Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

container-selinux-2.234.2-1.1 RPM for noarch

From OpenSuSE Tumbleweed for noarch

Name: container-selinux Distribution: openSUSE Tumbleweed
Version: 2.234.2 Vendor: openSUSE
Release: 1.1 Build date: Fri Jan 10 11:08:37 2025
Group: Unspecified Build host: reproducible
Size: 91238 Source RPM: container-selinux-2.234.2-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://github.com/containers/container-selinux
Summary: SELinux policies for container runtimes
 
SELinux policy modules for use with container runtimes.

Provides

Requires

License

GPL-2.0-only

Changelog

* Fri Jan 10 2025 rfrohl@suse.com
  - Update to version 2.234.2:
    * TMT: enable epel idomatically
    * Packit: switch back to fedora-all
    * RPM: Bump Epoch to 4
    * rpm: ship manpage
    * Add proper labeling for RamaLama
    * Packit: remove rhel / epel jobs
    * packit: remove unused file
* Thu Jan 09 2025 Cathy Hu <cathy.hu@suse.com>
  - Add BuildRequires selinux-policy-%{selinuxtype} to enable building
    for SLFO. Might be removed in the future again when 1231252
    is fixed.
* Thu Nov 07 2024 cathy.hu@suse.com
  - Update to version 2.233.0:
    * container_engine_t: small change to allow non root exec in a container
    * RPM: explicitly list ghosted paths and skip mode verification
    * container-selinux install on non selinux-policy-targeted systems (#332)
    * set container_log_t type for /var/log/kube-apiserver
    * Allow kubelet_t to create a sock file kubelet_var_lib_t
    * dontaudit spc_t to mmap_zero
    * Packit: update targets (#330)
    * container_engine_t: another round of small improvements (#327)
    * Allow container_device_plugin_t to use the network (#325)
    * RPM: cleanup changelog (#324)
    * TMT: Simplify tests
* Wed Jul 10 2024 cathy.hu@suse.com
  - Update to version 2.232.1:
    * Bump to v2.232.1
    * TMT: fix srpm download syntax on rawhide
    * Bump to 2.232.0
    * Packit: remove `update_release` key from downstream jobs (#313)
    * Update container-selinux.8 man page
    * Add ownership of /usr/share/udica (#312)
    * Packit/TMT: upstream maintenance of downstream gating tests
    * extend container_engine_t again
    * Allow spc_t to use localectl
    * Allow spc_t to use timedatectl
    * introduce container_use_xserver_devices boolean to allow GPU access
* Mon May 06 2024 jsegitz@suse.com
  - Update to version 2.231.0:
    * Allow container domains to communicate with spc_t unix_stream_sockets
    * Move to %posttrans to ensure selinux-policy got updated before
      the commands run (bsc#1221720)
* Wed Apr 10 2024 Cathy Hu <cathy.hu@suse.com>
  - Manual update to version 2.230.0+git4.a8e389d to include this
    commit that is needed for the main selinux-policy update to work:
    * Rename all /var/run file context entries to /run
* Wed Apr 10 2024 Cathy Hu <cathy.hu@suse.com>
  - Update to version 2.230.0:
    * Move to tar_scm based packaging: added _service and _servicedata
    * Allow containers to unmount file systems
    * Add buildah as a container_runtime_exec_t label
    * Additional rules for container_user_t
    * improve container_engine_t
* Thu Jan 11 2024 Johannes Segitz <jsegitz@suse.com>
  - Update to version 2.228:
    * Allow container domains to watch fifo_files
    * container_engine_t: improve for podman in kubernetes case
    * Allow spc_t to transition to install_t domain
    * Default to allowing containers to use dri devices
    * Allow access to BPF Filesystems
    * Fix kubernetes transition rule
    * Label kubensenter as well as kubenswrapper
    * Allow container domains to execute container_runtime_tmpfs_t files
    * Allow container domains to ptrace themselves
    * Allow container domains to use container_runtime_tmpfs_t as an entrypoint
    * Add boolean to allow containers to use dri devices
    * Give containers access to pod resources endpoint
    * Label kubenswrapper kubelet_exec_t
* Wed Sep 20 2023 Johannes Segitz <jsegitz@suse.com>
  - Update to version 2.222:
    * Allow containers to read/write inherited dri devices
* Tue Aug 15 2023 Johannes Segitz <jsegitz@suse.com>
  - Update to version 2.221:
    * Allow containers to shutdown sockets inherited from container
      runtimes
    * Allow spc_t to use execmod libraries on container file systems
    * Add boolean to allow containers to read all cert files
    * More MLS Policy allow rules
    * Allow container runtimes using pasta bind icmp_socket to port_t
    * Fix spc_t transitions from container_runtime_domain
* Tue May 23 2023 Johannes Segitz <jsegitz@suse.com>
  - Update to version 2.215.0:
    * Add some MLS rules to policy
    * Allow container runtime to dyntransition to spc_t
    * Tighten controls on confined users
    * Add labels for /var/lib/shared
    * Cleanup entrypoint definitions
    * Allow container_device_plugin_t access to debugfs
    * Allow containers which use devices to map them
