Mon, 25 Nov 2024 12:04:35 UTC | login

Information for build container-selinux-2.55-12.gitd248f91.fc29

ID25471
Package Namecontainer-selinux
Version2.55
Release12.gitd248f91.fc29
Epoch2
SummarySELinux policies for container runtimes
DescriptionSELinux policy modules for use with container runtimes.
Built bydavidlt
State complete
Volume DEFAULT
StartedTue, 15 May 2018 18:49:38 UTC
CompletedTue, 15 May 2018 18:49:38 UTC
Tags
f29
RPMs
src
container-selinux-2.55-12.gitd248f91.fc29.src.rpm (info) (download)
noarch
container-selinux-2.55-12.gitd248f91.fc29.noarch.rpm (info) (download)
Changelog * Tue Apr 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-12.gitd248f91 - autobuilt commit d248f91 * Tue Apr 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-11.gitd248f91 - autobuilt commit d248f91 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-10.gitd248f91 - autobuilt commit d248f91 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-9.gitd248f91 - autobuilt commit d248f91 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-8 - autobuilt commit d248f91 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-7 - autobuilt commit d248f91 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-6 - autobuilt commit d248f91 * Mon Apr 09 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-5 - autobuilt commit d248f91 * Mon Apr 09 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-4 - autobuilt commit d248f91 * Mon Apr 09 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.55-3 - autobuilt commit d248f91 * Mon Apr 09 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.55-2 - autobuilt commit d248f91 * Thu Mar 15 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.55-1 - Dontaudit attempts by containers to write to /proc/self * Wed Mar 14 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.54-1 - Add rules for container domains to make writing custom policy easier - Allow shell_exec_t as a container_runtime_t entrypoint * Thu Mar 08 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.52-1 - Add rules for container domains to make writing custom policy easier * Thu Mar 08 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.51-1 - Allow shell_exec_t as a container_runtime_t entrypoint * Wed Mar 07 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.50-1 - Allow bin_t as a container_runtime_t entrypoint - Add rules for running container runtimes on mls * Thu Feb 15 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.48-1 - Allow container domains to map container_file_t directories * Sat Feb 10 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.47-1 - Change default label of /exports to container_var_lib_t * Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2:2.46-3 - Escape macros in %CHANGELOG * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.46-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Sat Feb 03 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.46-1 - Add support for nosuid_transition flags for container_runtime and unconfined domains * Fri Feb 02 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.45-1 - Allow containers to sendto their own stream sockets * Mon Jan 29 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.44-1 - Allow container domains to read kernel ipc info * Mon Jan 22 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.43-1 - Allow containers to memory map the fifo_files leaked into container from container runtimes. * Tue Jan 16 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.42-1 - Allow unconfined domains to transition to container types, when no-new-privs is set. * Tue Jan 09 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.41-1 - Add support to nnp_transition for container domains - Eliminates need for typebounds. * Tue Jan 09 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.40-1 - Allow container_runtime_t to use user ttys - Fixes bounds check for container_t * Mon Jan 08 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.39-1 - Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t. * Sat Jan 06 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.38-1 - Allow container runtimes to mmap container_file_t devices - Add labeling for rhel push plugin * Tue Dec 12 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.37-1 - Allow containers to use inherited ttys - Allow ostree to handle labels under /var/lib/containers/ostree * Mon Nov 27 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.36-1 - Allow containers to relabelto/from all file types to container_file_t * Mon Nov 27 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.35-1 - Allow container to map chr_files labeled container_file_t * Wed Nov 22 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.34-1 - Dontaudit container processes getattr on kernel file systems * Sun Nov 19 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.33-1 - Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container. * Wed Nov 08 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.32-1 - Make sure users creating content in /var/lib with right labels * Thu Oct 26 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.31-1 - Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc * Tue Oct 10 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.29-1 - Add support for lxcd - Add support for labeling of tmpfs storage created within a container. * Mon Oct 09 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.28-1 - Allow a container to umount a container_file_t filesystem * Fri Sep 22 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.27-1 - Allow container runtimes to work with the netfilter sockets - Allow container_file_t to be an entrypoint for VM's - Allow spc_t domains to transition to svirt_t * Fri Sep 22 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.24-1 - Make sure container_runtime_t has all access of container_t * Thu Sep 07 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.23-1 - Allow container runtimes to create sockets in tmp dirs * Tue Sep 05 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.22-1 - Add additonal support for crio labeling. * Mon Aug 14 2017 Troy Dawson <tdawson@redhat.com> - 2.21-3 - Fixup spec file conditionals * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.21-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Thu Jul 06 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.21-1 - Allow containers to execmod on container_share_t files. * Thu Jul 06 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.20-2 - Relabel runc and crio executables * Fri Jun 30 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.20-1 - Allow container processes to getsession * Mon Jun 12 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.19-1 - Allow containers to create tun sockets * Tue Jun 06 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.18-1 - Fix labeling for CRI-O files in overlay subdirs * Mon Jun 05 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.17-1 - Revert change to run the container_runtime as ranged * Thu Jun 01 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.16-1 - Add default labeling for cri-o in /etc/crio directories * Wed May 31 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.15-1 - Allow container types to read/write container_runtime fifo files - Allow a container runtime to mount on top of its own /proc * Fri May 19 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.14-1 - Add labels for crio rename - Break container_t rules out to use a separate container_domain - Allow containers to be able to set namespaced SYCTLS - Allow sandbox containers manage fuse files. - Fixes to make container_runtimes work on MLS machines - Bump version to allow handling of container_file_t filesystems - Allow containers to mount, remount and umount container_file_t file systems - Fixes to handle cap_userns - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow spc_t to dbus chat with init system - Add rules to allow container runtimes to run with unconfined disabled - Add rules to support cgroup file systems mounted into container. - Fix typebounds entrypoint problems - Fix typebounds problems - Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc* * Tue Feb 28 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.10-1 - Add rules to allow container runtimes to run with unconfined disabled - Add rules to support cgroup file systems mounted into container. * Mon Feb 13 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.9-1 - Add rules to allow container_runtimes to run with unconfined disabled * Thu Feb 09 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:8.1-1 - Allow container_file_t to be stored on cgroup_t file systems * Tue Feb 07 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:7.1-1 - Fix type in container interface file * Mon Feb 06 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:6.1-1 - Fix typebounds entrypoint problems * Fri Jan 27 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:5.1-1 - Fix typebounds problems * Thu Jan 19 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:4.1-1 - Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc* * Tue Jan 17 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:3.1-1 - Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content * Wed Jan 11 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.2-4 - use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7 * Tue Jan 10 2017 Jonathan Lebon <jlebon@redhat.com> - 2:2.2-3 - properly disable docker module in %post * Sat Jan 07 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.2-2 - depend on selinux-policy-targeted - relabel docker-latest* files as well * Fri Jan 06 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.2-1 - bump to v2.2 - additional labeling for ocid * Fri Jan 06 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.0-2 - install policy at level 200 - From: Dan Walsh <dwalsh@redhat.com> * Fri Jan 06 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.0-1 - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel * Mon Dec 19 2016 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:1.12.4-29 - new package (separated from docker)