container-selinux package update to el7 version

Signed-off-by: virtbuilder_pel7ppc64bebuilder0 <virtbuilder@powerel.org>

SPECS/container-selinux.spec

@@ -1,8 +1,8 @@
 %global debug_package   %{nil}
 
 # container-selinux
-%global git0 https://github.com/projectatomic/container-selinux
-%global commit0 619db17b743ec8c75dabb0b08563f9ddad899ff2
+%global git0 https://github.com/projectatomic/%{name}
+%global commit0 ac032a647ad22bd51ce4e23ce04934647bb6f3f8
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # container-selinux stuff (prefix with ds_ for version/release etc.)
@@ -20,14 +20,12 @@
 %global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*podman* %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || :
 
 # Version of SELinux we were using
-%global selinux_policyver 3.13.1-220
+%global selinux_policyver 3.13.1-216.el7
 
 Name: container-selinux
-%if 0%{?fedora}
 Epoch: 2
-%endif
-Version: 2.90
-Release: 1.git%{shortcommit0}%{?dist}
+Version: 2.74
+Release: 1%{?dist}
 License: GPLv2
 URL: %{git0}
 Summary: SELinux policies for container runtimes
@@ -41,18 +39,25 @@ BuildRequires: selinux-policy-devel >= %{selinux_policyver}
 Requires: selinux-policy >= %{selinux_policyver}
 Requires(post): selinux-policy-base >= %{selinux_policyver}
 Requires(post): selinux-policy-targeted >= %{selinux_policyver}
-Requires(post): policycoreutils
+Requires(post): policycoreutils >= 2.5-11
+
+%if 0%{?rhel} > 7 || 0%{?fedora}
+Requires(post): policycoreutils-python-utils
+%else
+Requires(post): policycoreutils-python
+%endif
 Requires(post): libselinux-utils
 Requires(post): sed
-Obsoletes: %{name} <= 2:1.12.5-13
+Obsoletes: %{name} <= 2:1.12.5-14
 Obsoletes: docker-selinux <= 2:1.12.4-28
 Provides: docker-selinux = %{epoch}:%{version}-%{release}
+Provides: docker-engine-selinux = %{epoch}:%{version}-%{release}
 
 %description
 SELinux policy modules for use with container runtimes.
 
 %prep
-%autosetup -Sgit -n %{name}-%{commit0}
+%autosetup -Sgit  -n %{name}-%{commit0}
 
 %build
 make
@@ -62,18 +67,18 @@ make
 %_format MODULES $x.pp.bz2
 install -d %{buildroot}%{_datadir}/selinux/packages
 install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services
-install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services
+install -p -m 644 %{modulenames}.if %{buildroot}%{_datadir}/selinux/devel/include/services
 install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
 
 # remove spec file
-rm -rf container-selinux.spec
+rm -rf %{name}.spec
 
 %check
 
 %post
 # Install all modules in a single transaction
 if [ $1 -eq 1 ]; then
-	%{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
+    %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
 fi
 %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
@@ -85,11 +90,10 @@ if %{_sbindir}/selinuxenabled ; then
     %relabel_files
     if [ $1 -eq 1 ]; then
 	restorecon -R %{_sharedstatedir}/docker &> /dev/null || :
-	restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
     fi
 fi
 . %{_sysconfdir}/selinux/config
-sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types 
+sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types
 matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
 
