Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package container-selinux for openSUSE:Factory checked in at 2023-03-31 21:15:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/container-selinux (Old)
and /work/SRC/openSUSE:Factory/.container-selinux.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "container-selinux"
Fri Mar 31 21:15:06 2023 rev:16 rq:1075436 version:2.206.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/container-selinux/container-selinux.changes 2023-01-20 17:38:22.400419389 +0100
+++ /work/SRC/openSUSE:Factory/.container-selinux.new.31432/container-selinux.changes 2023-03-31 21:15:06.610283517 +0200
@@ -1,0 +2,13 @@
+Wed Mar 29 13:04:36 UTC 2023 - Johannes Segitz
+
+- Update to version 2.206.0:
+ * Allow unconfined domains to transition to container_runtime_t
+ * Allow container domains to transition to install_t
+ * Allow avirt_sandbox_domain to manage container_file_t types
+ * Allow containers to watch sysfs_t directories
+ * Allow spc_t to transption to rpm_script_t
+ * Add support to new user_namespace access check
+ * Smaller permission changes for container_init_t
+- Drop spc.patch, is now included
+
+-------------------------------------------------------------------
Old:
----
spc.patch
v2.198.0.tar.gz
New:
----
v2.206.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ container-selinux.spec ++++++
--- /var/tmp/diff_new_pack.B2l6Nx/_old 2023-03-31 21:15:07.210285657 +0200
+++ /var/tmp/diff_new_pack.B2l6Nx/_new 2023-03-31 21:15:07.218285685 +0200
@@ -26,14 +26,12 @@
# Version of SELinux we were using
%define selinux_policyver %(rpm -q selinux-policy --qf '%%{version}')
Name: container-selinux
-Version: 2.198.0
+Version: 2.206.0
Release: 0
Summary: SELinux policies for container runtimes
License: GPL-2.0-only
URL: https://github.com/containers/container-selinux
Source0: https://github.com/containers/container-selinux/archive/refs/tags/v%{version}.tar.gz
-# https://github.com/containers/container-selinux/pull/199, can be dropped after this is included
-Patch0: spc.patch
BuildRequires: selinux-policy
BuildRequires: selinux-policy-devel
Requires: selinux-policy >= %(rpm -q selinux-policy --qf '%%{version}-%%{release}')
@@ -49,7 +47,6 @@
%prep
%setup -q
-%patch0 -p1
%build
%make_build
++++++ v2.198.0.tar.gz -> v2.206.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/container-selinux-2.198.0/.packit.sh new/container-selinux-2.206.0/.packit.sh
--- old/container-selinux-2.198.0/.packit.sh 2023-01-05 20:57:53.000000000 +0100
+++ new/container-selinux-2.206.0/.packit.sh 2023-03-21 21:03:07.000000000 +0100
@@ -14,14 +14,14 @@
# RPM Spec modifications
-# Fix Version
+# Update Version in spec with Version from container.te
sed -i "s/^Version:.*/Version: $HEAD_VERSION/" container-selinux.spec
-# Fix Release
-sed -i "s/^Release: %autorelease/Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/" container-selinux.spec
+# Update Release in spec with Packit's release envvar
+sed -i "s/^Release:.*/Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/" container-selinux.spec
-# Fix Source0
-sed -i "s/^Source0:.*.tar.gz/Source0: %{name}-$HEAD_VERSION.tar.gz/" container-selinux.spec
+# Update Source tarball name in spec
+sed -i "s/^Source:.*.tar.gz/Source: %{name}-$HEAD_VERSION.tar.gz/" container-selinux.spec
-# Fix autosetup
-sed -i "s/^%autosetup.*/%autosetup -Sgit -n %{name}-$HEAD_VERSION/" container-selinux.spec
+# Update setup macro to use the correct build dir
+sed -i "s/^%setup.*/%autosetup -Sgit -n %{name}-$HEAD_VERSION/" container-selinux.spec
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/container-selinux-2.198.0/.packit.yaml new/container-selinux-2.206.0/.packit.yaml
--- old/container-selinux-2.198.0/.packit.yaml 2023-01-05 20:57:53.000000000 +0100
+++ new/container-selinux-2.206.0/.packit.yaml 2023-03-21 21:03:07.000000000 +0100
@@ -1,38 +1,30 @@
# See the documentation for more information:
# https://packit.dev/docs/configuration/
-upstream_package_name: container-selinux
-downstream_package_name: container-selinux
+# Build targets can be found at:
+# https://copr.fedorainfracloud.org/coprs/rhcontainerbot/packit-builds/
+
+specfile_path: container-selinux.spec
jobs:
- - job: copr_build
+ - &copr
+ job: copr_build
# Run on every PR
trigger: pull_request
- # Defaults to x86_64 unless architecture is explicitly specified
- targets:
- - fedora-rawhide
- actions:
- post-upstream-clone:
- - "curl -O https://src.fedoraproject.org/rpms/container-selinux/raw/rawhide/f/container..."
