container-selinux package update to el7 version

Signed-off-by: virtbuilder_pel7ppc64bebuilder0 <virtbuilder@powerel.org>
6 years ago · d7d82e56fe
1 changed files with 83 additions and 245 deletions
--- a/SPECS/container-selinux.spec
+++ b/SPECS/container-selinux.spec
@ -1,8 +1,8 @@
 %global debug_package   %{nil}
 # container-selinux
-%global git0 https://github.com/projectatomic/container-selinux
+%global git0 https://github.com/projectatomic/%{name}
-%global commit0 619db17b743ec8c75dabb0b08563f9ddad899ff2
+%global commit0 ac032a647ad22bd51ce4e23ce04934647bb6f3f8
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 # container-selinux stuff (prefix with ds_ for version/release etc.)
@ -20,14 +20,12 @@
 %global relabel_files() %{_sbindir}/restorecon -R %{_bindir}/*podman* %{_bindir}/*runc* %{_bindir}/*crio %{_bindir}/docker* %{_localstatedir}/run/containerd.sock %{_localstatedir}/run/docker.sock %{_localstatedir}/run/docker.pid %{_sysconfdir}/docker %{_sysconfdir}/crio %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_unitdir}/docker.service %{_unitdir}/docker-containerd.service %{_unitdir}/docker-latest.service %{_unitdir}/docker-latest-containerd.service %{_sysconfdir}/docker %{_libexecdir}/docker* &> /dev/null || :
 # Version of SELinux we were using
-%global selinux_policyver 3.13.1-220
+%global selinux_policyver 3.13.1-216.el7
 Name: container-selinux
 %if 0%{?fedora}
 Epoch: 2
-%endif
+Version: 2.74
-Version: 2.90
+Release: 1%{?dist}
 Release: 1.git%{shortcommit0}%{?dist}
 License: GPLv2
 URL: %{git0}
 Summary: SELinux policies for container runtimes
@ -41,18 +39,25 @@ BuildRequires: selinux-policy-devel >= %{selinux_policyver}
 Requires: selinux-policy >= %{selinux_policyver}
 Requires(post): selinux-policy-base >= %{selinux_policyver}
 Requires(post): selinux-policy-targeted >= %{selinux_policyver}
-Requires(post): policycoreutils
+Requires(post): policycoreutils >= 2.5-11
 %if 0%{?rhel} > 7 || 0%{?fedora}
 Requires(post): policycoreutils-python-utils
 %else
 Requires(post): policycoreutils-python
 %endif
 Requires(post): libselinux-utils
 Requires(post): sed
-Obsoletes: %{name} <= 2:1.12.5-13
+Obsoletes: %{name} <= 2:1.12.5-14
 Obsoletes: docker-selinux <= 2:1.12.4-28
 Provides: docker-selinux = %{epoch}:%{version}-%{release}
 Provides: docker-engine-selinux = %{epoch}:%{version}-%{release}
 %description
 SELinux policy modules for use with container runtimes.
 %prep
-%autosetup -Sgit -n %{name}-%{commit0}
+%autosetup -Sgit  -n %{name}-%{commit0}
 %build
 make
@ -62,18 +67,18 @@ make
 %_format MODULES $x.pp.bz2
 install -d %{buildroot}%{_datadir}/selinux/packages
 install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services
-install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services
+install -p -m 644 %{modulenames}.if %{buildroot}%{_datadir}/selinux/devel/include/services
 install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
 # remove spec file
-rm -rf container-selinux.spec
+rm -rf %{name}.spec
 %check
 %post
 # Install all modules in a single transaction
 if [ $1 -eq 1 ]; then
-	%{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
+    %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
 fi
 %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
@ -85,11 +90,10 @@ if %{_sbindir}/selinuxenabled ; then
    %relabel_files
    if [ $1 -eq 1 ]; then
 	restorecon -R %{_sharedstatedir}/docker &> /dev/null || :
 	restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
    fi
 fi
 . %{_sysconfdir}/selinux/config
-sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types 
+sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types
 matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
 %postun
@ -109,153 +113,47 @@ fi
 %{_datadir}/selinux/*
 %changelog
 * Wed Mar 20 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.90-1
 - Allow containers to mount and umount fuse file systems.  This will allow us
 - to use buidlah within a user namespace separated container.
