container-selinux-2:2.229.0-2.module+el8.10.0+1843+6892ab28 > 6 6_6 3!pQp)Tξ7]mtZ`f$ ]mtZ`>AH'>gཊ74gǘfG- )f]p(*2T!Ej1veqK>5Q0AFx ;P7%ۜR`Rp2TLՏq/@HJk6a]}n{#4=5Ke"X{W,@ ]OIRwF&U3oj&{hO.HSzH x\~!E/5p΃ _^|H@J3Q9Ҧ=-hOHjx2pإh B!"` Qp>Ge.>lX X`9kujC2) U4= 8vi# A|B%y(ap0 -d ^הԑ8!1$zX=V(+@RE(ZR-#۴{* K]\B}B11<FWt`w\C֜Uu7( |lVr1)B?d66b763d5ea7cce5d776e415e5798baf82e124cd6a005a543ed5b5e86587f2056bbdef11b29cc22e301b43162810cabf088230cc3!pQp)Tξ7]mtZ`f$ ]mtZ`(r.O?&px)0?0|߀/qř"ŵ6fAs@1+i!Gl[ODFaYXأv@Wsĥnwx/4 HuMTohԊ">'G!pAj߻/aD˺%^ Z!#oX ߣ%7\t 3^ J`p9f[\u=*w*ӳ8Ƙ 3^Og+gU5ns Vk gom.h,nkC6TPS{dSjL-O0PpI+9 l/GᴄD4>f< $7rjc<&l 5itSeH70ۡ#43 >pIo?od< @ h CIPL t    @  T   l 8pS(894:/=gR>gZ@gbBgjGgHgIh,Xh@YhLZh[h\h]i<^jW bkdlelfllltlum$vmtmo_oholorooCcontainer-selinux2.229.02.module+el8.10.0+1843+6892ab28SELinux policies for container runtimesSELinux policy modules for use with container runtimes.f!ord1-prod-a64build004.svc.aws.rockylinux.org }KojiRockyGPLv2infrastructure@rockylinux.orgUnspecifiedhttps://github.com/containers/container-selinuxlinuxnoarch . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if /usr/sbin/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then [ -f /var/lib/rpm-state/file_contexts.pre ] || cp -f /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /var/lib/rpm-state/file_contexts.pre fi# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -s ${_policytype} -X 200 -i $MODULES /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi . /etc/selinux/config sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types > /dev/null 2>&1 matchpathcon -qV /var/lib/containers || restorecon -R /var/lib/containers &> /dev/null || :if [ $1 -eq 0 ]; then . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ $1 -eq 0 ]; then if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -X 200 -s ${_policytype} -r container docker &> /dev/null || : /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi fi fi6frb0(: BA큤A큤AAA큤A큤A큤f!f!f!edf!f!f!f!f!f!f!f!f!f!f!f!f!f!f!f!8c04ac861d425e9947eb5bc06c3125d682dc981f6327e789ebe1c4eba0d856fc7fae14152b8ba0da99d2e5a4f0ae0560d8d5286b63a573231284445a99e8c24a9e4227f868d83af4473931cee518f866ed22abf972db1ca104c674038475bdcfd8bb85c348c013c8ae5d252dad0ba613b1ba609b1bc7cffd54d2ff144e1fda47c95d8badacc674ace0d2fed4fbee4d28d2a92799b23fd5cc30cfb444ee8896b71724330eae556d61248fca0b0920b1de3697d8cd42bf56da8d062a4265ed1b9f2aaad24c9578fa9575445ab4c5208b80b1226e49174e20bb2609de935466b9ba9eb7fd75efad4068dc1e00d43c6176477d13f5c759c1986174a340cb07b822119af286e5e19e15cffaaf7b29c745c800ef94c03d90ee90e0e8e18edc2ebf8f01280274d7f1512ce4677f123f310d300672d6872c3e1f3f13144cd5a03e85ba4b0a6fa6a05496c83b67185cb54805263c502181507d1ae899909090caf986d623dd478baf01b7ef0daf441b7cd616c79ea77eb8e9d2725976b9edeec3991e3d5f67de3bb8fb85b4531702c64fa11b1fbf1746cbd844560f2f680b862915f25d69rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.229.0-2.module+el8.10.0+1843+6892ab28.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux         /bin/sh/bin/sh/bin/sh/bin/shlibselinux-utilspolicycoreutilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)sedselinux-policyselinux-policy-baseselinux-policy-targeted2.5-113.0.4-14.6.0-14.0-15.2-13.14.3-80.el83.14.3-80.el83.14.3-80.el8udica0.2.6-14.14.3e@e@ed@e@eeqe'e ddhd@ddm@dcp@dbdRLdd@d @c @cc_c!