- fix-spec-file:
- - bash .packit.sh
-
- - job: copr_build
- trigger: pull_request
- targets:
- - fedora-37
+ owner: rhcontainerbot
+ project: packit-builds
+ enable_net: true
+ srpm_build_deps:
+ - make
+ - rpkg
actions:
post-upstream-clone:
- - "curl -O https://src.fedoraproject.org/rpms/container-selinux/raw/f37/f/container-sel..."
+ - rpkg spec --outdir ./
fix-spec-file:
- bash .packit.sh
- - job: copr_build
- trigger: pull_request
- targets:
- - fedora-36
- actions:
- post-upstream-clone:
- - "curl -O https://src.fedoraproject.org/rpms/container-selinux/raw/f36/f/container-sel..."
- fix-spec-file:
- - bash .packit.sh
+ - <<: *copr
+ # Run on commit to main branch
+ trigger: commit
+ branch: main
+ project: podman-next
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/container-selinux-2.198.0/Makefile new/container-selinux-2.206.0/Makefile
--- old/container-selinux-2.198.0/Makefile 2023-01-05 20:57:53.000000000 +0100
+++ new/container-selinux-2.206.0/Makefile 2023-03-21 21:03:07.000000000 +0100
@@ -1,12 +1,15 @@
-TARGETS?=container
-MODULES?=${TARGETS:=.pp.bz2}
-SHAREDIR?=/usr/share
+TARGETS ?= container
+MODULES ?= ${TARGETS:=.pp.bz2}
+# DATADIR seems to be the more commonly used variable
+# Point SHAREDIR to DATADIR by default to not break existing users
+DATADIR ?= /usr/share
+SHAREDIR ?= ${DATADIR}
all: ${TARGETS:=.pp.bz2}
%.pp.bz2: %.pp
@echo Compressing $^ -\> $@
- bzip2 -9 $^
+ bzip2 -f -9 $^
%.pp: %.te
make -f ${SHAREDIR}/selinux/devel/Makefile $@
@@ -22,7 +25,11 @@
semodule -i ${TARGETS}.pp.bz2
install: man
- install -D -m 644 ${TARGETS}.pp.bz2 ${DESTDIR}${SHAREDIR}/selinux/packages/container.pp.bz2
- install -D -m 644 container.if ${DESTDIR}${SHAREDIR}/selinux/devel/include/services/container.if
- install -D -m 644 container_selinux.8 ${DESTDIR}${SHAREDIR}/man/man8/container_selinux.8
- install -D -m 644 container_contexts ${DESTDIR}${SHAREDIR}/containers/continer_contexts
+ install -D -pm 644 ${TARGETS}.pp.bz2 ${DESTDIR}${SHAREDIR}/selinux/packages/container.pp.bz2
+ install -D -pm 644 container.if ${DESTDIR}${SHAREDIR}/selinux/devel/include/services/container.if
+ install -D -pm 644 container_selinux.8 ${DESTDIR}${SHAREDIR}/man/man8/container_selinux.8
+ install -D -pm 644 container_contexts ${DESTDIR}${SHAREDIR}/containers/selinux/contexts
+
+install.udica-templates:
+ install -dp $(DESTDIR)$(SHAREDIR)/udica/templates
+ install -pm 644 udica-templates/*.cil $(DESTDIR)$(SHAREDIR)/udica/templates
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/container-selinux-2.198.0/container-selinux.spec.rpkg new/container-selinux-2.206.0/container-selinux.spec.rpkg
--- old/container-selinux-2.198.0/container-selinux.spec.rpkg 1970-01-01 01:00:00.000000000 +0100
+++ new/container-selinux-2.206.0/container-selinux.spec.rpkg 2023-03-21 21:03:07.000000000 +0100
@@ -0,0 +1,122 @@
+# For automatic rebuilds in COPR
+
+# The following tag is to get correct syntax highlighting for this file in vim text editor
+# vim: syntax=spec
+
+%global debug_package %{nil}
+
+# container-selinux stuff (prefix with ds_ for version/release etc.)