* Mon Apr 24 2023 Johannes Segitz <jsegitz@suse.com>
  - Update to version 2.211.0:
    * Don't transition to initrc_t domains from spc_t
    * Add tunable to allow sshd_t to launch container engines
    * Allow syslogd_t gettatr on inheritited runtime tmpfs files
    * Add container_file_t and container_ro_file_t as user_home_type
    * Set default context for local-path-provisioner
    * Allow daemon to send dbus messages to spc_t by
* Wed Mar 29 2023 Johannes Segitz <jsegitz@suse.com>
  - Update to version 2.206.0:
    * Allow unconfined domains to transition to container_runtime_t
    * Allow container domains to transition to install_t
    * Allow avirt_sandbox_domain to manage container_file_t types
    * Allow containers to watch sysfs_t directories
    * Allow spc_t to transption to rpm_script_t
    * Add support to new user_namespace access check
    * Smaller permission changes for container_init_t
  - Drop spc.patch, is now included
* Mon Jan 16 2023 Frederic Crozat <fcrozat@suse.com>
  - Update to version 2.198.0:
    * Fix spc_t transition rules on tmpfs_t
  - Changes from 2.197.0:
    * Add boolean containers_use_ecryptfs policy
  - Changes from 2.195.1:
    * Readd missing allow rules for container_t
  - Changes from 2.194.0:
    * Allow syslogd_t to use tmpfs files created by container runtime
  - Changes from 2.193.0:
    * Allow containers to mount tmpfs_t file systems
    * Label spc_t as a init initrc daemon
    * Allow userdomains to run containers
  - Changes from 2.191.0:
    * Create container_logwriter_t type
  - Changes from 2.190.1:
    * Support BuildKit
    * container.fc: Set label for kata-agent
    * support nerdctl
  - Changes from 2.190.0:
    * Packit: initial enablement
    * Allow iptables to list directories labeled as container_file_t
  - Changes from 2.189.0:
    * Dont audit searching other processes in /proc.
* Thu Jan 12 2023 Johannes Segitz <jsegitz@suse.com>
  - Rename spc_timedated.patch to spc.patch
  - Update spc.patch to allow privileged containers to use
    localectl (bsc#1207077)
* Wed Jan 11 2023 Johannes Segitz <jsegitz@suse.com>
  - Add spc_timedated.patch to allow privileged containers to use
    timedatectl (bsc#1207054)
* Thu Jul 14 2022 Johannes Segitz <jsegitz@suse.com>
  - Update to version 2.188.0:
    * Allow confined containers to mount overlay filesystems
    Fixed bsc#1201348
* Wed Jun 22 2022 Frederic Crozat <fcrozat@suse.com>
  - Update to version 2.187.0:
    * Allow container domains to use /dev/zero
  - Changes from 2.186.0:
    * Create policy for a container_device_t
    * Allow containers to shutdown & setopt userdomain:sockets
  - Changes from 2.183.0:
    * Allow containers to inherit all socket classes from container runtimes.
  - Changes from 2.182.0:
    * Allow containers to inherit all socket classes
  - Changes from 2.181.0:
    * Allow socket activated domains for tcp sockets from init_t and userdomains.
* Tue Mar 22 2022 Johannes Segitz <jsegitz@suse.com>
  - Add udica templates to the package
* Fri Mar 18 2022 Johannes Segitz <jsegitz@suse.com>
  - Update to version 2.180.0
    * Allow container domains to read/write kvm_device_t
    * Update kublet mappings to inlcude /usr/local/*
    * Allow container domains to use container runtime tcp and udp sockets
    * Alow containers to use unix_stream_sockets leaked from container runtimes
    * Allow userdomains to execute conmon_exec_t and use it as an entrypoint
    * Allow conmon_exec_t as an entrypoint
    * Add container_use_devices boolean to allow containers to use any device
    * Add explicit range transition for conmon
    * Add missing dbus class declaration into container_runtime_run()
    * Remove lockdown allow rules
    * Remove k3s fcontexts
    * Allow container domains to be used by user roles
  - Changed source url to allow for download via source service

Files

/usr/share/containers
/usr/share/containers/selinux
/usr/share/containers/selinux/contexts
/usr/share/doc/packages/container-selinux
/usr/share/doc/packages/container-selinux/README.md
/usr/share/licenses/container-selinux
/usr/share/licenses/container-selinux/LICENSE
/usr/share/man/man8/container_selinux.8.gz
/usr/share/selinux/devel
/usr/share/selinux/devel/include
/usr/share/selinux/devel/include/services
/usr/share/selinux/devel/include/services/container.if
/usr/share/selinux/packages
/usr/share/selinux/packages/container.pp.bz2
/usr/share/udica
/usr/share/udica/templates
/usr/share/udica/templates/base_container.cil
/usr/share/udica/templates/config_container.cil
/usr/share/udica/templates/home_container.cil
/usr/share/udica/templates/log_container.cil
/usr/share/udica/templates/net_container.cil
/usr/share/udica/templates/tmp_container.cil
/usr/share/udica/templates/tty_container.cil
/usr/share/udica/templates/virt_container.cil
/usr/share/udica/templates/x_container.cil

Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Feb 12 23:53:52 2025