Accepting request 1236910 from security:SELinux

OBS-URL: https://build.opensuse.org/request/show/1236910
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/container-selinux?expand=0&rev=23

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/containers/container-selinux.git</param>
-              <param name="changesrevision">a68865582e123856c191fe0ecbbba9301758e591</param></service></servicedata>
+              <param name="changesrevision">7fdbd0e8c428c335406969878f28e14f335f2e7e</param></service></servicedata>

container-selinux-2.232.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1acd56a634e738cfa61f469564850942c261529e4bf3557ef9723067bd536757
-size 28860

container-selinux-2.234.2.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3e4f618e58b1bcf3b65b87d334a98d5383f9ec6915668766abb7189542bbb4b8
+size 28276

container-selinux.changes

@@ -1,3 +1,38 @@
+-------------------------------------------------------------------
+Fri Jan 10 10:08:37 UTC 2025 - rfrohl@suse.com
+
+- Update to version 2.234.2:
+  * TMT: enable epel idomatically
+  * Packit: switch back to fedora-all
+  * RPM: Bump Epoch to 4
+  * rpm: ship manpage
+  * Add proper labeling for RamaLama
+  * Packit: remove rhel / epel jobs
+  * packit: remove unused file
+
+-------------------------------------------------------------------
+Thu Jan  9 14:16:15 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
+
+- Add BuildRequires selinux-policy-%{selinuxtype} to enable building
+  for SLFO. Might be removed in the future again when 1231252
+  is fixed.
+
+-------------------------------------------------------------------
+Thu Nov 07 12:04:40 UTC 2024 - cathy.hu@suse.com
+
+- Update to version 2.233.0:
+  * container_engine_t: small change to allow non root exec in a container
+  * RPM: explicitly list ghosted paths and skip mode verification
+  * container-selinux install on non selinux-policy-targeted systems (#332)
+  * set container_log_t type for /var/log/kube-apiserver
+  * Allow kubelet_t to create a sock file kubelet_var_lib_t
+  * dontaudit spc_t to mmap_zero
+  * Packit: update targets (#330)
+  * container_engine_t: another round of small improvements (#327)
+  * Allow container_device_plugin_t to use the network (#325)
+  * RPM: cleanup changelog (#324)
+  * TMT: Simplify tests
+
 -------------------------------------------------------------------
 Wed Jul 10 07:52:16 UTC 2024 - cathy.hu@suse.com
 

container-selinux.spec

@@ -26,7 +26,7 @@
 # Version of SELinux we were using
 %define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}')
 Name:           container-selinux
-Version:        2.232.1
+Version:        2.234.2
 Release:        0
 Summary:        SELinux policies for container runtimes
 License:        GPL-2.0-only
@@ -34,6 +34,7 @@ URL:            https://github.com/containers/container-selinux
 Source0:        container-selinux-%{version}.tar.xz
 BuildRequires:  selinux-policy
 BuildRequires:  selinux-policy-devel
+BuildRequires:  selinux-policy-%{selinuxtype}
 Requires:       selinux-policy >= %(rpm -q selinux-policy --qf '%%{version}-%%{release}')
 Requires(posttrans): policycoreutils
 Requires(posttrans): /usr/bin/sed
@@ -62,6 +63,8 @@ install -d %{buildroot}/%{_datadir}/containers/selinux
 install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts
 install -d %{buildroot}%{_datadir}/udica/templates
 install -m 0644 udica-templates/*.cil %{buildroot}%{_datadir}/udica/templates
+install -d %{buildroot}%{_mandir}/man8/
+install -pm 0644 container_selinux.8 %{buildroot}%{_mandir}/man8/
 
 %check
 
@@ -98,5 +101,6 @@ matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedi
 %dir %{_datadir}/udica
 %dir %{_datadir}/udica/templates
 %{_datadir}/udica/templates/*
+%{_mandir}/man8/container_selinux.8*
 
 %changelog