@bVbbkb_b<]@b%b@bOb@aar@a@a@a@aaa+@aaa]aQ@aI@aA@a'@a&0a /` @`9@`Ȗ@```q`@`@`N@`@`dd@`Y@`&m`_T_`@_%_%_F@__"_5+@_16_p@_5_X@^n@^Ӝ@^@^^k@]@]B]]@]|@]@]X]W]R@]@\M[[ͻ[[@[[Xf@[L[K7@["X[@[@[[[Z@Z?ZZZ%Z%Z@Z - 2:2.229.0-2Jindrich Novy - 2:2.229.0-1Jindrich Novy - 2:2.228.1-1Jindrich Novy - 2:2.228.0-1Jindrich Novy - 2:2.227.0-1Jindrich Novy - 2:2.226.0-1Jindrich Novy - 2:2.224.0-1Jindrich Novy - 2:2.222.0-1Jindrich Novy - 2:2.221.1-1Jindrich Novy - 2:2.221.0-1Jindrich Novy - 2:2.219.0-1Jindrich Novy - 2:2.218.0-1Jindrich Novy - 2:2.215.0-1Jindrich Novy - 2:2.213.0-2Jindrich Novy - 2:2.213.0-1Jindrich Novy - 2:2.211.1-1Jindrich Novy - 2:2.205.0-2Jindrich Novy - 2:2.205.0-1Jindrich Novy - 2:2.199.0-1Jindrich Novy - 2:2.195.1-1Jindrich Novy - 2:2.193.0-1Jindrich Novy - 2:2.191.0-1Jindrich Novy - 2:2.190.0-1Jindrich Novy - 2:2.189.0-1Jindrich Novy - 2:2.188.0-1Jindrich Novy - 2:2.187.0-1Jindrich Novy - 2:2.183.0-1Jindrich Novy - 2:2.181.0-1Jindrich Novy - 2:2.180.0-1Jindrich Novy - 2:2.179.1-1Jindrich Novy - 2:2.178.0-1Jindrich Novy - 2:2.177.0-1Jindrich Novy - 2:2.176.0-1Jindrich Novy - 2:2.174.0-1Jindrich Novy - 2:2.173.2-1Jindrich Novy - 2:2.173.1-2Jindrich Novy - 2:2.173.1-1Jindrich Novy - 2:2.173.0-2Jindrich Novy - 2:2.173.0-1Jindrich Novy - 2:2.172.1-1Jindrich Novy - 2:2.172.0-1Jindrich Novy - 2:2.171.0-1Jindrich Novy - 2:2.170.0-1Jindrich Novy - 2:2.169.0-1Vit Mojzis - 2:2.168.0-2Jindrich Novy - 2:2.168.0-1Jindrich Novy - 2:2.167.0-1Jindrich Novy - 2:2.165.1-2Jindrich Novy - 2:2.164.2-1Jindrich Novy - 2:2.164.1-1Jindrich Novy - 2:2.163.0-2Jindrich Novy - 2:2.163.0-1Jindrich Novy - 2:2.162.2-1Jindrich Novy - 2:2.162.1-1Jindrich Novy - 2:2.162.0-1Jindrich Novy - 2:2.161.1-2Jindrich Novy - 2:2.161.1-1Jindrich Novy - 2:2.160.2-1Jindrich Novy - 2:2.160.1-1Jindrich Novy - 2:2.160.0-1Jindrich Novy - 2:2.159.0-1Jindrich Novy - 2:2.158.0-1Jindrich Novy - 2:2.156.0-1Jindrich Novy - 2:2.155.0-1Jindrich Novy - 2:2.154.0-1Jindrich Novy - 2:2.153.0-1Jindrich Novy - 2:2.152.0-1Jindrich Novy - 2:2.151.0-1Jindrich Novy - 2:2.150.0-1Jindrich Novy - 2:2.145.0-1Jindrich Novy - 2:2.144.0-1Jindrich Novy - 2:2.143.0-1Jindrich Novy - 2:2.142.0-1Jindrich Novy - 2:2.139.0-1Jindrich Novy - 2:2.138.0-1Jindrich Novy - 2:2.137.0-1Jindrich Novy - 2:2.135.0-1Jindrich Novy - 2:2.134.0-1Jindrich Novy - 2:2.132.0-1Jindrich Novy - 2:2.130.0-1Jindrich Novy - 2:2.124.0-1Jindrich Novy - 2:2.123.0-2Jindrich Novy - 2:2.123.0-1Jindrich Novy - 2:2.122.0-1Jindrich Novy - 2:2.119.0-3.gita233788Jindrich Novy - 2:2.119.0-2Jindrich Novy - 2:2.119.0-1Jindrich Novy - 2:2.116-1Jindrich Novy - 2:2.107-2Lokesh Mandvekar - 2:2.107-1Lokesh Mandvekar - 2:2.89-1.git2521d0dLokesh Mandvekar - 2:2.75-1.git99e2cfdLokesh Mandvekar - 2:2.74-1Frantisek Kluknavsky - 2:2.73-3Frantisek Kluknavsky - 2:2.73-2Dan Walsh - 2.69-3Dan Walsh - 2.69-2Dan Walsh - 2.68-1Dan Walsh - 2.67-1Dan Walsh - 2.66-1Dan Walsh - 2.64-1Dan Walsh - 2.62-1Dan Walsh - 2.61-1Dan Walsh - 2.60-1Dan Walsh - 2.58-2Dan Walsh - 2.58-1Dan Walsh - 2.57-1Dan Walsh - 2.56-1Dan Walsh - 2.55-1Dan Walsh - 2.52-1Dan Walsh - 2.51-1Dan Walsh - 2.50-1Dan Walsh - 2.49-1Dan Walsh - 2.48-1Dan Walsh - 2.41-1Dan Walsh - 2.40-1Dan Walsh - 2.39-1Dan Walsh - 2.38-1Dan Walsh - 2.37-1Dan Walsh - 2.36-1Dan Walsh - 2.35-1Dan Walsh - 2.34-1Dan Walsh - 2.33-1Dan Walsh - 2.32-1Dan Walsh - 2.31-1Dan Walsh - 2.29-1Dan Walsh - 2.28-1Dan Walsh - 2.27-1Dan Walsh - 2.24-1Dan Walsh - 2.23-1Dan Walsh - 2.22-1Troy Dawson - 2.21-3Fedora Release Engineering - 2:2.21-2Dan Walsh - 2.21-1Dan Walsh - 2.20-2Dan Walsh - 2.20-1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- remove watch statements properly for RHEL8 and lower - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.229.