From 96428a8f5675ddad1739c8dae32b8064e90b578fbedd1c54aac0186ec484045c Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Tue, 15 Aug 2023 06:16:42 +0000 Subject: [PATCH 1/3] Accepting request 1103976 from home:jsegitz:branches:security:SELinux - Update to version 2.221: * Allow containers to shutdown sockets inheritted from container runtimes * Allow spc_t to use execmod libraries on container file systems * Add boolean to allow containers to read all cert files * More MLS Policy allow rules * Allow container runtimes using pasta bind icmp_socket to port_t * Fix spc_t transitions from container_runtime_domain OBS-URL: https://build.opensuse.org/request/show/1103976 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/container-selinux?expand=0&rev=30 --- container-selinux.changes | 12 ++++++++++++ container-selinux.spec | 2 +- v2.215.0.tar.gz | 3 --- v2.221.tar.gz | 3 +++ 4 files changed, 16 insertions(+), 4 deletions(-) delete mode 100644 v2.215.0.tar.gz create mode 100644 v2.221.tar.gz diff --git a/container-selinux.changes b/container-selinux.changes index b85d591..6aa6884 100644 --- a/container-selinux.changes +++ b/container-selinux.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Aug 15 05:48:12 UTC 2023 - Johannes Segitz + +- Update to version 2.221: + * Allow containers to shutdown sockets inheritted from container + runtimes + * Allow spc_t to use execmod libraries on container file systems + * Add boolean to allow containers to read all cert files + * More MLS Policy allow rules + * Allow container runtimes using pasta bind icmp_socket to port_t + * Fix spc_t transitions from container_runtime_domain + ------------------------------------------------------------------- Tue May 23 07:32:16 UTC 2023 - Johannes Segitz diff --git a/container-selinux.spec b/container-selinux.spec index a173e4f..6d7793f 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -26,7 +26,7 @@ # Version of SELinux we were using %define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}') Name: container-selinux -Version: 2.215.0 +Version: 2.221 Release: 0 Summary: SELinux policies for container runtimes License: GPL-2.0-only diff --git a/v2.215.0.tar.gz b/v2.215.0.tar.gz deleted file mode 100644 index 311533a..0000000 --- a/v2.215.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7236e149d4238b996ee94127ecc15ec3c1bceb5d4bc58e397a6e404b42133906 -size 31027 diff --git a/v2.221.tar.gz b/v2.221.tar.gz new file mode 100644 index 0000000..5cebcf7 --- /dev/null +++ b/v2.221.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:357adc87e80057e49b6f897ff367e57063c6023bd4f2bc57d5ab965863a0ade9 +size 30720 From 389144f849411db0644b2500123c49f7090d056cc3c3542cb90643992658f843 Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Tue, 15 Aug 2023 13:17:33 +0000 Subject: [PATCH 2/3] * Allow containers to shutdown sockets inherited from container OBS-URL: https://build.opensuse.org/package/show/security:SELinux/container-selinux?expand=0&rev=31 --- container-selinux.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-selinux.changes b/container-selinux.changes index 6aa6884..9a3ff32 100644 --- a/container-selinux.changes +++ b/container-selinux.changes @@ -2,7 +2,7 @@ Tue Aug 15 05:48:12 UTC 2023 - Johannes Segitz - Update to version 2.221: - * Allow containers to shutdown sockets inheritted from container + * Allow containers to shutdown sockets inherited from container runtimes * Allow spc_t to use execmod libraries on container file systems * Add boolean to allow containers to read all cert files From e5b095d9d93b96f2285bfb235618d52e471161bc36b5c0db2dc9a933931cd59b Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Wed, 20 Sep 2023 14:52:16 +0000 Subject: [PATCH 3/3] Accepting request 1112591 from home:jsegitz:branches:security:SELinux - Update to version 2.222: * Allow containers to read/write inherited dri devices OBS-URL: https://build.opensuse.org/request/show/1112591 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/container-selinux?expand=0&rev=32 --- container-selinux.changes | 6 ++++++ container-selinux.spec | 2 +- v2.221.tar.gz | 3 --- v2.222.0.tar.gz | 3 +++ 4 files changed, 10 insertions(+), 4 deletions(-) delete mode 100644 v2.221.tar.gz create mode 100644 v2.222.0.tar.gz diff --git a/container-selinux.changes b/container-selinux.changes index 9a3ff32..2074302 100644 --- a/container-selinux.changes +++ b/container-selinux.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Sep 20 14:21:29 UTC 2023 - Johannes Segitz + +- Update to version 2.222: + * Allow containers to read/write inherited dri devices + ------------------------------------------------------------------- Tue Aug 15 05:48:12 UTC 2023 - Johannes Segitz diff --git a/container-selinux.spec b/container-selinux.spec index 6d7793f..4dfe28a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -26,7 +26,7 @@ # Version of SELinux we were using %define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}') Name: container-selinux -Version: 2.221 +Version: 2.222.0 Release: 0 Summary: SELinux policies for container runtimes License: GPL-2.0-only diff --git a/v2.221.tar.gz b/v2.221.tar.gz deleted file mode 100644 index 5cebcf7..0000000 --- a/v2.221.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:357adc87e80057e49b6f897ff367e57063c6023bd4f2bc57d5ab965863a0ade9 -size 30720 diff --git a/v2.222.0.tar.gz b/v2.222.0.tar.gz new file mode 100644 index 0000000..02b118d --- /dev/null +++ b/v2.222.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f9626ee2d2a49380f43f6b44a2e0d982295d6404838f4b0cd6e6d1e108d8f65e +size 30721