container-selinux-2:2.21-1.fc26$>n@SWO>Mウ{>?J?:d  $ L *07v $ 4 T    $ D l     0   ( ^8 h9 :D>@BGHI<XDYLZh[p\]^bdefltuv04Ccontainer-selinux2.211.fc26SELinux policies for container runtimesSELinux policy modules for use with container runtimes.Ye buildvm-ppc64le-03.ppc.fedoraproject.orgFedora ProjectFedora ProjectGPLv2Fedora ProjectUnspecifiedhttps://github.com/projectatomic/container-selinuxlinuxnoarch# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null /usr/sbin/semodule -n -X 200 -s targeted -i $MODULES > /dev/null if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/*runc* /usr/bin/*crio /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /etc/crio /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : if [ $1 -eq 1 ]; then restorecon -R /var/lib/docker &> /dev/null || : fi fiif [ $1 -eq 0 ]; then /usr/sbin/semodule -n -r container docker &> /dev/null || : if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy /usr/sbin/restorecon -R /usr/bin/*runc* /usr/bin/*crio /usr/bin/docker* /var/run/containerd.sock /var/run/docker.sock /var/run/docker.pid /etc/docker /etc/crio /var/log/docker /var/log/lxc /var/lock/lxc /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker-containerd.service /usr/lib/systemd/system/docker-latest.service /usr/lib/systemd/system/docker-latest-containerd.service /etc/docker /usr/libexec/docker* &> /dev/null || : fi fi #define license tag if not already defined&<JA큤AAA큤A큤Ye Ye Ye Ye Ye Ye Ye Ye 093be781f9916163b4f01d3f7edd672d735d3d8347b5aa643cfa3c58057c6d5dd6016dac7a2d4d923809a1fd977b273e78fe7d19fe580c4e151a0757e780876e0e497ff3a07fb07e516ed48d181d0993b568b68a42cbcb62a6fe1e54bf80cbbdrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.21-1.fc26.src.rpmcontainer-selinuxdocker-selinux      /bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-python-utilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)selinux-policyselinux-policy-baseselinux-policy-targeted3.0.4-14.6.0-14.0-15.2-13.13.1-2203.13.1-2203.13.1-2204.13.0.1Y^&@Y^&@YV=@Y>@Y6@Y5GY0Y.