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.228.1 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.228.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.227.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.226.0 - remove dependency on policycoreutils-python-utils as it pulls in python - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.224.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.222.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.221.1 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.221.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.219.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.218.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.215.0 - Related: #2176055- add watch statement removal from container.te - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.213.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.211.1 - Related: #2176055- use conditionals from https://github.com/containers/container-selinux/blob/main/container-selinux.spec.rpkg - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.205.0 - remove user_namespace class, thanks to Lokesh Mandvekar - Related: #2176055- revert back to https://github.com/containers/container-selinux/releases/tag/v2.199.0 (2.200.0 fails to build as it relies on the new selinux-policy which is not there yet) - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.195.1 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.193.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.191.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.190.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.189.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.188.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.187.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.183.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.181.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.180.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.179.1 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.178.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.177.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.176.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.174.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.2 - Related: #2001445- update minimal selinux_policy dependency - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.1 - Related: #2001445- lockdown allow rule was removed - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.172.1 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.172.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.171.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.170.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.169.0 - Related: #2001445- Start shipping udica templates - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.168.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.167.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.165.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.164.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.164.1 - Related: #1934415- fix the build of 2.163.0 - Resolves: #1957904- update to https://github.com/containers/container-selinux/releases/tag/v2.163.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.0 - Related: #1934415- do not use lockdown class yet - it is not available in RHEL - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.161.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.159.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.156.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.155.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.154.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.153.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.152.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.151.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.150.0 - Related: #1883490- synchronize with stream-container-tools-rhel8 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.144.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.143.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.142.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.139.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.138.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.137.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.135.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.134.0 - Related: #1821193- synchronize containter-tools 8.3.0 with 8.2.1 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.130.0 - don't use macros in changelog - Related: #1821193- update to 2.124.0 - Related: RHELPLAN-25139- implement spec file refactoring by Zdenek Pytela, namely: Change the uninstall command in the %postun section of the specfile to use the %selinux_modules_uninstall macro which uses priority 200. Change the install command in the %post section if the specfile to use the %selinux_modules_install macro. Replace relabel commands with using the %selinux_relabel_pre and %selinux_relabel_post macros. Change formatting so that the lines are vertically aligned in the %postun section. (https://github.com/containers/container-selinux/pull/85) - Related: RHELPLAN-25139- update to 2.123.0 - Related: RHELPLAN-25139- update to 2.122.0 - Related: RHELPLAN-25139- update to master container-selinux - bug 1769469 - Related: RHELPLAN-25139- fix post scriptlet - fail if semodule fails - bug 1729272 - Related: RHELPLAN-25139- update to 2.119.0 - Related: RHELPLAN-25139- update to 2.116 Resolves: #1748519- Use at least selinux policy 3.14.3-9.el8, Resolves: #1728700- Resolves: #1720654 - rebase to v2.107- bump to v2.89- bump to v2.75 - built commit 99e2cfd- Resolves: #1641655 - bump to v2.74 - built commit a62c2db- tweak macro for fedora - applies to rhel8 as well- moved changelog entries: - Define spc_t as a container_domain, so that container_runtime will transition to spc_t even when setup with nosuid. - Allow container_runtimes to setattr on callers fifo_files - Fix restorecon to not error on missing directory- Make sure we pull in the latest selinux-policy- Add map support to container-selinux for RHEL 7.5 - Dontudit attempts to write to kernel_sysctl_t- Add label for /var/lib/origin - Add customizable_file_t to customizable_types- Add policy for container_logreader_t- Allow dnsmasq to dbus chat with spc_t- Allow containers to create all socket classes- Label overlay directories under /var/lib/containers/ correctly- Allow spc_t to load kernel modules from inside of container- Allow containers to list cgroup directories - Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.