+# Some bits borrowed from the openstack-selinux package
+%global selinuxtype targeted
+%global moduletype services
+%global modulenames container
+
+# Usage: _format var format
+# Expand 'modulenames' into various formats as needed
+# Format must contain '$x' somewhere to do anything useful
+%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
+
+Name: {{{ git_dir_name }}}
+Epoch: 101
+Version: {{{ git_dir_version }}}
+Release: 1%{?dist}
+License: GPLv2
+URL: https://github.com/containers/container-selinux
+Summary: SELinux policies for container runtimes
+VCS: {{{ git_dir_vcs }}}
+Source: {{{ git_dir_pack }}}
+BuildArch: noarch
+BuildRequires: make
+BuildRequires: git-core
+BuildRequires: pkgconfig(systemd)
+BuildRequires: selinux-policy >= %_selinux_policy_version
+BuildRequires: selinux-policy-devel >= %_selinux_policy_version
+# RE: rhbz#1195804 - ensure min NVR for selinux-policy
+Requires: selinux-policy >= %_selinux_policy_version
+Requires(post): selinux-policy-base >= %_selinux_policy_version
+Requires(post): selinux-policy-targeted >= %_selinux_policy_version
+Requires(post): policycoreutils
+Requires(post): libselinux-utils
+Requires(post): sed
+Obsoletes: %{name} <= 2:1.12.5-13
+Obsoletes: docker-selinux <= 2:1.12.4-28
+Provides: docker-selinux = %{?epoch:%{epoch}:}%{version}-%{release}
+Conflicts: udica < 0.2.6-1
+Conflicts: k3s-selinux <= 0.4-1
+
+%description
+SELinux policy modules for use with container runtimes.
