƑZr#$zm&I-L „dg?xfdM 3 Z+QrLUm$aUoתۡB6ϯtOb `:FӺgl-dkUFw/w-s/mݐ)FQݞF%:2lEk5Qa Βdꧥ;ԽjqdgNzr(R"9}F;:>6=q51>O>K켅dP*#:@Jjy7Xɴ-5FP|Y2R?_}&m7JJE\O>+>ϿApFk`〃s{2',=|NmAz4v=ě8ٝ:I8RDzj-#edIŊ5i*)ldU6vz~?MF94/5oDcÌ;</uT)/ w< W0t5] wVӘ ea3aStɕPQ8u 0鳕e.![rϒ^rKr}Mrg{wt6hJeう Q-׍lAƩ [LڢJݥ>H^,enU9u'YJ`zګ-t\ȰgZ:}kT& IYXZ@~NFX3*ow0lhtw%V;})ogxd/ ;`7ET~p|1 ҃t'~[)Y=.a= 帴?Svk>p>H};B i+!>ũ {[ M^.poz=[,o=2.Kc5p$ml13q^L2%[y4N4@t;qR1!JP|QeAluEf.'o 9jtۙbV*E2Gɐ|hPtW%ZS8ٓ6mk>̧]zS A ,,,zɽiH^`KW^ha.'VPh u{Ef su<PNfnIvl<7xxLɤ;\V%,vzkS |.(+IP%h+P˧ePs/>_o("1vԈ2y.*o4uOUC~WŘB4ӮSk֞ٯx+ 4E1ħǙ!SQő'Y9KUgyo ycJGqM ݇g-9<Ku߶Q'bG֡zYx2ˏc^ kOr)9,upB7TNYU$ӿGsW=6:UVCE6܁iQgh9UWtkX0. o҄i\ɛLF4 P\lLB8z6J z:4 JfwǬdCAm}}w]g}P'e) -M ;u8e.~ʪGE!iDhXwwUӅ~eAH#%J?+cU c1*ӏ>`RHCĀzY 2ԹiCD˔o%4 `Xe j&I?kEaI@hxϴW U߳M{ jCK'h{PVTda t)e&p/ww]-KiW1+Ju؉kd& B{#*Ţay++ymtS1­m@ ){DA ݼvnՕV9N=:u5M ^Ke Վ{=)-+h+{FWo$֜EZ2R-`fkZמ SJ'GVGsDVECRSe@MO~+oq wJq^}A ZdEz.XːK̉rNK?XƜv׀b/㢅dy/t\9͍rBǵ]rֆ05Nh]^geԚt^Hʒ-_q/<*-.B|M$N\VO1p#eQ]E,z=4#oŞ>5•N)lE""xʏ\ƣYܙ"?(4VR4;: 4&WrޑgG>OogؚؖNS);tuPڐ I7Tm溏iVnI9i{FWX f䈻7ڔ C5⌅mRܲWOt ޲0S2QQ(z8w8F>sn )ʮȟ`:]SxJOo|z~ hu>0iI xv tr@t!qx] ,3o[l|FQ<з]W]%,+TK9o.qƛ}W$${R#(eEτ@ig(HH.[|!'it٢z慐i~)*mYk֛5 ۳A hg&6oO# P9ZНdַ֝v֬Wxʋ)R(Eqo\0}µpgqyj!׌Q fH{,ܼ`q5Hkj?e8Aw^n)TY~hg6v^6T ֩لσ;qE~}T=FԳsfw)ތ\ٰcqqB7rF1Q 3mհ5B0劇=8Fyisrbj.qVSJqD|/o,GTXxr+ަadoKqO?Yޭ;Q Qtb01SU#:D~I¼=eh]8z\,[Ŵӕ>5-xH+(t'$ @Z<R"xU_05tةtǒࡢd{/ڥ :$Ij|IC)*h}g膜W OZ!uf|RzC6л2cXnhONjUa(HP}n$Ai3DC"z AqdN(`MAV!