@Y@Xf@XXYXXe@X6@X@X~@Xv@XtXp@XoXoXoXWDan Walsh - 2.21-1Dan Walsh - 2.20-2Dan Walsh - 2.20-1Dan Walsh - 2.19-1Dan Walsh - 2.18-1Dan Walsh - 2.17-1Dan Walsh - 2.16-1Dan Walsh - 2.15-1Dan Walsh - 2.14-1Dan Walsh - 2.10-1Dan Walsh - 2.9-1Dan Walsh - 2:8.1-1Dan Walsh - 2:7.1-1Dan Walsh - 2:6.1-1Dan Walsh - 2:5.1-1Dan Walsh - 2:4.1-1Dan Walsh - 2:3.1-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- Allow containers to execmod on container_share_t files.- Relabel runc and crio executables- Allow container processes to getsession- Allow containers to create tun sockets- Fix labeling for CRI-O files in overlay subdirs- Revert change to run the container_runtime as ranged- Add default labeling for cri-o in /etc/crio directories- Allow container types to read/write container_runtime fifo files - Allow a container runtime to mount on top of its own /proc- Add labels for crio rename - Break container_t rules out to use a separate container_domain - Allow containers to be able to set namespaced SYCTLS - Allow sandbox containers manage fuse files. - Fixes to make container_runtimes work on MLS machines - Bump version to allow handling of container_file_t filesystems - Allow containers to mount, remount and umount container_file_t file systems - Fixes to handle cap_userns - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow spc_t to dbus chat with init system - Add rules to allow container runtimes to run with unconfined disabled - Add rules to support cgroup file systems mounted into container. - Fix typebounds entrypoint problems - Fix typebounds problems - Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Add rules to allow container runtimes to run with unconfined disabled - Add rules to support cgroup file systems mounted into container.- Add rules to allow container_runtimes to run with unconfined disabled- Allow container_file_t to be stored on cgroup_t file systems- Fix type in container interface file- Fix typebounds entrypoint problems- Fix typebounds problems- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/shcontainer-selinuxdocker-selinux2:2.21-1.fc262:2.21-1.fc26 2:1.12.5-132:1.12.4-28container-selinuxREADME.