--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-b627928416
2019-02-02 02:35:43.153653
--------------------------------------------------------------------------------
Name : container-selinux
Product : Fedora 28
Version : 2.80
Release : 1.git1b655d9.fc28
URL :
https://github.com/projectatomic/container-selinux
Summary : SELinux policies for container runtimes
Description :
SELinux policy modules for use with container runtimes.
--------------------------------------------------------------------------------
Update Information:
Remove access to container runtime sockets.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 22 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.80-1
- Don't allow containers to talk to contianer runtime sockets
* Fri Jan 11 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.79-1
- Fix labeling on /var/lib/registries
* Thu Jan 10 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.78-1
- Fix labeling for images in docker daemon user namespace
* Mon Dec 17 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.77-1
- Allow container-runtime to setattr on fifo_file handed into container runtime.
* Tue Nov 13 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.752.75-1.dev.git99e2cfd1
- bump to 2.75
- autobuilt 99e2cfd
* Mon Nov 12 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.76-1
- Allow containers to sendto dgram socket of container runtimes
- Needed to run container runtimes in notify socket unit files.
* Tue Oct 30 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.75-1.dev.git99e2cfd
- Allow containers to use fuse file systems by default
* Fri Oct 19 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.74-1
- Allow containers to setexec themselves
* Sat Sep 22 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.73-2
- Remove requires for policycoreutils-python-utils we don't need it.
* Wed Sep 12 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.73-1
- Define spc_t as a container_domain, so that container_runtime will transition
to spc_t even when setup with nosuid.
* Wed Sep 12 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.72-1
- Allow container_runtimes to setattr on callers fifo_files
github.com/opencontainers/selinux
* Mon Aug 27 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.71-2
- Fix restorecon to not error on missing directory
* Wed Aug 22 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.71-1
- Allow unconfined_r to transition to system_r over container_runtime_exec_t
* Wed Aug 22 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.70-1
- Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t
* Wed Jul 25 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.69-1
- dontaudit attempts to write to sysctl_kernel_t
* Wed Jul 18 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.68-2.gitc139a3d
- autobuilt c139a3d
* Mon Jul 16 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.67-1
- Add label for /var/lib/origin
- Add customizable_file_t to customizable_types
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
2:2.67-3.dev.git042f7cf
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 9 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.67-2.git042f7cf
- autobuilt 042f7cf
* Sat Jul 7 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.67-1.git0407867
- bump to 2.67
- autobuilt 0407867
* Sat Jun 30 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.66-1
- Allow container runtimes to dbus chat with systemd-resolved
* Tue Jun 12 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.64-1.gitdfaf8fd
- bump to 2.64
- autobuilt dfaf8fd
* Mon Jun 11 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.65-1
- Add new type to handle containers running with a non priv user in a userns
- allow containers to map all sockets
* Sun Jun 3 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.64-1.gitdfaf8fd
- Allow containers to create all socket classes
* Wed May 30 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.63-1
- Allow containers to create icmp packets
* Fri May 25 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.62-1.git1ecf953
- bump to 2.62
- autobuilt 1ecf953
* Mon May 21 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.61-1
- Allow spc_t to load kernel modules from inside of container
* Mon May 21 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.60-1
- Allow containers to list cgroup directories
* Mon May 21 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.59-1
- Transition for unconfined_service_t to container_runtime_t when executing
container_runtime_exec_t.
* Mon May 21 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.58-2
- Run restorecon /usr/bin/podman in postinstall
* Fri May 18 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.58-1
- Add labels to allow podman to be run from a systemd unit file
* Tue Apr 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.55-12.gitd248f91
- autobuilt commit d248f91
* Tue Apr 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.55-11.gitd248f91
- autobuilt commit d248f91
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.55-10.gitd248f91
- autobuilt commit d248f91
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.55-9.gitd248f91
- autobuilt commit d248f91
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> - 2:2.55-8
- autobuilt commit d248f91
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> - 2:2.55-7
- autobuilt commit d248f91
* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> - 2:2.55-6
- autobuilt commit d248f91
* Mon Apr 9 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> - 2:2.55-5
- autobuilt commit d248f91
* Mon Apr 9 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> - 2:2.55-4
- autobuilt commit d248f91
* Mon Apr 9 2018 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 2:2.55-3
- autobuilt commit d248f91
* Mon Apr 9 2018 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 2:2.55-2
- autobuilt commit d248f91
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-b627928416' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------