 %postun
@@ -109,153 +113,47 @@ fi
 %{_datadir}/selinux/*
 
 %changelog
-* Wed Mar 20 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.90-1
-- Allow containers to mount and umount fuse file systems.  This will allow us
-- to use buidlah within a user namespace separated container.
-
-* Sat Mar 9 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.89-1
-- Allow all container domains to have container file types entrypoint
-- Add new release to fix issues with udica
-- Allow container_runtime_t to dyntransition to container domains
-
-* Sat Mar 09 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.89-5.git2521d0d
-- bump to 2.89
-- autobuilt 2521d0d
-
-* Thu Mar 07 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.88-4.git5c98b56
-- bump to 2.88
-- autobuilt 5c98b56
-
-* Wed Mar 06 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.87-3.git2c1a2ab
-- autobuilt 2c1a2ab
-
-* Sat Mar 02 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.87-2.git891a85f
-- bump to 2.87
-- autobuilt 891a85f
-
-* Fri Mar 1 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.86-1
-- Allow unconfined user and services to dyntrans to container domains, needed for CRIU
-- Allow containers exectue hugetlb files.
-
-* Thu Feb 28 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.85-1
-- More allow rules to allow containers to run within containers
-
-* Thu Feb 28 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.84-1
-- More allow rules to allow containers to run within containers
-
-* Tue Feb 26 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.82-2.git5e1f62f
-- bump to 2.82
-- autobuilt 5e1f62f
-
-* Mon Feb 25 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.83-1
-- Allow containers to mounton cgroup and container_file_t
-
-* Sun Feb 10 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.82-1.nightly.git5e1f62f
-- Allow confined users to use containers
-
-* Fri Feb 08 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.80-3.git21c2be6
-- bump to 2.80
-- autobuilt 21c2be6
-
-* Thu Feb 7 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.81-1
-- Add new labels for paths for containerd
-
-* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.80-2.git1b655d9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Tue Jan 22 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.80-1.nightly.git21c2be6
-- Don't allow containers to talk to contianer runtime sockets
-
-* Fri Jan 11 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.79-1
-- Fix labeling on /var/lib/registries
-
-* Thu Jan 10 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.78-1
-- Fix labeling for images in docker daemon user namespace
-
-* Mon Dec 17 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.77-1
-- Allow container-runtime to setattr on fifo_file handed into container runtime.
-
-* Tue Nov 13 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.752.75-1.dev.git99e2cfd1
-- bump to 2.75
-- autobuilt 99e2cfd
-
-* Mon Nov 12 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.76-1
-- Allow containers to sendto dgram socket of container runtimes
-- Needed to run container runtimes in notify socket unit files.
-
-* Tue Oct 30 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.75-1.dev.git99e2cfd
-- Allow containers to use fuse file systems by default
-
 * Fri Oct 19 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.74-1
 - Allow containers to setexec themselves
 
-* Sat Sep 22 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.73-2
-- Remove requires for policycoreutils-python-utils we don't need it.
+* Tue Sep 18 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 2:2.73-3
+- tweak macro for fedora - applies to rhel8 as well
 
-* Wed Sep 12 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.73-1
+* Mon Sep 17 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 2:2.73-2
+- moved changelog entries:
 - Define spc_t as a container_domain, so that container_runtime will transition
 to spc_t even when setup with nosuid.
-
-* Wed Sep 12 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.72-1
 - Allow container_runtimes to setattr on callers fifo_files
-github.com/opencontainers/selinux
-* Mon Aug 27 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.71-2
 - Fix restorecon to not error on missing directory
 
-* Wed Aug 22 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.71-1
-- Allow unconfined_r to transition to system_r over container_runtime_exec_t
-
-* Wed Aug 22 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.70-1
-- Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t
+* Thu Sep 6 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.69-3
+- Make sure we pull in the latest selinux-policy
 
-* Wed Jul 25 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.69-1
-- dontaudit attempts to write to sysctl_kernel_t
+* Wed Jul 25 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.69-2
+- Add map support to container-selinux for RHEL 7.5
+- Dontudit attempts to write to kernel_sysctl_t
 
-* Wed Jul 18 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.68-2.gitc139a3d
-- autobuilt c139a3d
-
-* Mon Jul 16 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.67-1
+* Mon Jul 16 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.68-1
 - Add label for /var/lib/origin
 - Add customizable_file_t to customizable_types
 
-* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.67-3.dev.git042f7cf
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Mon Jul 09 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.67-2.git042f7cf
-- autobuilt 042f7cf
-
-* Sat Jul 07 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.67-1.git0407867
-- bump to 2.67
-- autobuilt 0407867
-
-* Sat Jun 30 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.66-1
-- Allow container runtimes to dbus chat with systemd-resolved
+* Sun Jul 15 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.67-1
+- Add policy for container_logreader_t
 