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2/usr/share/doc//usr/share/doc/container-selinux//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mcpu=power8 -mtune=power8drpmxz2noarch-redhat-linux-gnudirectoryASCII textutf-8?7zXZ !#,^5M]"k%.NĉNμ5#+mz qpwu|BkbȺ:emu/%kWRK&$n+0q=ͦf[1["#y`aÿ3c$ %77i!˺Qb.s$J̖*!rV Xa \/03}Dą:Mů/ORy=|p=k>QrWy!bjVGZ +)`v}$- Ӳf=m|60{C !X.2f1,34›;UmGS#oF~P&A狤n-'ޛ^r{Rkob cuP>whpUn4ٿSB4]4Y?ח|f55֭;ݣ[7 Ȥ~`AaiE#H V20(=#.Tg@ =)?U{2M9.{>ڇ_CҜBh6IJQrvXF1M>K_Mb;'5q<]5SkGXT2KHbVR~gr R]<[2dǭ-u|w#Gԥ# z ZuJoL9=*MKxrZF (϶(_DH1_6pdIaY[V}nl1-",[!nc^!ht VXlF2kE?2xOF߅F˶ܗ%q].\HZФq#p.s'lD^Za<-DJ;>RCJK$uzziF:5TL~+#Ůxc˸G.dk} ִGi2MO fM4.#I[-|#ZV~fЈ:&J3sT?}F?+TOflU?lԇݎyA^LP\Hۃ;4i?);_h6ס7\<$٧ހb$&д/uR؈KȻ ib@vv`5/ !Wj3+mQ 0*>uA.~,[br\pXȳv8T ŏ5߮\\3PdJ;4pWX4/.ۅaU;,oMy4>^0R (Y^@-dR]d*;fТ(М⋏:|yF7s1Q4a.c~hg:aQ_>N3A3SF1_ yW-ԧ3E@hNVg<*֥"Y05gp2)%s7YES2Gf1ut6Ga!I$gO_\g韮PG (wyu ur qw݅5tcw]"t)il2mP\/bq5!CPRhV=ϪJV _N 焟Idr O 6N\U%03iPX)>n  D`^Nx+ƞ͘b0Gfe0sV:5%)KS|J ~ .r#ՔD Ẍ́>,k%NsY>Wn QaCxLj[ۤeM5<9`>&hDk|l'F7\Rpu7:퉄xԾJ%_ohc>ʂ8ܹ`o %?Xܡb5tp%dRbH F1=dgN4߰Ǭ91{&7 7u|dNT#E&ۅm7Q:ߊ˹l"rl_5ɻ%$TS L 9,t1Jmo XOϨ+XR:@@,4:Xs,5i㍖; lyDRЮ{pmva}/Mc˨8\XwS[&vBt)_&}7e~ׇe9v9!8-ci$iTk¡@y!VgM@tWˤ6/9B^pZy2v3X4ЋH5qMu5-[vyچ&X(`6hYql2EAV-߫Krܷz{qGxm+'EK0ė>wF]XoQNTY&!fi (OsTa/B BdƭJK>ҍO٦H%aW\ 4j_y;.hApZ/Cb!nצr}|3O1locC.XP&vwy@~=j-X*AI %jc S?Ɩ! 6󶥹9̈́MӴT2Crdp!" V'Qca JΪq˓ f0ïm~A qO|Au ݨ>޵gۋ6b>HFYijC}8 Ë: ,!1J +vsj˔u66؜/kR&nm1C"8k.;|Ľ\}- ,ϐU:x5ZݏNc!)^)Dߺ?T=,wgȃf#KNLng=&ҡ#i/S b;NysP7|73E8rIz~SO*n(q>q2j$񫽮HC!{.d6JbGUvY@|+ fV|]S0|[81؈Mlر%CmJpw|DDNRY|4W(aQdJ)9}Ug2ւ*Vղf)/"҃YIp.f,j+wPdeGf闱p q:x:Hz ۠Ft_S_Hׂ)U>Zj|\[ۢ ztmy% yF/%DZ+ޤuhA=Uf*'n@CQmCx h|M^eW%UQ;9X#N"n_NWasq䑨+,uos 5g~.Տ*lZ5gUޭ/0[&NRyWjtIѝAF?Y|U1yy.o-}htO,;xʩKiD-_?AӇ]<; p1[ ԙ_xB׎rsIH|r~uԀaen5ʋ<*D@H3w&?9I"2rG iY=l+)'|f94N50\!nUwgcV~E= zs 8r\T$[,oø2B;7 [Zlj[9Y`OZxQ\6չ$<Z47@Xփzצŋ]q!PK޸,.RNa9Տ乔Q29e\>*Pt(Zhac8"PJ>/r Qgl<5^+S )iñR-k2,u$0SNuc3s9v\C(@IA\9mצV9,$A!6l yEʫY7{>s ~&=ǭ6fǗJ(K-PʁIQxtp[Ks-b/$&7wac2YȽƟ aj Ql5dZ)WD*iH1%bqEfMŶ[ ;fHi=IB8#Ar[eE5.ՔdnGVl]!D>:) ^0 Rz12gm3g_%e!V~HWC, {RҿQڜMeİ+O(%>g1m/QYdbŦ֪v60;~|xWpafU ͋\N7L2)gs h̋F}P˭*(`@5L>(4)Q wiMlIM_q&uF1? 