+
+%prep
+{{{ git_dir_setup_macro }}}
+
+# Remove some lines for RHEL 8 build
+%if ! 0%{?fedora} && 0%{?rhel} <= 8
+sed -i 's/watch watch_reads//' container.if
+sed -i '/sysfs_t:dir watch/d' container.te
+sed -i '/systemd_chat_resolved/d' container.te
+%endif
+
+sed -i 's/man: install-policy/man:/' Makefile
+sed -i 's/install: man/install:/' Makefile
+
+# https://github.com/containers/container-selinux/issues/203
+%if 0%{?fedora} <= 37 || 0%{?rhel} <= 9
+sed -i '/user_namespace/d' container.te
+%endif
+
+%build
+make
+
+%install
+# install policy modules
+%_format MODULES $x.pp.bz2
+%{__make} DATADIR=%{buildroot}%{_datadir} install install.udica-templates
+
+%check
+
+%pre
+%selinux_relabel_pre -s %{selinuxtype}
+
+%post
+# Install all modules in a single transaction
+if [ $1 -eq 1 ]; then
+ %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
+fi
+%_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
+%{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
+%{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null
+%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
+%selinux_modules_install -s %{selinuxtype} $MODULES
+. %{_sysconfdir}/selinux/config
+sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types
+matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
+
+%postun
+if [ $1 -eq 0 ]; then
+ %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
+fi
+
+%posttrans
+%selinux_relabel_post -s %{selinuxtype}
+
+#define license tag if not already defined
+%{!?_licensedir:%global license %doc}
+
+%files
+%doc README.md
+%{_datadir}/selinux/*
+%{_mandir}/man8/*
+%dir %{_datadir}/containers/selinux
+%{_datadir}/containers/selinux/contexts
+%dir %{_datadir}/udica/templates/
+%{_datadir}/udica/templates/*
+
+%triggerpostun -- container-selinux < 2:2.162.1-3
+if %{_sbindir}/selinuxenabled ; then
+ echo "Fixing Rootless SELinux labels in homedir"
+ %{_sbindir}/restorecon -R /home/*/.local/share/containers/storage/overlay* 2> /dev/null
+fi
+
+%changelog
+{{{ git_dir_changelog }}}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/container-selinux-2.198.0/container.if new/container-selinux-2.206.0/container.if
--- old/container-selinux-2.198.0/container.if 2023-01-05 20:57:53.000000000 +0100
+++ new/container-selinux-2.206.0/container.if 2023-03-21 21:03:07.000000000 +0100
@@ -887,6 +887,7 @@
type $1_t, container_domain;
domain_type($1_t)
domain_user_exemption_target($1_t)
+ allow $1_t $2_file_t:file entrypoint;
container_manage_files_template($1, $2)
')
@@ -929,7 +930,7 @@
manage_lnk_files_pattern($1_t, $2_file_t, $2_file_t)
manage_dirs_pattern($1_t, $2_file_t, $2_file_t)
manage_chr_files_pattern($1_t, $2_file_t, $2_file_t)
- allow $1_t $2_file_t:chr_file mmap_file_perms;
+ allow $1_t $2_file_t:chr_file { mmap_file_perms watch watch_reads };
manage_blk_files_pattern($1_t, $2_file_t, $2_file_t)
manage_fifo_files_pattern($1_t, $2_file_t, $2_file_t)
manage_sock_files_pattern($1_t, $2_file_t, $2_file_t)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/container-selinux-2.198.0/container.te new/container-selinux-2.206.0/container.te
--- old/container-selinux-2.198.0/container.te 2023-01-05 20:57:53.000000000 +0100
+++ new/container-selinux-2.206.0/container.te 2023-03-21 21:03:07.000000000 +0100
@@ -1,4 +1,4 @@
-policy_module(container, 2.198.0)
+policy_module(container, 2.206.0)
gen_require(`
class passwd rootok;
@@ -287,6 +287,8 @@
userdom_map_tmp_files(container_runtime_domain)
+anaconda_domtrans_install(container_runtime_domain)
+
optional_policy(`
gnome_map_generic_data_home_files(container_runtime_domain)
allow container_runtime_domain data_home_t:dir { relabelfrom relabelto };
@@ -627,6 +629,8 @@
')
domtrans_pattern(systemd_logind_t, container_runtime_exec_t , container_runtime_t)
+ container_manage_dirs(systemd_logind_t)
+ container_manage_files(systemd_logind_t)
')
optional_policy(`
@@ -648,6 +652,8 @@
allow container_runtime_t unconfined_t:process transition;
