Accepting request 962685 from security:SELinux

- Update to version 2.180.0 * Allow container domains to read/write kvm_device_t * Update kublet mappings to inlcude /usr/local/* * Allow container domains to use container runtime tcp and udp sockets * Alow containers to use unix_stream_sockets leaked from container runtimes * Allow userdomains to execute conmon_exec_t and use it as an entrypoint * Allow conmon_exec_t as an entrypoint * Add container_use_devices boolean to allow containers to use any device * Add explicit range transition for conmon * Add missing dbus class declaration into container_runtime_run() * Remove lockdown allow rules * Remove k3s fcontexts * Allow container domains to be used by user roles - Changed source url to allow for download via source service (forwarded request 962680 from jsegitz) OBS-URL: https://build.opensuse.org/request/show/962685 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/container-selinux?expand=0&rev=10
2022-03-20 19:54:43 +00:00 · 2022-03-20 19:54:43 +00:00 · 40afefed5c
commit 40afefed5c
parent 0c09f8870f 8c94cb033f
4 changed files with 24 additions and 6 deletions
--- a/container-selinux-2.171.0.tar.gz
+++ b/container-selinux-2.171.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5049009f3e294041b358bdded49e53e4744f13a8433cba6c6af824c03a5ced3b
-size 25556
--- a/container-selinux.changes
+++ b/container-selinux.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Fri Mar 18 12:04:25 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 2.180.0
+  * Allow container domains to read/write kvm_device_t
+  * Update kublet mappings to inlcude /usr/local/*
+  * Allow container domains to use container runtime tcp and udp sockets
+  * Alow containers to use unix_stream_sockets leaked from container runtimes
+  * Allow userdomains to execute conmon_exec_t and use it as an entrypoint
+  * Allow conmon_exec_t as an entrypoint
+  * Add container_use_devices boolean to allow containers to use any device
+  * Add explicit range transition for conmon
+  * Add missing dbus class declaration into container_runtime_run()
+  * Remove lockdown allow rules
+  * Remove k3s fcontexts
+  * Allow container domains to be used by user roles
+- Changed source url to allow for download via source service
+
 -------------------------------------------------------------------
 Fri Nov 12 16:21:06 UTC 2021 - Richard Brown <rbrown@suse.com>

--- a/container-selinux.spec
+++ b/container-selinux.spec
@ -1,7 +1,7 @@
 #
 # spec file for package container-selinux
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -26,12 +26,12 @@
 # Version of SELinux we were using
 %define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}')
 Name:           container-selinux
-Version:        2.171.0
+Version:        2.180.0
 Release:        0
 Summary:        SELinux policies for container runtimes
 License:        GPL-2.0-only
 URL:            https://github.com/containers/container-selinux
-Source0:        %{name}-%{version}.tar.gz
+Source0:        https://github.com/containers/container-selinux/archive/refs/tags/v%{version}.tar.gz
 BuildRequires:  selinux-policy
 BuildRequires:  selinux-policy-devel
 Requires:       selinux-policy >= %(rpm -q selinux-policy --qf '%%{version}-%%{release}')
--- a/v2.180.0.tar.gz
+++ b/v2.180.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eeea726e3e72a83c366c08bad0fd8b384930fd391f3a61abd57beeea0e34af1f
+size 25616