3 \bd!q]u0N o&~9U<+4J5$vPNpPJv #!#RijPqdÎRa<kڑƚ(3Z%@}JY.#uj Su^4~m\W Iќ i(f%= R6ڗrƒOa^dSL[k&YfH0Sx@+*n<ϭˉ>9\Fxm~Og?Q j"m?S''uBJYǎ<0p[R;P WyD-o/"Ii{*V%8bhn'6 '!r`z*qfYb`PjZs ^"^DK>7!v0ÎIk [q9g1jqC@Xx $j_:\acIC,oK}+JD&2 ژ j1_2y=3IC igT?( 7mVea'6 iddt. n1&_6Ad䱃jRI|e)n'l[b  '4K!Ȇ`>ɤWbHZ\ߟF&Ed^M@ %"U :X!R[i]xmnl;N5Ǥ2NhiT= #GV51|f}w) )F;ҵpu\DZVQܲPʇQͥt GDU' UNv,si-e܃2M{QIw&]%ϧr@Zצl4X!ok'u39@ʥ/m-ⲅ5HŖn- aK0]eqe^yEoE܍K;B1(CG/L`b݋ۓLTyb9[W25Yx|_z@˓qZoyJ: CFxC<=Ǜ%"I_tmy係rsr:!?TFmon@^b@"YP H9};K! ^@6:& PO}hh%JVsQ< YuG|gMpÄ9:;6 0j_(/%?4+x}#j&+~Ȅ A@uz0ev/G lb`Mw{eCxrn|55̖Y rde Xg1O!j=R|C dflֻRNS:R8)|x*-5?L3EY :ߓK&C]pRnSlQڂ;a +Ic3)y,7 cuw ^yT_k`-;T riwPS:]r~F)n&{seIo0C.n_gUt>>|&E㙛Y;-M[zO/nŹp9Q! [1|\@n>,_ame L1מw`6 y]߰^<4V%͟Xi}mXĸ宺0]xl_e5S=̙봬?)pp yXbeZI(2bJGU.oᕰIjHM3*Qu)B7;v52rT_Xm, s ZxQ` 0i}H րMu~/ h¯a"S$:F鹎& d6vTmsѫ-up2Jrܢ5<ge =ͥLxN?88XH z:IBBT8aI/( DwI3O#0~dasU@ n 6kiN{x=fdhJ$?7fHb> +_݈ d?84ڶE/u/.-؈ia۳ DŕժOHPHL{| K e[{{2>_3ñÙ1~o 4-c8$G5X+7qE"­U ͕wQ4}zC=|qG,Q&JR3a"Q>q DWKzyX©0g;u mҺcjDe!>'nk!*<e.@Dw^rd"خ5?0jX,'h"*Q#;7 kpo7@Oyh*$W;i"4uli㨞R7nwa'zK>` q9HVf3帳b4?;AT37 e܀=;&> dn:P)&*|)Q!%w(U']g 5mW (iOٔPX>&ĻnoY*?qPǑ {L'E7zP ,Rd?ۜ ;#K3oF3n1B yv4ؠ>=Pv>8$SצNWn\*cn(d"p[v[u \!c_Ǔ%WaR2VVj!im rі҃ C6 7dI{hPT8ӊǃo MujkR◼i]d~Z9GƝ~ȵ-{.9gXy [Sw-Ww\(t"Idž4lt; *{ycO>tlE԰aqQ8$1vZBV*Y2{h C6[esw4wD>0kOf-cMGSLvIs ܍\ъOY2LiN}(lt2TQ'C!\\S ē1cs53Dhy5N /oAN^|Qc7Yo:OZa͞z9S UST4$O8Ble@Ut>oϋyp;ނ6eVyE*A%L8w-|i;_%( BRܼ6qW-dEZ9<[o៏%|*`y`&xr0R~kq,oR'2Ѻ{>]n\`Iw ۵1p2#)&EabksljnיڅAH8M21T~TV !6 _/(>Ip!4.:Mw^ZmArd|v)a[/@J&~X,,idgFwr=EK4_Iʵ^r!mʧ}Q!F?!88 ]K;-(vfTl7'N$~k޸r]㲙@|!vrMηB[Hߢ{ p]PV=.N&ƛ?VnފM"TCJ sJ䎰 D5Y:@1Ō^Y`8*aHg ۫VU8IBBvq;0Xfl1IOr8ve>zud(Y( Dk-e->^D,Na Q6q$)lk]U/hy}x]4O~ %t!c(>s1;d[0 愩S5oE҇$kLZG\su,tט$7)~t2V-pmeMa{.6YNƒ#BG%wf? 5v)3{k@AQfڰht}J\J#SUP!am%b%tuX<*alpEorӑ,|KđUxMu8|kyJ-Jj+$zrO,ЫZeDތBKK'Qґgn-`L2P@pǜZϺz4mBDu˼&º .L6v"g'/6?@ r*Hr5 qAfXFSQNnm $Ml_ Ȃa N:12`b`Q.x|(h&ބZdeExR#jN a 7+2&EKa?H}Fr0i&St>`SfCXo$wŢ 7ueb{V\Q1 4[ N1w>#6㯹}q~J 0YʠB5'_Qe i@i½56p}9}aw:  >ux繌g3Fӂ0eAQfG6'$\I_Crh1yXFr^Nὃ"-=.~f}L!YGV֞>U{M{RN9H7_a$ۙfS g-?U)w<@\0M39\XrS=CPE8ϷE{TPrz)'BXWZ/PsF^0׎Cmoظx,TmfƄK74 ^4a< $ǶĎ(MxjovtgM@\rok2]P5^*zr~,a&G/GTLA8jLÕgb*WyL4Eʦ h-яDV<ItKlk+=lZU,'! Sb_'!