--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-32784d7fc6
2019-03-29 02:58:04.250496
--------------------------------------------------------------------------------
Name : container-selinux
Product : Fedora 29
Version : 2.91
Release : 1.gitacc6941.fc29
URL :
https://github.com/projectatomic/container-selinux
Summary : SELinux policies for container runtimes
Description :
SELinux policy modules for use with container runtimes.
--------------------------------------------------------------------------------
Update Information:
Fix creation of unlabeled keys ---- Allow buildah containers to run within
podman/cri-o containers.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 26 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.91-1
- Allow container runtimes to create unlabeled keyrings
* Wed Mar 20 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.90-1
- Allow containers to mount and umount fuse file systems. This will allow us
- to use buidlah within a user namespace separated container.
* Sat Mar 9 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.89-1
- Allow all container domains to have container file types entrypoint
- Add new release to fix issues with udica
- Allow container_runtime_t to dyntransition to container domains
* Sat Mar 9 2019 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.89-5.git2521d0d
- bump to 2.89
- autobuilt 2521d0d
* Thu Mar 7 2019 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.88-4.git5c98b56
- bump to 2.88
- autobuilt 5c98b56
* Wed Mar 6 2019 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.87-3.git2c1a2ab
- autobuilt 2c1a2ab
* Sat Mar 2 2019 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.87-2.git891a85f
- bump to 2.87
- autobuilt 891a85f
* Fri Mar 1 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.86-1
- Allow unconfined user and services to dyntrans to container domains, needed for CRIU
- Allow containers exectue hugetlb files.
* Thu Feb 28 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.85-1
- More allow rules to allow containers to run within containers
* Thu Feb 28 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.84-1
- More allow rules to allow containers to run within containers
* Tue Feb 26 2019 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.82-2.git5e1f62f
- bump to 2.82
- autobuilt 5e1f62f
* Mon Feb 25 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.83-1
- Allow containers to mounton cgroup and container_file_t
* Sun Feb 10 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.82-1.nightly.git5e1f62f
- Allow confined users to use containers
* Fri Feb 8 2019 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.80-3.git21c2be6
- bump to 2.80
- autobuilt 21c2be6
* Thu Feb 7 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.81-1
- Add new labels for paths for containerd
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
2:2.80-2.git1b655d9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Jan 22 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.80-1.nightly.git21c2be6
- Don't allow containers to talk to contianer runtime sockets
* Fri Jan 11 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.79-1
- Fix labeling on /var/lib/registries
* Thu Jan 10 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.78-1
- Fix labeling for images in docker daemon user namespace
* Mon Dec 17 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.77-1
- Allow container-runtime to setattr on fifo_file handed into container runtime.
* Tue Nov 13 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:2.752.75-1.dev.git99e2cfd1
- bump to 2.75
- autobuilt 99e2cfd
* Mon Nov 12 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.76-1
- Allow containers to sendto dgram socket of container runtimes
- Needed to run container runtimes in notify socket unit files.
* Tue Oct 30 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.75-1.dev.git99e2cfd
- Allow containers to use fuse file systems by default
* Fri Oct 19 2018 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.74-1
- Allow containers to setexec themselves
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-32784d7fc6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------