diff --git a/container-selinux.tgz b/container-selinux.tgz index 0c11cbc..f5d2af2 100644 Binary files a/container-selinux.tgz and b/container-selinux.tgz differ diff --git a/policy-f24-base.patch b/policy-f24-base.patch index 907824f..8485054 100644 --- a/policy-f24-base.patch +++ b/policy-f24-base.patch @@ -10179,7 +10179,7 @@ index 6a1e4d1..26e5558 100644 + dontaudit $1 domain:dir_file_class_set audit_access; ') diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te -index cf04cb5..a9bf132 100644 +index cf04cb5..80797ea 100644 --- a/policy/modules/kernel/domain.te +++ b/policy/modules/kernel/domain.te @@ -4,17 +4,41 @@ policy_module(domain, 1.11.0) @@ -10360,7 +10360,7 @@ index cf04cb5..a9bf132 100644 +') + +optional_policy(` -+ docker_filetrans_named_content(named_filetrans_domain) ++ container_filetrans_named_content(named_filetrans_domain) +') + +optional_policy(` @@ -10706,7 +10706,7 @@ index cf04cb5..a9bf132 100644 +') + +optional_policy(` -+ docker_spc_stream_connect(domain) ++ container_spc_stream_connect(domain) +') + +optional_policy(` @@ -25415,7 +25415,7 @@ index 234a940..a92415a 100644 ######################################## ## diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te -index 0fef1fc..59d8b87 100644 +index 0fef1fc..c3b8b13 100644 --- a/policy/modules/roles/staff.te +++ b/policy/modules/roles/staff.te @@ -8,12 +8,73 @@ policy_module(staff, 2.4.0) @@ -25521,8 +25521,8 @@ index 0fef1fc..59d8b87 100644 optional_policy(` - git_role(staff_r, staff_t) -+ docker_stream_connect(staff_t) -+ docker_exec(staff_t) ++ container_stream_connect(staff_t) ++ container_runtime_exec(staff_t) +') + +optional_policy(` @@ -25814,7 +25814,7 @@ index ff92430..36740ea 100644 ## ## Execute a generic bin program in the sysadm domain. diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te -index 2522ca6..d389826 100644 +index 2522ca6..47b6d44 100644 --- a/policy/modules/roles/sysadm.te +++ b/policy/modules/roles/sysadm.te @@ -5,39 +5,92 @@ policy_module(sysadm, 2.6.1) @@ -25910,7 +25910,7 @@ index 2522ca6..d389826 100644 +') + +optional_policy(` -+ docker_stream_connect(sysadm_t) ++ container_stream_connect(sysadm_t) +') + +optional_policy(` @@ -27230,7 +27230,7 @@ index 0000000..03faeac + diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te new file mode 100644 -index 0000000..79f40da +index 0000000..60c3f9d --- /dev/null +++ b/policy/modules/roles/unconfineduser.te @@ -0,0 +1,358 @@ @@ -27429,7 +27429,7 @@ index 0000000..79f40da +') + +optional_policy(` -+ docker_entrypoint(unconfined_t) ++ container_runtime_entrypoint(unconfined_t) +') + +optional_policy(` @@ -42308,7 +42308,7 @@ index 58bc27f..9e86fce 100644 + + diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te -index 79048c4..a6a1d12 100644 +index 79048c4..262c9ec 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -12,6 +12,9 @@ init_daemon_domain(clvmd_t, clvmd_exec_t) @@ -42544,7 +42544,7 @@ index 79048c4..a6a1d12 100644 ') optional_policy(` -+ docker_rw_sem(lvm_t) ++ container_rw_sem(lvm_t) +') + +optional_policy(` @@ -49010,7 +49010,7 @@ index 0000000..86e3d01 +') diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te new file mode 100644 -index 0000000..e18f8c8 +index 0000000..2addd9d --- /dev/null +++ b/policy/modules/system/systemd.te @@ -0,0 +1,966 @@ @@ -49355,8 +49355,8 @@ index 0000000..e18f8c8 +') + +optional_policy(` -+ docker_read_share_files(systemd_machined_t) -+ docker_spc_read_state(systemd_machined_t) ++ container_read_share_files(systemd_machined_t) ++ container_spc_read_state(systemd_machined_t) +') + +optional_policy(` diff --git a/policy-f24-contrib.patch b/policy-f24-contrib.patch index 36ca74b..6e18f03 100644 --- a/policy-f24-contrib.patch +++ b/policy-f24-contrib.patch @@ -589,7 +589,7 @@ index 058d908..ee0c559 100644 +') + diff --git a/abrt.te b/abrt.te -index eb50f07..0523e8e 100644 +index eb50f07..d53d1e0 100644 --- a/abrt.te +++ b/abrt.te @@ -6,11 +6,10 @@ policy_module(abrt, 1.4.1) @@ -874,7 +874,7 @@ index eb50f07..0523e8e 100644 ') optional_policy(` -+ docker_stream_connect(abrt_t) ++ container_stream_connect(abrt_t) +') + +optional_policy(` @@ -69051,7 +69051,7 @@ index 0000000..fa4cfaa Binary files /dev/null and b/pcp.pp differ diff --git a/pcp.te b/pcp.te new file mode 100644 -index 0000000..f302fd8 +index 0000000..d6fdef6 --- /dev/null +++ b/pcp.te @@ -0,0 +1,297 @@ @@ -69213,7 +69213,7 @@ index 0000000..f302fd8 +') + +optional_policy(` -+ docker_manage_lib_files(pcp_pmcd_t) ++ container_manage_lib_files(pcp_pmcd_t) +') + +optional_policy(` @@ -113806,7 +113806,7 @@ index facdee8..ee9e63e 100644 + domtrans_pattern($1,container_file_t, $2) ') diff --git a/virt.te b/virt.te -index f03dcf5..913e23f 100644 +index f03dcf5..f7ed200 100644 --- a/virt.te +++ b/virt.te @@ -1,451 +1,402 @@ @@ -115419,7 +115419,7 @@ index f03dcf5..913e23f 100644 -sysnet_domtrans_ifconfig(virtd_lxc_t) +optional_policy(` -+ docker_exec_lib(virtd_lxc_t) ++ container_exec_lib(virtd_lxc_t) +') + +optional_policy(` @@ -115692,11 +115692,11 @@ index f03dcf5..913e23f 100644 optional_policy(` - apache_exec_modules(svirt_lxc_domain) - apache_read_sys_content(svirt_lxc_domain) -+ docker_read_share_files(svirt_sandbox_domain) -+ docker_exec_share_files(svirt_sandbox_domain) -+ docker_lib_filetrans(svirt_sandbox_domain,svirt_sandbox_file_t, sock_file) -+ docker_use_ptys(svirt_sandbox_domain) -+ docker_spc_stream_connect(svirt_sandbox_domain) ++ container_read_share_files(svirt_sandbox_domain) ++ container_exec_share_files(svirt_sandbox_domain) ++ container_lib_filetrans(svirt_sandbox_domain,svirt_sandbox_file_t, sock_file) ++ container_use_ptys(svirt_sandbox_domain) ++ container_spc_stream_connect(svirt_sandbox_domain) + fs_dontaudit_remount_tmpfs(svirt_sandbox_domain) + dev_dontaudit_mounton_sysfs(svirt_sandbox_domain) ')