- Run restorecon /usr/bin/podman in postinstall- Add labels to allow podman to be run from a systemd unit file- Set the version of SELinux policy required to the latest to fix build issues.- Allow container_runtime_t to transition to spc_t over unlabeled filesAllow iptables to read container state Dontaudit attempts from containers to write to /proc/self Allow spc_t to change attributes on container_runtime_t fifo files- Add better support for writing custom selinux policy for customer container domains.- Allow shell_exec_t as a container_runtime_t entrypoint- Allow bin_t as a container_runtime_t entrypoint- Add support for MLS running container runtimes - Add missing allow rules for running systemd in a container- Update policy to match master branch - Remove typebounds and replace with nnp_transition and nosuid_transition calls- Add support to nnp_transition for container domains - Eliminates need for typebounds.- Allow container_runtime_t to use user ttys - Fixes bounds check for container_t- Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t.- Allow container runtimes to mmap container_file_t devices - Add labeling for rhel push plugin- Allow containers to use inherited ttys - Allow ostree to handle labels under /var/lib/containers/ostree- Allow containers to relabelto/from all file types to container_file_t- Allow container to map chr_files labeled container_file_t- Dontaudit container processes getattr on kernel file systems- Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container.- Make sure users creating content in /var/lib with right labels- Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc- Add support for lxcd - Add support for labeling of tmpfs storage created within a container.- Allow a container to umount a container_file_t filesystem- Allow container runtimes to work with the netfilter sockets - Allow container_file_t to be an entrypoint for VM's - Allow spc_t domains to transition to svirt_t- Make sure container_runtime_t has all access of container_t- Allow container runtimes to create sockets in tmp dirs- Add additonal support for crio labeling.- Fixup spec file conditionals- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- Allow containers to execmod on container_share_t files.- Relabel runc and crio executables- Allow container processes to getsession- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/sh/bin/shcontainer-selinuxdocker-selinux 2:2.229.0-2.module+el8.10.0+1843+6892ab282:2.229.0-2.module+el8.10.0+1843+6892ab282:2.229.0-2.module+el8.10.0+1843+6892ab28 2:1.12.5-142:1.12.4-28 selinuxcontextscontainer-selinuxREADME.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2templatesbase_container.cilconfig_container.cilhome_container.cillog_container.cilnet_container.ciltmp_container.ciltty_container.cilvirt_container.cilx_container.cil/usr/share/containers//usr/share/containers/selinux//usr/share/doc//usr/share/doc/container-selinux//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages//usr/share/udica//usr/share/udica/templates/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2noarch-redhat-linux-gnudirectoryASCII textSE Linux policy interface source . