container-selinux-2:2.21-1.fc25$>n.~t%F ٱb2>?6?&d  $ L "(/n   , L     < d     (   ( V8 `9 :<>@BGHI4X<YDZ`[h\]^bdefltuv Ccontainer-selinux2.211.fc25SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Ye buildvm-14.phx2.fedoraproject.org|Fedora ProjectFedora ProjectGPLv2Fedora ProjectUnspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/*runc* /usr/bin/*crio /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /etc/crio /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/*runc* /usr/bin/*crio /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /etc/crio /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : fi fi #define license tag if not already defined&<JA큤AAA큤A큤Ye Ye Ye Ye Ye Ye Ye Ye 093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5dd6016dac7a2d4d923809a1fd977b273e78fe7d19fe580c4e151a0757e780876ea7b8ebaae3e1758fb7980117986a9ec61ba0cdefd3fe48873a25d3fd847256cbrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.21-1.fc25.src.rpmcontainer-selinuxdocker-selinux      /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-python-utilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)selinux-policyselinux-policy-baseselinux-policy-targeted3.0.4-14.6.0-14.0-15.2-13.13.1-2203.13.1-2203.13.1-2204.13.0.1Y^&@Y^&@YV=@Y>@Y6@Y5GY0Y.@Y@Xf@XXYXXe@X6@X@X~@Xv@XtXp@XoXoXoXWDan Walsh - 2.21-1Dan Walsh - 2.20-2Dan Walsh - 2.20-1Dan Walsh - 2.19-1Dan Walsh - 2.18-1Dan Walsh - 2.17-1Dan Walsh - 2.16-1Dan Walsh - 2.15-1Dan Walsh - 2.14-1Dan Walsh - 2.10-1Dan Walsh - 2.9-1Dan Walsh - 2:8.1-1Dan Walsh - 2:7.1-1Dan Walsh - 2:6.1-1Dan Walsh - 2:5.1-1Dan Walsh - 2:4.1-1Dan Walsh - 2:3.1-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Allow containers to execmod on container_share_t files.- Relabel runc and crio executables- Allow container processes to getsession- Allow containers to create tun sockets- Fix labeling for CRI-O files in overlay subdirs- Revert change to run the container_runtime as ranged- Add default labeling for cri-o in /etc/crio directories- Allow container types to read/write container_runtime fifo files - Allow a container runtime to mount on top of its own /proc- Add labels for crio rename - Break container_t rules out to use a separate container_domain - Allow containers to be able to set namespaced SYCTLS - Allow sandbox containers