 * Sat Mar 9 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.89-1
 - Allow all container domains to have container file types entrypoint
 - Add new release to fix issues with udica
 - Allow container_runtime_t to dyntransition to container domains
 * Sat Mar 09 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.89-5.git2521d0d
 - bump to 2.89
 - autobuilt 2521d0d
 * Thu Mar 07 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.88-4.git5c98b56
 - bump to 2.88
 - autobuilt 5c98b56
 * Wed Mar 06 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.87-3.git2c1a2ab
 - autobuilt 2c1a2ab
 * Sat Mar 02 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.87-2.git891a85f
 - bump to 2.87
 - autobuilt 891a85f
 * Fri Mar 1 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.86-1
 - Allow unconfined user and services to dyntrans to container domains, needed for CRIU
 - Allow containers exectue hugetlb files.
 * Thu Feb 28 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.85-1
 - More allow rules to allow containers to run within containers
 * Thu Feb 28 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.84-1
 - More allow rules to allow containers to run within containers
 * Tue Feb 26 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.82-2.git5e1f62f
 - bump to 2.82
 - autobuilt 5e1f62f
 * Mon Feb 25 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.83-1
 - Allow containers to mounton cgroup and container_file_t
 * Sun Feb 10 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.82-1.nightly.git5e1f62f
 - Allow confined users to use containers
 * Fri Feb 08 2019 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.80-3.git21c2be6
 - bump to 2.80
 - autobuilt 21c2be6
 * Thu Feb 7 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.81-1
 - Add new labels for paths for containerd
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.80-2.git1b655d9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Tue Jan 22 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.80-1.nightly.git21c2be6
 - Don't allow containers to talk to contianer runtime sockets
 * Fri Jan 11 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.79-1
 - Fix labeling on /var/lib/registries
 * Thu Jan 10 2019 Dan Walsh <dwalsh@fedoraproject.org> - 2.78-1
 - Fix labeling for images in docker daemon user namespace
 * Mon Dec 17 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.77-1
 - Allow container-runtime to setattr on fifo_file handed into container runtime.
 * Tue Nov 13 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.752.75-1.dev.git99e2cfd1
 - bump to 2.75
 - autobuilt 99e2cfd
 * Mon Nov 12 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.76-1
 - Allow containers to sendto dgram socket of container runtimes
 - Needed to run container runtimes in notify socket unit files.
 * Tue Oct 30 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.75-1.dev.git99e2cfd
 - Allow containers to use fuse file systems by default
 * Fri Oct 19 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.74-1
 - Allow containers to setexec themselves
-* Sat Sep 22 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.73-2
+* Tue Sep 18 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 2:2.73-3
- Remove requires for policycoreutils-python-utils we don't need it.
+- tweak macro for fedora - applies to rhel8 as well
-* Wed Sep 12 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.73-1
+* Mon Sep 17 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 2:2.73-2
 - moved changelog entries:
 - Define spc_t as a container_domain, so that container_runtime will transition
 to spc_t even when setup with nosuid.
 * Wed Sep 12 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.72-1
 - Allow container_runtimes to setattr on callers fifo_files
 github.com/opencontainers/selinux
 * Mon Aug 27 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.71-2
 - Fix restorecon to not error on missing directory
-* Wed Aug 22 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.71-1
+* Thu Sep 6 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.69-3
- Allow unconfined_r to transition to system_r over container_runtime_exec_t
+- Make sure we pull in the latest selinux-policy
 * Wed Aug 22 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.70-1
 - Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t
-* Wed Jul 25 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.69-1
+* Wed Jul 25 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.69-2
- dontaudit attempts to write to sysctl_kernel_t
+- Add map support to container-selinux for RHEL 7.5
 - Dontudit attempts to write to kernel_sysctl_t
-* Wed Jul 18 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.68-2.gitc139a3d
+* Mon Jul 16 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.68-1
 - autobuilt c139a3d
 * Mon Jul 16 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.67-1
 - Add label for /var/lib/origin
 - Add customizable_file_t to customizable_types
-* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.67-3.dev.git042f7cf
+* Sun Jul 15 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.67-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+- Add policy for container_logreader_t
 * Mon Jul 09 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.67-2.git042f7cf
 - autobuilt 042f7cf
 * Sat Jul 07 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.67-1.git0407867
 - bump to 2.67
 - autobuilt 0407867
 * Sat Jun 30 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.66-1
 - Allow container runtimes to dbus chat with systemd-resolved
-* Tue Jun 12 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.64-1.gitdfaf8fd
+* Thu Jun 14 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.66-1
- bump to 2.64
+- Allow dnsmasq to dbus chat with spc_t
 - autobuilt dfaf8fd
-* Mon Jun 11 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.65-1
+* Sun Jun 3 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.64-1
 - Add new type to handle containers running with a non priv user in a userns
 - allow containers to map all sockets
 * Sun Jun 3 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.64-1.gitdfaf8fd
 - Allow containers to create all socket classes
-* Wed May 30 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.63-1
+* Thu May 24 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.62-1
- Allow containers to create icmp packets
+- Label overlay directories under /var/lib/containers/ correctly
 * Fri May 25 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.62-1.git1ecf953
 - bump to 2.62
 - autobuilt 1ecf953
 * Mon May 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.61-1
 - Allow spc_t to load kernel modules from inside of container 
 * Mon May 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.60-1
 - Allow containers to list cgroup directories
 * Mon May 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.59-1
 - Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.