-* Tue Jun 12 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.64-1.gitdfaf8fd
-- bump to 2.64
-- autobuilt dfaf8fd
+* Thu Jun 14 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.66-1
+- Allow dnsmasq to dbus chat with spc_t
 
-* Mon Jun 11 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.65-1
-- Add new type to handle containers running with a non priv user in a userns
-- allow containers to map all sockets
-
-* Sun Jun 3 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.64-1.gitdfaf8fd
+* Sun Jun 3 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.64-1
 - Allow containers to create all socket classes
 
-* Wed May 30 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.63-1
-- Allow containers to create icmp packets
-
-* Fri May 25 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.62-1.git1ecf953
-- bump to 2.62
-- autobuilt 1ecf953
+* Thu May 24 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.62-1
+- Label overlay directories under /var/lib/containers/ correctly
 
 * Mon May 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.61-1
 - Allow spc_t to load kernel modules from inside of container 
 
 * Mon May 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.60-1
 - Allow containers to list cgroup directories
-
-* Mon May 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.59-1
 - Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.
 
 * Mon May 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.58-2
@@ -264,82 +162,33 @@ github.com/opencontainers/selinux
 * Fri May 18 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.58-1
 - Add labels to allow podman to be run from a systemd unit file
 
-* Tue Apr 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-12.gitd248f91
-- autobuilt commit d248f91
-
-* Tue Apr 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-11.gitd248f91
-- autobuilt commit d248f91
-
-* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-10.gitd248f91
-- autobuilt commit d248f91
-
-* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-9.gitd248f91
-- autobuilt commit d248f91
-
-* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-8
-- autobuilt commit d248f91
-
-* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-7
-- autobuilt commit d248f91
-
-* Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-6
-- autobuilt commit d248f91
-
-* Mon Apr 09 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-5
-- autobuilt commit d248f91
+* Mon May 7 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.57-1
+- Set the version of SELinux policy required to the latest to fix build issues.
 
-* Mon Apr 09 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-4
-- autobuilt commit d248f91
+* Wed Apr 11 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.56-1
+- Allow container_runtime_t to transition to spc_t over unlabeled files
 
-* Mon Apr 09 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.55-3
-- autobuilt commit d248f91
-
-* Mon Apr 09 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.55-2
-- autobuilt commit d248f91
-
-* Thu Mar 15 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.55-1
-- Dontaudit attempts by containers to write to /proc/self
-
-* Wed Mar 14 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.54-1
--  Add rules for container domains to make writing custom policy easier
--  Allow shell_exec_t as a container_runtime_t entrypoint
+* Mon Mar 26 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.55-1
+    Allow iptables to read container state
+    Dontaudit attempts from containers to write to /proc/self
+    Allow spc_t to change attributes on container_runtime_t fifo files
 
 * Thu Mar 8 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.52-1
-- Add rules for container domains to make writing custom policy easier
+- Add better support for writing custom selinux policy for customer container domains.
 
 * Thu Mar 8 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.51-1
 - Allow shell_exec_t as a container_runtime_t entrypoint
 
 * Wed Mar 7 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.50-1
 - Allow bin_t as a container_runtime_t entrypoint
-- Add rules for running container runtimes on mls
-
-* Thu Feb 15 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.48-1
-- Allow container domains to map container_file_t directories
-
-* Sat Feb 10 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.47-1
-- Change default label of /exports to container_var_lib_t
-
-* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2:2.46-3
-- Escape macros in %%CHANGELOG
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.46-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 
-* Sat Feb 03 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.46-1
-- Add support for nosuid_transition flags for container_runtime and unconfined domains
-* Fri Feb 02 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.45-1
-- Allow containers to sendto their own stream sockets
+* Fri Mar 2 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.49-1
+- Add support for MLS running container runtimes
+- Add missing allow rules for running systemd in a container
 
-* Mon Jan 29 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.44-1
-- Allow container domains to read kernel ipc info
-
-* Mon Jan 22 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.43-1
-- Allow containers to memory map the fifo_files leaked into container from
-container runtimes.
-
-* Tue Jan 16 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.42-1
-- Allow unconfined domains to transition to container types, when no-new-privs is set.
+* Wed Feb 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.48-1
+- Update policy to match master branch
+- Remove typebounds and replace with nnp_transition and nosuid_transition calls
 
