-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-32784d7fc6 2019-03-29 02:58:04.250496 -------------------------------------------------------------------------------- Name : container-selinux Product : Fedora 29 Version : 2.91 Release : 1.gitacc6941.fc29 URL : https://github.com/projectatomic/container-selinux Summary : SELinux policies for container runtimes Description : SELinux policy modules for use with container runtimes. -------------------------------------------------------------------------------- Update Information: Fix creation of unlabeled keys ---- Allow buildah containers to run within podman/cri-o containers. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 26 2019 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.91-1 - Allow container runtimes to create unlabeled keyrings * Wed Mar 20 2019 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.90-1 - Allow containers to mount and umount fuse file systems. This will allow us - to use buidlah within a user namespace separated container. * Sat Mar 9 2019 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.89-1 - Allow all container domains to have container file types entrypoint - Add new release to fix issues with udica - Allow container_runtime_t to dyntransition to container domains * Sat Mar 9 2019 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org&gt; - 2:2.89-5.git2521d0d - bump to 2.89 - autobuilt 2521d0d * Thu Mar 7 2019 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org&gt; - 2:2.88-4.git5c98b56 - bump to 2.88 - autobuilt 5c98b56 * Wed Mar 6 2019 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org&gt; - 2:2.87-3.git2c1a2ab - autobuilt 2c1a2ab * Sat Mar 2 2019 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org&gt; - 2:2.87-2.git891a85f - bump to 2.87 - autobuilt 891a85f * Fri Mar 1 2019 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.86-1 - Allow unconfined user and services to dyntrans to container domains, needed for CRIU - Allow containers exectue hugetlb files. * Thu Feb 28 2019 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.85-1 - More allow rules to allow containers to run within containers * Thu Feb 28 2019 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.84-1 - More allow rules to allow containers to run within containers * Tue Feb 26 2019 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org&gt; - 2:2.82-2.git5e1f62f - bump to 2.82 - autobuilt 5e1f62f * Mon Feb 25 2019 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.83-1 - Allow containers to mounton cgroup and container_file_t * Sun Feb 10 2019 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.82-1.nightly.git5e1f62f - Allow confined users to use containers * Fri Feb 8 2019 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org&gt; - 2:2.80-3.git21c2be6 - bump to 2.80 - autobuilt 21c2be6 * Thu Feb 7 2019 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.81-1 - Add new labels for paths for containerd * Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 2:2.80-2.git1b655d9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Tue Jan 22 2019 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.80-1.nightly.git21c2be6 - Don't allow containers to talk to contianer runtime sockets * Fri Jan 11 2019 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.79-1 - Fix labeling on /var/lib/registries * Thu Jan 10 2019 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.78-1 - Fix labeling for images in docker daemon user namespace * Mon Dec 17 2018 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.77-1 - Allow container-runtime to setattr on fifo_file handed into container runtime. * Tue Nov 13 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org&gt; - 2:2.752.75-1.dev.git99e2cfd1 - bump to 2.75 - autobuilt 99e2cfd * Mon Nov 12 2018 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.76-1 - Allow containers to sendto dgram socket of container runtimes - Needed to run container runtimes in notify socket unit files. * Tue Oct 30 2018 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.75-1.dev.git99e2cfd - Allow containers to use fuse file systems by default * Fri Oct 19 2018 Dan Walsh <dwalsh(a)fedoraproject.org&gt; - 2.74-1 - Allow containers to setexec themselves -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-32784d7fc6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------