 * Mon May 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.58-2
@ -264,82 +162,33 @@ github.com/opencontainers/selinux
 * Fri May 18 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.58-1
 - Add labels to allow podman to be run from a systemd unit file
-* Tue Apr 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-12.gitd248f91
+* Mon May 7 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.57-1
- autobuilt commit d248f91
+- Set the version of SELinux policy required to the latest to fix build issues.
 * Tue Apr 17 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-11.gitd248f91
 - autobuilt commit d248f91
 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-10.gitd248f91
 - autobuilt commit d248f91
 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-9.gitd248f91
 - autobuilt commit d248f91
 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-8
 - autobuilt commit d248f91
 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-7
 - autobuilt commit d248f91
 * Mon Apr 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-6
 - autobuilt commit d248f91
 * Mon Apr 09 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-5
 - autobuilt commit d248f91
-* Mon Apr 09 2018 Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org> - 2:2.55-4
+* Wed Apr 11 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.56-1
- autobuilt commit d248f91
+- Allow container_runtime_t to transition to spc_t over unlabeled files
-* Mon Apr 09 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.55-3
+* Mon Mar 26 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.55-1
- autobuilt commit d248f91
+    Allow iptables to read container state
-
+    Dontaudit attempts from containers to write to /proc/self
-* Mon Apr 09 2018 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.55-2
+    Allow spc_t to change attributes on container_runtime_t fifo files
 - autobuilt commit d248f91
 * Thu Mar 15 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.55-1
 - Dontaudit attempts by containers to write to /proc/self
 * Wed Mar 14 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.54-1
 -  Add rules for container domains to make writing custom policy easier
 -  Allow shell_exec_t as a container_runtime_t entrypoint
 * Thu Mar 8 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.52-1
- Add rules for container domains to make writing custom policy easier
+- Add better support for writing custom selinux policy for customer container domains.
 * Thu Mar 8 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.51-1
 - Allow shell_exec_t as a container_runtime_t entrypoint
 * Wed Mar 7 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.50-1
 - Allow bin_t as a container_runtime_t entrypoint
 - Add rules for running container runtimes on mls
 * Thu Feb 15 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.48-1
 - Allow container domains to map container_file_t directories
 * Sat Feb 10 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.47-1
 - Change default label of /exports to container_var_lib_t
 * Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2:2.46-3
 - Escape macros in %%CHANGELOG
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.46-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-* Sat Feb 03 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.46-1
+* Fri Mar 2 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.49-1
- Add support for nosuid_transition flags for container_runtime and unconfined domains
+- Add support for MLS running container runtimes
-* Fri Feb 02 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.45-1
+- Add missing allow rules for running systemd in a container
 - Allow containers to sendto their own stream sockets
-* Mon Jan 29 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.44-1
+* Wed Feb 21 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.48-1
- Allow container domains to read kernel ipc info
+- Update policy to match master branch
-
+- Remove typebounds and replace with nnp_transition and nosuid_transition calls
 * Mon Jan 22 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.43-1
 - Allow containers to memory map the fifo_files leaked into container from
 container runtimes.