allow unconfined_domain_type { container_var_lib_t container_ro_file_t }:file entrypoint;
fs_fusefs_entrypoint(unconfined_domain_type)
+
+ domtrans_pattern(unconfined_domain_type, container_runtime_exec_t , container_runtime_t)
')
optional_policy(`
@@ -815,6 +821,7 @@
allow container_runtime_domain container_domain:fd use;
allow container_domain self:socket_class_set { create_socket_perms map accept };
allow container_domain self:lnk_file setattr;
+allow container_domain self:user_namespace create;
dontaudit container_domain self:capability fsetid;
allow container_domain self:association sendto;
@@ -860,6 +867,8 @@
dev_getattr_mtrr_dev(container_domain)
dev_list_sysfs(container_domain)
+allow container_domain sysfs_t:dir watch;
+
dev_rw_kvm(container_domain)
dev_rwx_zero(container_domain)
@@ -1008,6 +1017,7 @@
optional_policy(`
rpm_read_cache(container_domain)
rpm_read_db(container_domain)
+ rpm_transition_script(spc_t, system_r)
')
optional_policy(`
@@ -1210,6 +1220,7 @@
gen_require(`
attribute device_node;
+ type device_t;
attribute sysctl_type;
')
dontaudit container_domain device_node:chr_file setattr;
@@ -1277,12 +1288,18 @@
corenet_unconfined(container_init_t)
+allow container_init_t device_t:filesystem { remount unmount };
+
dev_mounton_sysfs(container_init_domain)
-fs_mounton_cgroup(container_init_domain)
-fs_unmount_cgroup(container_init_domain)
fs_manage_cgroup_dirs(container_init_domain)
fs_manage_cgroup_files(container_init_domain)
+fs_mounton_cgroup(container_init_domain)
+fs_unmount_cgroup(container_init_domain)
+fs_unmount_tmpfs(container_init_domain)
+
+kernel_mounton_proc(container_init_t)
+kernel_unmount_proc(container_init_t)
logging_send_syslog_msg(container_init_t)
@@ -1313,17 +1330,18 @@
fs_unmount_cgroup(container_engine_t)
fs_manage_cgroup_dirs(container_engine_t)
fs_manage_cgroup_files(container_engine_t)
+fs_mount_tmpfs(container_engine_t)
+fs_write_cgroup_files(container_engine_t)
allow container_engine_t proc_t:file mounton;
allow container_engine_t sysctl_t:file mounton;
allow container_engine_t sysfs_t:filesystem remount;
-fs_mount_tmpfs(container_engine_t)
-fs_write_cgroup_files(container_engine_t)
kernel_mount_proc(container_engine_t)
kernel_mounton_core_if(container_engine_t)
kernel_mounton_proc(container_engine_t)
kernel_mounton_systemd_ProtectKernelTunables(container_engine_t)
+
term_mount_pty_fs(container_engine_t)
type kubelet_t, container_runtime_domain;
@@ -1398,3 +1416,11 @@
allow syslogd_t container_runtime_tmpfs_t:file { read write };
logging_send_syslog_msg(container_runtime_t)
')
+
+
+manage_dirs_pattern(svirt_sandbox_domain, container_file_t, container_file_t)
+manage_files_pattern(svirt_sandbox_domain, container_file_t, container_file_t)
+manage_lnk_files_pattern(svirt_sandbox_domain, container_file_t, container_file_t)
+manage_chr_files_pattern(svirt_sandbox_domain, container_file_t, container_file_t)
+manage_blk_files_pattern(svirt_sandbox_domain, container_file_t, container_file_t)
+manage_sock_files_pattern(svirt_sandbox_domain, container_file_t, container_file_t)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/container-selinux-2.198.0/contrib/container-selinux.spec new/container-selinux-2.206.0/contrib/container-selinux.spec
--- old/container-selinux-2.198.0/contrib/container-selinux.spec 2023-01-05 20:57:53.000000000 +0100
+++ new/container-selinux-2.206.0/contrib/container-selinux.spec 1970-01-01 01:00:00.000000000 +0100
@@ -1,129 +0,0 @@
-# This is an example of a spec file that can be used to install
-# container-selinux policy. The official spec file is included in the
-# dist-git for each OS distribution
-
-%global debug_package %{nil}
-
-# container-selinux
-%global git0 https://github.com/projectatomic/container-selinux
-%if 0%{?fedora}
-%global commit0 e06212c96d71174bf4085f8e3704b4805c668625
-%else
-%global commit0 e06212c96d71174bf4085f8e3704b4805c668625
-%endif
-%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
-
-# container-selinux stuff (prefix with ds_ for version/release etc.)