\ "" k~k(NR4\DG\Hi;3˹riőbKy9F/[!"emMx//l,M@8)4*"C}$QQ^NaM\ ?VUxRyI1}i\R2ا0)-BX>$IjK+Q%)+Kɰx-垞u=q*]Sv b;3Ё&,mCܿZ&pǘ卛,-FC`A^sbt`g6`u6qoLԌPg謡@h M)F"5fM;7tL.)6A2 a9q1g0SΦ; 9SN}\'Xp$ ,ؗpKc@j@["ϛ ב0J)K9y6,2Hl A'wUߟu}j$<b]@%jй\PQJ ;|9Fz-Ly-^WHcxjV+iry<F|Cx :ҡaN1~Jt#:(=zY8CQ?Ķv}zMވ:?vUr+yy.\S~Ee ,JF(D J3 㙄痫t3:FN7Ol]GݚX#v HͯB9ĝOTPXo\U U+٫e6m=BV]-/+9$J8!imE"RбUI` _xvi:]f=fyOiM`9#H AdI^W'D.ٳp~ۿJq_J j[LJ'Eh)}=?7M  ƨt1"‰TPW0 g5?Li_ Y}xL׿`m5g#rv+}ԟqѩ # 2{ju1mwW}ۄEeyjY`grbwU2rN} vkLHNo_bzDވՂ+5Ք(!"FOn ׇc` }+EPXxiqؕ OQChŮя,vfl˔ &cY\YuR6*)f[\ۼ/> u֕jҹlrV&Ze^);w{TSjP`)bGR%WGm;O? _رJtu H;U\~N2`-֞?cQA.I?> 攞'|pD]DcJ tH$Dܫ'xL28tkU))Ae5PFfNa(em$_"FCLҵ0[1H)g胯/_(d7HQw'z0߿Ű(6In%( S'pk`zWvʆ6H_✮⽏jJ2B t/6l/6]]j.0L& A(LJREsu^{Ş<<ԀVg!Q`JTlĎ(M1.zA+ Ϧ5A ia׭G5T ,#OeYK? %B~4 &9JpO9@HnvزW_[1^aU"ZIRs-v (z/H,#êҟ100u:>Oaej %y<$]I  ䷛] [vHciO WJz.Ṗ WsHP@,)$`!u2iII߼u|osjD긍؀}z -`g1?OYQԆng"My;ì DǧCdlhR{E/2(`3m!t!K mVB/Wj;ZQ+ N5c>kx𕬤^jArO֒D}A1z3ۺ| v_ !q eU+ [.񄻚7Uq׬[̀ؗŬ"#$ w/oV޾HXUˤ`-0tŭ/G!kYN>I=(B+߅t^5"rwђEb|c;ba Bt< oTXtvR|L%R#3~\{x;c7lChI) HWV=C:{ȧ'$b,_%ǵTdv=ill'!qoU.j5='r u$ w<6m.P?THmn{Иu,03O$o:B C5sx(貌k9g-?1WHBs@cU1 a[͘I[uy ]]V\~#bEEk ʔlznQȐʔN0=P'K-oJVb혢v/oI$#rgz׃3r=7b _=aZ\kf)dC(WsN(HkOhS~_ _97c=2^=,z$jT69zSA{Iw1 kAplAʇRB E,gZP[Kw;杳 æg/|L:j K\X|vo$ 1OV넆 sN \9Ʃ%yg$82cH휝_Nl7 dˈVkFqC$B *|YpӯPhN,jLvܷMȣg 2Ͱ^F Gjr}N,rbwb@GLKesիK3?B%'mSLP= -#+'1J2t0 iӍ1f_ka.pXK 3Pwr=lwcyKԺtf>qo>oF`$5-km%drh6{p}Ǖ-Ts u-ܒvC2%X^g*'vBN(Y ݌HجKf9S I^qc|_ .{qCվ.)\V" L$"B( Ns(!;X9O0|sVG^ZE%{npo(( (#N@韟9j9XG8l*!m,Vq+']|ӚGhy2k m;\Ǭٕn8`9|jQ@9s]3yNY !O/G^^'@,%涹FSnī͏=y[@V*U?AtBǖCPNl}ۈ`djLw%x 6}Qw4/ N޼`nuNk>p,ځDjp"`3uF]7=2r$<>|,k!r۝?w%,x@bY٭>ީ,V:bpdd>KwRb@?I896<܅ZК^*,y3B~]3#7%Y3Rn|PwmX ߜH#ϳ](eJW}:f"hF;3i&C9mհO+0/}Z*]dHuV,(~NE%2Dq4.