manage fuse files. - Fixes to make container_runtimes work on MLS machines - Bump version to allow handling of container_file_t filesystems - Allow containers to mount, remount and umount container_file_t file systems - Fixes to handle cap_userns - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow spc_t to dbus chat with init system - Add rules to allow container runtimes to run with unconfined disabled - Add rules to support cgroup file systems mounted into container. - Fix typebounds entrypoint problems - Fix typebounds problems - Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Add rules to allow container runtimes to run with unconfined disabled - Add rules to support cgroup file systems mounted into container.- Add rules to allow container_runtimes to run with unconfined disabled- Allow container_file_t to be stored on cgroup_t file systems- Fix type in container interface file- Fix typebounds entrypoint problems- Fix typebounds problems- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.21-1.fc252:2.21-1.fc25 2:1.12.5-132:1.12.4-28container-selinuxREADME.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2noarch-redhat-linux-gnudirectoryASCII textutf-8?7zXZ !#,\L]"k%.NĉNμ5#+mz qs).C=۫Szsàvu ۦ_fK,+\c`4JzY@޲b3'\9Tq6Hn ۈyR gb|%uWr/#Jz\1Jwc<1{mԼ}4Lй!T8APGj"ڳ4Vz _c5ڊȱ3b^AHa/"`NR:tMXwI;4GźĒ)GnZ> 0a '+YLRPqBrDM3n4<'L'(:hD,{F*chy˜h7& m|R6HrzaG#N45:P Yg3z^ECj5KsvkW!ʌj05AZ0~zŐ/烢u#sv zk@{0qCrU4&{#붉3c=/]JspdU4kc)r}^Yvebj&1JҮޮpCP> qǐ[z]%|͝w‹xB!3z(|{Z@l7o:iH}/ ٧h`a|krO#4e='QrRvo jJed*kf^6cXF\Gw9ݮ)4#Kp2%q,HE%lb6}]}h79{Yw~'{J4|5k9.gԑ^w1?fpYE+.ۗYW {n cm$3A-MO@|>#eqXN9 MSsmj`áb dHi5G*{^Qn<:7'WuIPu 4'qkg:鿇r@ rL-eM fP-MȴPߗMQP|Nd N_*>S`cY!fӜב ʍp ?Y/lit)>h# l Lƿ"`m[G1 QNu9_sSj`Mc1FC|s%Q$FI ֢(MU$EW%] kF XWiN)QUX'hJ<_+j auC=xWk 5Yde4uבcx;;2R1G8dFݑ/ُx{0XAGX:x:Ѝ r0V%oT=#eoc# [A⌡H Оq\tu{- zܖe̔>'h^,QíG)B!qO$0JL>=d7h %S"{ysb1Pl[ .DĽm^n84!9v*#.T$K\%H7>XD8 GQqXn,375I*u~T>!hdeYh%FRք#::CpRu گVC7LcW`$gǑX&$i:z"oYȀcM "JŞFs74C]i?+j# J3MZSyҢ Mf XPc }|oDŽĢEB{YEF YO̧?ɼ@FsqZ(0!7g~KjSٺ2$Jxfx` 5zhM}qwQJ]Musk~n0x|B jXEmOdS<[P<ds2=$ac@O?-ҕiy(ڰK 8O=Tyn2LL!bށ2gOl} Ga0La~tanf7xeR*?\ J`.ĠVuz=S5F~JH[S@KG<6{RWX sN>Jd|fX WX9"Rqw5Scؿ*8:(x/Wg,S2: $;/|G/R_Մ6_nW(mhcdYƛn?Wn%3m,!C~_i= dPT:~L"HZ E^]ޟٝFê=n}0KZ`rw9fۇp#Hp~j#|nEX! ޼3]ԖCO]ƥ]x7 |!fq*.