-# Some bits borrowed from the openstack-selinux package
-%global selinuxtype targeted
-%global moduletype services
-%global modulenames container
-
-# Usage: _format var format
-# Expand 'modulenames' into various formats as needed
-# Format must contain '$x' somewhere to do anything useful
-%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
-
-# Version of SELinux we were using
-%if 0%{?fedora} >= 22
-%global selinux_policyver 3.13.1-220
-%else
-%global selinux_policyver 3.13.1-39
-%endif
-
-Name: container-selinux
-%if 0%{?fedora} || 0%{?centos}
-Epoch: 2
-%endif
-Version: 2.1
-Release: 1%{?dist}
-License: GPLv2
-URL: %{git0}
-Summary: SELinux policies for container runtimes
-Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
-BuildArch: noarch
-BuildRequires: git
-BuildRequires: pkgconfig(systemd)
-
-# RE: rhbz#1195804 - ensure min NVR for selinux-policy
-Requires: selinux-policy >= %{selinux_policyver}
-
-BuildRequires: selinux-policy
-BuildRequires: selinux-policy-devel
-Requires(post): selinux-policy-base >= %{selinux_policyver}
-Requires(post): policycoreutils
-%if 0%{?fedora}
-Requires(post): policycoreutils-python-utils
-%else
-Requires(post): policycoreutils-python
-%endif
-Requires(post): libselinux-utils
-Obsoletes: %{name} <= 2:1.12.5-13
-Obsoletes: docker-selinux <= 2:1.12.4-28
-Provides: docker-selinux = %{epoch}:%{version}-%{release}
-
-%description
-SELinux policy modules for use with container runtimes.
-
-%prep
-%autosetup -Sgit -n %{name}-%{commit0}
-
-%build
-make
-
-%install
-# install policy modules
-%_format MODULES $x.pp.bz2
-install -d %{buildroot}%{_datadir}/selinux/packages
-install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services
-install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services
-install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
-install -d %{buildroot}%{_datadir}/udica/templates
-install -m 0644 udica-templates/*.cil %{buildroot}%{_datadir}/udica/templates
-
-# remove spec file
-rm -rf container-selinux.spec
-
-%check
-
-%pre
-%selinux_relabel_pre -s %{selinuxtype}
-
-%post
-# Install all modules in a single transaction
-if [ $1 -eq 1 ]; then
- %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
-fi
-%_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
-%{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
-%{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null
-%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
-%selinux_modules_install -s %{selinuxtype} $MODULES
-
-%postun
-if [ $1 -eq 0 ]; then
- %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
-fi
-
-%posttrans
-%selinux_relabel_post -s %{selinuxtype}
-
-#define license tag if not already defined
-%{!?_licensedir:%global license %doc}
-
-%files
-%doc README.md
-%{_datadir}/selinux/*
-%{_datadir}/udica/templates/*
-
-%changelog
-* Fri Jan 06 2017 Dan Walsh - 2:2.1-1
-- Additional labeling for ocid
-
-* Fri Jan 06 2017 Lokesh Mandvekar - 2:2.0-1
-- Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a
-standalone package)
-- include projectatomic/RHEL-1.12 branch commit for building on centos/rhel
-
-* Mon Dec 19 2016 Lokesh Mandvekar - 2:1.12.4-29
-- new package (separated from docker)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/container-selinux-2.198.0/sources new/container-selinux-2.206.0/sources
--- old/container-selinux-2.198.0/sources 2023-01-05 20:57:53.000000000 +0100
+++ new/container-selinux-2.206.0/sources 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-SHA512 (container-selinux-e06212c.tar.gz) = a859346b306b9a11057cd192f74f497bea32a48cb2f1ddf3dd840117379a945a9c32db4c1213482a3f769bc237a838a07516821f0ed665a595e2f3f1f995990e