1
0

Accepting request 1138075 from home:jsegitz:branches:security:SELinux

- Update to version 2.228:
  * Allow container domains to watch fifo_files
  * container_engine_t: improve for podman in kubernetes case
  * Allow spc_t to transition to install_t domain
  * Default to allowing containers to use dri devices
  * Allow access to BPF Filesystems
  * Fix kubernetes transition rule
  * Label kubensenter as well as kubenswrapper
  * Allow container domains to execute container_runtime_tmpfs_t files
  * Allow container domains to ptrace themselves
  * Allow container domains to use container_runtime_tmpfs_t as an entrypoint
  * Add boolean to allow containers to use dri devices
  * Give containers access to pod resources endpoint
  * Label kubenswrapper kubelet_exec_t

OBS-URL: https://build.opensuse.org/request/show/1138075
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/container-selinux?expand=0&rev=33
This commit is contained in:
Johannes Segitz 2024-01-11 08:53:20 +00:00 committed by Git OBS Bridge
parent e5b095d9d9
commit 8f38ed6e53
4 changed files with 22 additions and 4 deletions

View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Thu Jan 11 08:37:53 UTC 2024 - Johannes Segitz <jsegitz@suse.com>
- Update to version 2.228:
* Allow container domains to watch fifo_files
* container_engine_t: improve for podman in kubernetes case
* Allow spc_t to transition to install_t domain
* Default to allowing containers to use dri devices
* Allow access to BPF Filesystems
* Fix kubernetes transition rule
* Label kubensenter as well as kubenswrapper
* Allow container domains to execute container_runtime_tmpfs_t files
* Allow container domains to ptrace themselves
* Allow container domains to use container_runtime_tmpfs_t as an entrypoint
* Add boolean to allow containers to use dri devices
* Give containers access to pod resources endpoint
* Label kubenswrapper kubelet_exec_t
-------------------------------------------------------------------
Wed Sep 20 14:21:29 UTC 2023 - Johannes Segitz <jsegitz@suse.com>

View File

@ -26,7 +26,7 @@
# Version of SELinux we were using
%define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}')
Name: container-selinux
Version: 2.222.0
Version: 2.228.0
Release: 0
Summary: SELinux policies for container runtimes
License: GPL-2.0-only

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f9626ee2d2a49380f43f6b44a2e0d982295d6404838f4b0cd6e6d1e108d8f65e
size 30721

3
v2.228.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4ae7825a8460460934950f6b2a4a0928bc2f71915e71474d6d5d20c8eeb9bbdd
size 31145