+4SRÆȊͨ#4^;ktŧ44|B#l OXecWmyV/JYX tp 1qY5+z.7:kMo@glf#]HbUꩢ',Zgc01-HJ2֠A۱XFq vT"ZH:ʞ+3N E~_r sAMzv@1Ԥn@ CR R eʚmNup#6{=%&Bm{{o#mb9s8d=X[LL{rt!cZ63VbúvWR|'7U#BJ$:o=t( ʪT_<^bgnB7 i+LE{ji͜S~s52.Xekm/^YlW}%i&,ѤS'bG1nu;%0DsS,,d#uLN\7K/Tk{'Y"g |!-\eرMbi dxhyVu90_@(bTTžtM ʰI.KI"5Xc8ؠ :Jg@w+0! L&jfQns= Ĵf9dBT늇.B;5iHj;0E䂝'3G+qVedO7^FF0|-y 4.*Wvs[i#K #kJ `({YUqSfFsM7#:pnIaG?svBVC"ccHE䉻B[ [cb Q:xF?&xa-7)\!QG#Rc\#Ei ,zD G>͟esC`H )RP0),Ak2\k8#<~ v*R;8- ǣQ\0Zz&ցjaI< B c[WU1$5̇~Wms`7kx!f/kl&QJaS66U1 lvV6&^D8H#x8鉗~ ۤguU#O˺IeMݫW . !6=.\m*CL> )f݈%F83T!Z'[4D~\io<`J֩zpj|yO(L9tГ=ײ?O~V5숯 nߜTXV7oNĵjͱ%gQMuMe ob@P V8?ȃm~:7FQCbYzHuȒ$Ae{9$#fpO4v٤ ANo GԒ^n!D$ -d'2;$Z3+^2[ -umV\do Ţn5STC7w~ V=jXmp{EzurKW V/JƠTtw\Jtly!QtshQ[6;zWT ,n!'Ɩ/9F¹~h!^ܽNQ(S;jl>'e *-\ׯPs#ySҎK{D^9#TsD{l?Bb,!~Vlh:Ne6-/cPT:^Rx)w˴w.ӎ .,qx(/& 'F!P?z-;8Ѿ eKQ_4{ڨ2si9E"@I]ҹRW{fU y٨Em z'"$,lN*CP@e։ۚľJ* ±Q_(~3o yuᔻu8ɲ&RUC"z"3nƐ]Dήʞ@ziD4NmڧQz<V\'LgRiC #=)VV(3Aס0 bRgWxd[\ůz_TY_Ʊ=sv/^@jv~vÃvL p9vElmlrh(][C7\| _CfFZج%Ms1XX)\c>odIݣ`}LcrľJ [zCz?+F:;XIPON]Rt||h+$߹&8+ѭW+5RYA8'uv w?fKC[ Q_(?꥙6Nf\#sK3d}4 #d<-S (2<=8TA^{G>v7S$zKBΚ83jBk},L l Uv/Cjcyw1d\ nWQ/}]UQU -`9 0G. cL-L .04"`툯 1MF7uUGTEH%#LV$ :3KY9s=b`UJÏ}p WMw# fNc璮+m%>6 L1h&'{y2bйzj6o Kr=\w=n Zسȳ|g [; uщ-Z!5ؠTG@M#W9Yyȴ9͟Oדv9"&c/xq6(u7s\XO6,vN,Wrz](-DO^Ɨe|Foy2ݏTzOO75T@0ѭL?t &|ĀBQ p+,i?sSCrȥ(OCQ F! H"}qbrFʉa~Nt7-{毒m"̖6S\n OVA 0:oS\GNϦ?L^|{*R'b@;|X&lRWt!Ƥش-g#߿He a8XmeX-1|=Vj |oW6$ؑ>DeۘH&]!͇sxa?s$1q:pʥRlD){dן&ah^ȥ*2QiT keďs᦬ޮh2p(DJ8%C`Et_˫Gt.]iP8 ֳ]VKk;xfoJ|f`M*ﷷJ K^2_EZwL3( ( pᓖa޴B} eA]粦Y'F39Gr߽#/d;:˘6 'RކW9mSϺ'u1MLӹA{0Ap\~W~Γ{i& TG]4$saRs BP`]4hh̝`CBPXt dj,wCk$R9@.sὧȦ$mM8O#*mV0/twUz{ʑ}OZK̾LIASvi?#Rt{K@͊lZ.{QT:ܸ%45eq`m)@P:&CX 8ĕ1ȠsSս˲,^\6˂ˡ_py ( B☉g |(NG۸~؄."mtpL$:_&E6=c_Z X2l娾0mBKt_~^=jw%e;6Y_EP@گI֤7>YPCsm,x[!亼k/31)$kW`KK=A(\j[>t],m IǤaA>Z,?dW!ԶC;B)5W)rdc]Bè{,֛{m8`J#iCVXK#:;:ukɮݸ8'"XHjhsal lTrv9y' p"ȿCg;-5cC>K$<$ K;^LkpZqږi,dWm.O@!|]/?l";3|Y,%vC9 cLKJd ՚욮Wv'L86 $Kэe!"g[3Y0 C<ט])o\g gF+ֈR:}7N"]P:pm$C0߳O,$&Ԋ5ghr5>Q9z0 PÀ,-{~W_qO6. k=GlDhl6a (;[aMl6P>Aǃ/bŔ/|أBHUcuXr%G1RŁNax'&~Imգ%E?uP^qsgu>Hm320Wt.jȗuHc?` t6A?[q{ZP kc2͞u B X (,9+VD"lV 0#`(w=*)s;LL[z!ˆ5 (Hߓi$g͗~,aAs%Uy,qwX0F[^M:הJL>͉e .F?)dʗF57:(8bI_"w{_gdF; eJzzJ寒,hNZ6&.Wvi1'C L=o X/$q>K[Ɓ"&١TD.s$9!=]v 5jy_>#%wWλf"Gq4gG4Ԫ!ck˖(ZwF~)Yӭn:lIXx;XQhzΈ32k1aVYiݟ4"HԠ<[VUg7Oxk{'͇x?cWwIjޞT.4r$\RLdFiK#υoܟ%AE?su6|"K|PO *i` >ZoJVZ#/3!5DAMDѵp2t*mhVJ=ٕ^='v)F'S@n`4JE= zA9R DoF<(wyVΞT7 mG̐,Z8Xmjuw~4%^sAt æ̵Z1D!LgW.