forked from pool/container-selinux
Accepting request 1138075 from home:jsegitz:branches:security:SELinux
- Update to version 2.228: * Allow container domains to watch fifo_files * container_engine_t: improve for podman in kubernetes case * Allow spc_t to transition to install_t domain * Default to allowing containers to use dri devices * Allow access to BPF Filesystems * Fix kubernetes transition rule * Label kubensenter as well as kubenswrapper * Allow container domains to execute container_runtime_tmpfs_t files * Allow container domains to ptrace themselves * Allow container domains to use container_runtime_tmpfs_t as an entrypoint * Add boolean to allow containers to use dri devices * Give containers access to pod resources endpoint * Label kubenswrapper kubelet_exec_t OBS-URL: https://build.opensuse.org/request/show/1138075 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/container-selinux?expand=0&rev=33
This commit is contained in:
parent
e5b095d9d9
commit
8f38ed6e53
@ -1,3 +1,21 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 11 08:37:53 UTC 2024 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Update to version 2.228:
|
||||
* Allow container domains to watch fifo_files
|
||||
* container_engine_t: improve for podman in kubernetes case
|
||||
* Allow spc_t to transition to install_t domain
|
||||
* Default to allowing containers to use dri devices
|
||||
* Allow access to BPF Filesystems
|
||||
* Fix kubernetes transition rule
|
||||
* Label kubensenter as well as kubenswrapper
|
||||
* Allow container domains to execute container_runtime_tmpfs_t files
|
||||
* Allow container domains to ptrace themselves
|
||||
* Allow container domains to use container_runtime_tmpfs_t as an entrypoint
|
||||
* Add boolean to allow containers to use dri devices
|
||||
* Give containers access to pod resources endpoint
|
||||
* Label kubenswrapper kubelet_exec_t
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 20 14:21:29 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
|
@ -26,7 +26,7 @@
|
||||
# Version of SELinux we were using
|
||||
%define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}')
|
||||
Name: container-selinux
|
||||
Version: 2.222.0
|
||||
Version: 2.228.0
|
||||
Release: 0
|
||||
Summary: SELinux policies for container runtimes
|
||||
License: GPL-2.0-only
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:f9626ee2d2a49380f43f6b44a2e0d982295d6404838f4b0cd6e6d1e108d8f65e
|
||||
size 30721
|
3
v2.228.0.tar.gz
Normal file
3
v2.228.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:4ae7825a8460460934950f6b2a4a0928bc2f71915e71474d6d5d20c8eeb9bbdd
|
||||
size 31145
|
Loading…
Reference in New Issue
Block a user