 * Tue Jan 16 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.42-1
 - Allow unconfined domains to transition to container types, when no-new-privs is set.
 * Tue Jan 9 2018 Dan Walsh <dwalsh@fedoraproject.org> - 2.41-1
 - Add support to nnp_transition for container domains
@ -417,65 +266,54 @@ satisfy the bounds check of container_t versus container_runtime_t.
 * Fri Jun 30 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.20-1
 - Allow container processes to getsession
-* Mon Jun 12 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.19-1
+* Wed Jun 14 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.19-2.1
- Allow containers to create tun sockets
+- update release tag to isolate from 7.3
 * Tue Jun 6 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.18-1
 - Fix labeling for CRI-O files in overlay subdirs
-* Mon Jun 5 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.17-1
+* Wed Jun 14 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:2.19-1
- Revert change to run the container_runtime as ranged
+- Fix mcs transition problem on stdin/stdout/stderr
 - Add labels for CRI-O
 - Allow containers to use tunnel sockets
-* Thu Jun 1 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.16-1
+* Tue Jun 06 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.15-1.1
- Add default labeling for cri-o in /etc/crio directories
+- Resolves: #1451289
 - rebase to v2.15
 - built @origin/RHEL-1.12 commit 583ca40
-* Wed May 31 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.15-1
+* Mon Mar 20 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:2.10-2.1
- Allow container types to read/write container_runtime fifo files
+- Make sure we have a late enough version of policycoreutils
 - Allow a container runtime to mount on top of its own /proc
-* Fri May 19 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.14-1
+* Mon Mar 6 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:2.10-1
- Add labels for crio rename
+- Update to the latest container-selinux patch from upstream
- Break container_t rules out to use a separate container_domain
+- Label files under /usr/libexec/lxc as container_runtime_exec_t
 - Allow containers to be able to set namespaced SYCTLS
 - Allow sandbox containers manage fuse files.
 - Fixes to make container_runtimes work on MLS machines
 - Bump version to allow handling of container_file_t filesystems
 - Allow containers to mount, remount and umount container_file_t file systems
 - Fixes to handle cap_userns
 - Give container_t access to XFRM sockets
 - Allow spc_t to dbus chat with init system
- Allow spc_t to dbus chat with init system
+- Allow containers to read cgroup configuration mounted into a container
 - Add rules to allow container runtimes to run with unconfined disabled
 - Add rules to support cgroup file systems mounted into container.
 - Fix typebounds entrypoint problems
 - Fix typebounds problems
 - Add typebounds statement for container_t from container_runtime_t
 - We should only label runc not runc*
-* Tue Feb 28 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.10-1
+* Tue Feb 21 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.9-4
- Add rules to allow container runtimes to run with unconfined disabled
+- Resolves: #1425574
- Add rules to support cgroup file systems mounted into container.
+- built commit 79a6d70
-* Mon Feb 13 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2.9-1
+* Mon Feb 20 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.9-3
- Add rules to allow container_runtimes to run with unconfined disabled
+- Resolves: #1420591
 - built @origin/RHEL-1.12 commit 8f876c4
-* Thu Feb 9 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:8.1-1
+* Mon Feb 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.9-2
- Allow container_file_t to be stored on cgroup_t file systems
+- built @origin/RHEL-1.12 commit 33cb78b
-* Tue Feb 7 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:7.1-1
+* Fri Feb 10 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.8-2
- Fix type in container interface file
+-
-* Mon Feb 6 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:6.1-1
+* Tue Feb 07 2017 Lokesh Mandvekar <lsm5@redhat.com> - 2:2.7-1
- Fix typebounds entrypoint problems
+- built origin/RHEL-1.12 commit 21dd37b
-* Fri Jan 27 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:5.1-1
+* Fri Jan 20 2017 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.4-2
- Fix typebounds problems
+- correct version-release in changelog entries
-* Thu Jan 19 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:4.1-1
+* Thu Jan 19 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:2.4-1
 - Add typebounds statement for container_t from container_runtime_t
 - We should only label runc not runc*
-* Tue Jan 17 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:3.1-1
+* Tue Jan 17 2017 Dan Walsh <dwalsh@fedoraproject.org> - 2:2.3-1
 - Fix labeling on /usr/bin/runc.*
 - Add sandbox_net_domain access to container.te
 - Remove containers ability to look at /etc content