 * Tue Jan 9 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.41-1
 - Add support to nnp_transition for container domains
@@ -417,65 +266,54 @@ satisfy the bounds check of container_t versus container_runtime_t.
 * Fri Jun 30 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.20-1
 - Allow container processes to getsession
 
-* Mon Jun 12 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.19-1
-- Allow containers to create tun sockets
-
-* Tue Jun 6 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.18-1
-- Fix labeling for CRI-O files in overlay subdirs
+* Wed Jun 14 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.19-2.1
+- update release tag to isolate from 7.3
 
-* Mon Jun 5 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.17-1
-- Revert change to run the container_runtime as ranged
+* Wed Jun 14 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:2.19-1
+- Fix mcs transition problem on stdin/stdout/stderr
+- Add labels for CRI-O
+- Allow containers to use tunnel sockets
 
-* Thu Jun 1 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.16-1
-- Add default labeling for cri-o in /etc/crio directories
+* Tue Jun 06 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.15-1.1
+- Resolves: #1451289
+- rebase to v2.15
+- built @origin/RHEL-1.12 commit 583ca40
 
-* Wed May 31 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.15-1
-- Allow container types to read/write container_runtime fifo files
-- Allow a container runtime to mount on top of its own /proc
+* Mon Mar 20 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:2.10-2.1
+- Make sure we have a late enough version of policycoreutils
 
-* Fri May 19 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.14-1
-- Add labels for crio rename
-- Break container_t rules out to use a separate container_domain
-- Allow containers to be able to set namespaced SYCTLS
-- Allow sandbox containers manage fuse files.
-- Fixes to make container_runtimes work on MLS machines
-- Bump version to allow handling of container_file_t filesystems
-- Allow containers to mount, remount and umount container_file_t file systems
-- Fixes to handle cap_userns
+* Mon Mar 6 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:2.10-1
+- Update to the latest container-selinux patch from upstream
+- Label files under /usr/libexec/lxc as container_runtime_exec_t
 - Give container_t access to XFRM sockets
 - Allow spc_t to dbus chat with init system
-- Allow spc_t to dbus chat with init system
-- Add rules to allow container runtimes to run with unconfined disabled
-- Add rules to support cgroup file systems mounted into container.
-- Fix typebounds entrypoint problems
-- Fix typebounds problems
-- Add typebounds statement for container_t from container_runtime_t
-- We should only label runc not runc*
+- Allow containers to read cgroup configuration mounted into a container
 
-* Tue Feb 28 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.10-1
-- Add rules to allow container runtimes to run with unconfined disabled
-- Add rules to support cgroup file systems mounted into container.
+* Tue Feb 21 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.9-4
+- Resolves: #1425574
+- built commit 79a6d70
 
-* Mon Feb 13 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.9-1
-- Add rules to allow container_runtimes to run with unconfined disabled
+* Mon Feb 20 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.9-3
+- Resolves: #1420591
+- built @origin/RHEL-1.12 commit 8f876c4
 
-* Thu Feb 9 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:8.1-1
-- Allow container_file_t to be stored on cgroup_t file systems
+* Mon Feb 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.9-2
+- built @origin/RHEL-1.12 commit 33cb78b
 
-* Tue Feb 7 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:7.1-1
-- Fix type in container interface file
+* Fri Feb 10 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.8-2
+-
 
-* Mon Feb 6 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:6.1-1
-- Fix typebounds entrypoint problems
+* Tue Feb 07 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.7-1
+- built origin/RHEL-1.12 commit 21dd37b
 
-* Fri Jan 27 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:5.1-1
-- Fix typebounds problems
+* Fri Jan 20 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.4-2
+- correct version-release in changelog entries
 
-* Thu Jan 19 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:4.1-1
+* Thu Jan 19 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:2.4-1
 - Add typebounds statement for container_t from container_runtime_t
 - We should only label runc not runc*
 
-* Tue Jan 17 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:3.1-1
+* Tue Jan 17 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:2.3-1
 - Fix labeling on /usr/bin/runc.*
 - Add sandbox_net_domain access to container.te
 - Remove containers ability to look at /etc content