~Y$K]|Rf|$?BR!sS.J^g$Vҭ.s!ZSIABFON'h޽uqːiKXwL=ʠV]Eo g^Îo(|Å_-?%uI@c]h?*y@(?jKBHFtۭK4]BT^i%Z9>2S<Nve58. ~vas4.QIaC.A-Po&Y_9Ot4:`HیqtF6JW&Q P(~ 8wRM K!rYNb8"DZmXEB1.J [jNB/TN^Ux Ӷ\4fVΞw2OhOr2&urSҴcjOb p={&wҝ N.&D-yJFǷzY-Fk۽#[j4G4>[07dxf4h.h|m|AœQ|[3tX `Z'n>-?i!ց]%`(2d >kjytf8h/lXҩ'|d 6xY(0G#K:_)-  Q48CT֌a7l@$c}ֳ@'ʳZ" sD|3-ssHqU:kMk1i"gZItPYΧ"3Y<[Y T4f1٫ xW4h1=%♋-?MǔSZ-epx9D 3zcoxW۾:;5ئŕ[N `Ep/&v<+}'ɕrߓa,DC߀J )wtsE48Xr }9b4sR#=jٽSB^_3^>bx .h*{:.jhn<ʐ< v!jvnT&3jk>gtKP&|dU /=D& 8^`}7CYDk"H~C~zjPAEUlrRŴk _b|?1ĥ?r]ϟQގTm/B,U+78hVG^hqnrXJDm,[J+O:`L3dX7 $_:(|NuY1h^llп\8^< ,B"5D d)؁wO0<.i`LjZDFîz<kG7$uŌJރ=`;)t6Y_gS;h_`5drzO7\WT$'CQ(lV JU/7DsuQoo r81c^j6(<Fˀ S7;ig *p(^`HXX܂DcE#(}.(?׳dU. t"`9I07RR0)1Ҵ+9+8360DC'zVuBT|~=+ʬ=heΦE*Xs!)4n6ӡ4dܨpW> Cԩ<冑eh#`bbvɳfQ qV׷&\קR=gS$B/G\x/q>֞]fK1NO>v/yv2y tG"ްDf M+Z0F+خr6窙BU4ad; ҚDW龆h 9wWCXi}gNPZFgn3@^^ٓtqΞ(hhM\=`s"%|iWp ׈Xx;v$|Q>Z-8֒F" 9L&+"D홱h0Z뜝-p`ă!;s>X8Ӕ?}Dg-@~"^_c,][En@22WdEYV MPVDXyٙԊ!{ ؙ;9ɺ7AdȫVI7bWеxUv8!=`k98Ng}b$UM6aCӌEZJr.U0?9}WYFf»4d1ZTk>1Q(h@MÑ|$yӠɼSf`( #җMU|#O\ >bs…et n@@u~#a5kSkRivPT@ILOѫ*1ŷ9뾼2rKe m(=r/mc%< tD z[?HVCQrXu_`1E9 '``}p}Y[V55[uP.u's͐=Xm dq:LеAaB p(\9uNk4AP6&5ǠO z)='^B:b4CKMxfQF1ѭJ䃂PFx;[Mm-tE@N}32̊ gp N SrO tR:sA6 a`w>{t9X]G '-a@_^28VW.N} 6m^j|ൃ,_d [roTrƤ [ӎԶjiқՐc_)4{ߞ{T-YXWG~4Ll|plmI}BA±x[ _2ЋPln/`uS;{I07n0'eBӔ$˅'@4VDO )lQ*g0ETڔ$qeP+-tcx2MC@MS*.%VB.@y׭I>WNa?߮YJdU2XѱZ.8Hݾp9gJ0"N-s2-3Z>|"kYrySOI9j2ՑKItK_Gwjk㲩vٌܶLrid&F?vSZkfI"d\[yNtWw̱~b.cNEIlfB GV$k -;'ΙZ̻IЙ\;I +}s孿n>qK貜vqo% sy4b.&My.# nyyS[Q(}8ұ{–Wn1q^saDU=cfXዣShnn)"6)a/61x-T>Tp;c EKnis=P7-u?/?m4hb ?ϵV%#.DžjAg2<3'B#6 l\2rj4"*W*^8#]W_]%&if1[D sGR,`n 6A `~ V`PϘay;Zn]=dUJcsn<9 ÔÊd dB%^q%R)gJ *3Q1jepZ ,eGeLe`aQ1/Myf6lJPW%KY^oӰ_?K љ$b }+*|ԋ>Eu%Y( (KjK5^IY`潬S} o׮'lLz He ~şo,oKt W1\6f 2zwo`?%hqa7AVv!.$QE?Wbt[ǃ$ @0苂u #sD!$bo#y /ϡgͷDەu_;Ҷ*=P/0p,3(>MG fWv k46z |>F"Q X25OiV,)UHʏE }ku\ʁ_+!߫]6/H&{.TAAw➔c9Rk}Q1O40т47IKZo%9Mj 5p2L- מ ma RzeRujz*ޥ7IqW.[z3l&v1_шol A譚X8wQ=Ytݾqվ[j%PFS.Τ$Mn?/!qdh_;q, zUǍDԽ?mI;rg:苭ǣ k'z[JL5\XˈTr$)'0摫AЪZsյ̀uC'Y:^&F7 Hơ l C4GNk7Zz7btH:ZЎ.5o`[ctMlg# f/$PC|3Kʒ^1~ fWc3GnwY2$rn_LV%;{*36HiF-5%&taԱC|n0gRAxBR04`P ܌y=)S1EɈSOXN2/LG: 5tpj"*n 9=eU>hΞx,(USYl8GRVmu'Q?MJ]8 >9bdlk3b^-B,jD[&}*u-EҪhtt~[99&qF$ta]2N>0a_ܰo:o3_h6irG)}vD̠4>6krS`?BRύBǎh߹g1mLbzh+<)T~9v:V<3ۋ rf0/Ggvʠi^Na\ᷕ 7}%F9=pс5gq!Zsg99N "*!`uv5)Ikܕ󿠯C!HX6q>R5ⷓN֨9C#+1Cl-#;sccҙa@  YZ