џ7:YR (($]MDyk^*Q4z ed}]/vy/'<42Sl!24X}sKܦb#my% 6J:K=Jx 퇜(6*N0pzB:w7T)޸MgDqrΰBɳAȱ\?l$| d7=b!~QܠwZ7~LG>Z\X<9 +kɦL)vOY)dW(Ju-$xM0Wsm>];ܚ t} ^J4t*1SIkj-!!ܒEbGl|d=zm'Q_MIꃃ@j%8n0, Qr!'0 ʱ  8ϰIV'O RZOZiגw:gdI@v-]/.В=Tb+PÇXg5(5]PGzcBxnQAe,H>ʷ;gn\wt0Q Hѷ%^tFdG+M.(_hti#o7!"-SN 74[Xku+j7-"'qlzMA".+DA'an΋Lh;s NĀ2h~/@v3D g qi#W}(zv+ݼ{<"ȼC~z!=OxݶZ#Aˆh _'su5=$HT~2V?;?2sw;.\d;I0uɲA8 ݑ7Iη:=}QD>|kazG8*CJO'ɧ h4<: P@M :5ټ݉&KVٻS?NU S \=_|.~[0^d+GrN&UI+rqln˒#ȂpVLlΏ^*Jvl0'8+Al[²#0u9zq>풛y,<2xVE+̵ de;ٴϋѕ#ly4Ьʕ yC:Bð/ƠXē) :,"UYG2ߟ-{<`fnr>ޡ7_Cvgji+zP,Vaހt_ܧh=3М`됴USQg%\K3&GF1~oB"ļ/uXۻTM4LGIu)q:zQ*X\gpW^ Ȝ3y{Fb/ gU)}t;q,߽L3~.Y`: &ܶ.6_nC`!_o|nsCEp)'n"wROJu`mc[POL_L;J\$BLjL" dw<{ &k츭c M< #ʕv,,䁫e_UJqI2fl^\vwGR+[rm'fNÔeBKNq/ WC `]s㐂ߞ`Hd,VlT1,~L,sM+ɴ{~@"_};FQ昭o}w"h%pal j||jTiwжiOF_ĸqP-S͟0@k:f^?L𥳐 2x>~v%TDGCק ĚE\a nY43P4FQ,GĿ|"xY&3}+@S/4Q=rn$.IK0Yy7S 8dѬ 1.YS\gQEV" z~'. } CՈJ6]1^mtTyOj sJ>`0:ofbb~E;<&Ķ#×j7@3Lkn߁"phyIqy\D0g8%Z9V" eYӻ dQ=c@|^ "$ςL~y) EIEF0Jss1vM8Wdh$W7鯞wT=9.&kHe1_pF]: .v")Hx/forofuNAKЩܳPyR^ުHfۭ@{}JO( IVÁb5O+qr zHA:x%7HI06HAU +Cn:EOpa{~v7"#Yz16BB|%:\yhTC"J -(&}%YDi !bd馩h*L;)"cvpKGme溓Q* 9rBy.d]0 *?+`еsb3?Ζ!xqϥYO6Ix@kW+vd5"N2'y'Ut\~]ۥX~[0&n6昛c \vY&/u/r0<;WP=#dR.saBE_^⫧8RڣmU%?`P|!#!d }w al8 E?ĖGgB0wwb*8m"wjɜEX˖gLպI)|$# \a+!?G`W"yxC@.G:Z]m^şr+8)aK".w=1ÑP{֝ͥ=̀)4p(J?&)؄*lqE(- SmLP JbЬhv;PO?Q`dY|:-'drA4qɼ㞜 w$4/l)bǢ̸v[ֵ 8 `I R˵x>DHr\*{$E6ny(2 $, `*&k0Q&7 78<boem$prQA9[( wX%ۋ (ŷGz{kݡy<ϭn`snjXhyIuoIJm$G['ldpWkV>,Х'Ek:6ś:}.;RJxKI `c)KLIt01E^+Ȅz 1sW͚?= GA8X)` D(vo=v㰑[HC!i5 6 bx|p4So02& J+o:y}*x;a+h2twŊ6 .HC/HI Y/avZYш[rjoF=+,Š>5K()\7yLD%O2eu__v0Fjʆ7,F2u_[;k;U:X7fwVrD UD B*^aG{-/} 0!,>$T"T" ?Gʃ/8s8Ɗ=hϤt:bo[{՘d.`HL7E}P @+=x\wOk5to6J~b Pd#@4j:qR`'@~5W㒚ҦȠRcen5nwبLBk CjaR#ߓ}:0  9Bnl^"1[?^U_w'9%#uQW>˰Nޯo.%%Jj\6gSkWθ礯Մ[FZ\N/ ~Ѵ}STӸms񷂭9UraW_D*m:9s3WcOшM$+tHi ?T@]g֦U#Ȇu ā w|,l\)JGY Nm̈4z\Dyٯ#JlSDJZwLY@V'7wT HFEv*7aRD\Lm-fPIt=Io82YxQGxmXS"]ÃGCUb#ڊafUzQZҨm <bQ0%7:bN-;v9.(?weFY`e FL2P>x*~W Pߡl)#ɮE,j05z {)lVxDDo \01'"].$B/?| i헔,Tml0m'?=/ڶ\Be9ZGQ}pX2[̻m_ul fvwm@_A, Vo3vdNw5k,8o^o<̀S@@r٢+loЖL\uZbN.mDm4g?=ަ<{}ϸ'#q{SBٮz]>U 2bX_|I5co*7N{"m}~M@ E ˚1e YZ