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if /usr/sbin/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then if [ -f /var/lib/rpm-state/file_contexts.pre ]; then /usr/sbin/fixfiles -C /var/lib/rpm-state/file_contexts.pre restore &> /dev/null rm -f /var/lib/rpm-state/file_contexts.pre fi fi #define license tag if not already defined/bin/shutf-8a6a27377f91c1a0e252435b36951dccc4c53ec919cac272086a470cad7aac993container-tools:rhel8:8100020240813083733:82888897?p7zXZ !#,] b2u jӫ`(y0>FN $;LNXg*rN|٦: >9G, CY*4JasP"N N?sӦ7/v a[5ǎPX]'vxAg+«K_mPSÑpAOJe9otdS B`bN-ǒb9Vަg'o^/0:eb<<הVĀ1lغd7@ gapB #H vrf#lv\ v鲫>}ل{D  )z.'rL.zz%T޼;)(X%q)JS?I6pqQshKҁEs K++ 9qvbc̏MP`p#V@o*t lvEa}LaOMi-?? ?1dv'kiļH ,p_M;yhRLL|<ike+F\Vn^/'DNӭ>Ѿ&WL:$9` @9+e?K|D8-B^ٳ:8*wQ)ष3eq{ܒPޣ_i,E ݐy?j[z|noiI6G@ ˚: xI ɉocLc61.ɀBOMT? F~(̎)/<*Ր 2@7h`Wq8t}HF><t%o#!/@+pGb" Fb}J*d|uz<,ZBjt2Q5'။ fI .Т/m:R}`~恤9^Y?H kC jj!0P)(eS~X[#kd'JVCE ~=A54HxT=36x6W])ht(Xmou:H( j5R-hقܸ&2*8+5o2.f)4J -RLZjM4U:,Yo:XKMhj(lZTo*UUqI6b KʔvOR(\D䊻b?[*]5L=s6LT.i!_|JKJt~s@7&CU|3\WL/oslQTl`mgj^v oSA΢uaA36S^j5x~֠4Lʨ)ω+Kpg)^&i#8Hf_+~9)^OXe ZgZ={+,2.#?]W:uJ/kbfZS]=^W KU?- ygO'(-I\)ͩ.I`!]#Ю}7$~vjNke3t2U }ПkagZz*el:ͧ[BQ6rqo L$]JOW#p4@ k f\kU1I$Aƹ6am&HBV4V#U" lMq(\ RWCBsg-:2a-nνf`ҲQ-d~kT FŒ''uqJ7*ڟO%Xz@$ ngӵ.hS06ARb"pJ@$BImaM׳N~YTODH4?u*/bqiÏD 5^_o$t‘C6!ɵyp}gvT2ld֨;)'^>+K)(Nm+n3 C1v_;YױJ gl%o!8hj$2]'B8 \[AvU\mUuNm/J[׬+khA`ʟ֘68?r.;gi7u7bBBM>A-Jl4 6LDw <7Z W=&cMc_ШnJn]H$s%d)!Mwkֽkh.{G[#|(nɮInƥU't*kuEjFU_bv*+'O9RH{T܆vv**6jީC^ڇv'\hFax:54zub/ȯP +N ,*zOQ{&14zB lY< w^6\yo'>6HkDтTL| sZO&]N *H,%Z@;ZEv6GmuhԌԋ(?;Y S0=– ZXzn3-Ýb%3X#۹Ϫ/^ցxq{ +t# ,Eqzޯ# Ϯ%>{?^=Nu$֣f|ޗGgiU[,jyzun}ۛ'G|? I,"9R>% (:G3 Q!cLG%QxO)ˏݣSZA{HeiuqDhe);,ټW!S: pWJ#;[cx8 '{Mp+ bo2ew!>fU,lu8l+EQNH5ި+Iүh8\B(=!wU89  ƭLon)͛,H@5H!ϚJGq)'-dM+߶HYaV׷ 1+wz6D =-)A= e ]~j/dLYAs0SdAK=GQ6v2vՈ""Ti*8e܄Fe()At|>_*rgžpBk>=⁚loVA8f&Qf+R75M|k-˙f@I/KU%B:>$9l0g([4tKcJ_Za]_, v d9VjR#^=e%e QU5T5& jdv# H`]xM5HJl.JmS+n-@K*!c:+W(/< ܊%TC[['Vܲ+&DP <"WMcu:jN[ EB1[~"9eа1͈kcZ,kM"LD#ɹx^KA>jZa1^aTtR炙*IegۚpJ>Kr{zG2[28@wh* Ӗ:ӵ%9^n.th=&JH6"BǵQ)L4kW'#ɺC Ƌk؋5rk6k@p)٫!12FQ=Pz6cy@5 |Naы[Ow/DCc8IcW}EzXe2Pc1覦?-Ljo},{l9|\6 $Lho& !W ,A,h<$aiAb~8 n ``P'|%fZx%H"gF)o0QaKZ[D)U_;U6EE^rqblJ=̿\Q-\'] ͷ'_WeuQmfbnW>$]8)/J7GVmhÁ{8p Wpؗ$0thE(ʵt =م-e0A75(ԍ%p<=k`csrQnph[ m=^IQ9"Aю7XoDG:-#˨&p2$~b!lXN/z9L7Ր؜:z̼ʆFvJG_V(t+ Md}(O-<>}DN]Or.x]rcz Z6enPy/Ux¨5D(,cDh L45h#zـEr18ܫY"b2ax''f&Ժ,q a aF.ESUNO킝64I~Q ٜ-\Ҍ%oYuElCttz;Vm7fX"кd"ݞ`45}-v5>4: \ f :zh LFQPt*ZP]*ix. 6V-D8WNgcO}\9r#:N&J}b+R[pA{>MQNh0-baϮD꼢9վm* ԮGdHC])eiɋr*+rEjs\'Hj;:#GO cv&W.S#I TMNf| Ϝ3ّ~,%ġ/NQO1Π٣\AH$itE,8Mœ#''4]]^,/Vkt3H=йwDF6v-1o_NiEl:Fvhloqqu G^:M]TH2֯"nZҩalPrV KpAm7rFA\ >殠eamf˜ahQe͝r4|uNG.>*Xw!^ʱ2x\-p=C_6I"Ns0OTbo"3Sf|jmlj')y剥P׬4"-ЀNj9hSw fƉM@ε()J:YPd;v}h[ސ"jAWh-)D^1045L[{cwX-%<8фgw56Wq♝ewqvOk>jזmu}o8ϓp &5TULB I )!xvȤt [$<,TY))wOrRPI>ï&\Vqz1ZS\rģSQ|YrW|`@MP\նcCl5{"0wiN֐R]Zq?c32jÂ| GB/[f94F0YxL^S08ԓM_B:,T Q TS0.ғq&nk98iKQ!9TQh=e/s,4f( 8~jNlZ8׮F(7쒖G4^.6oA|v(h1(@ FIeDyq;=|:bdT-MaAѶM &t-L(5-ຟ)02Q%f8wH`tɝre,$ @̧lDsd'.wlZ;ycShPë8k8݊>W/Lh5ϱ!bV* |rHsc_2칑R"F#^{aU#R!(y S !P<KZV,^2V?mWW5 zNwQHj`<"0JYR(M]V pkKj!#P=OJ4i- ,$ f.#ބLٗLu_VI&rxs,P4'a4YA}ԅdQ :o҈)2U 4֗JYLi}7I."m1 I)ugű;Yj# хH*0Sm,W&Xps6,\')o,/Fh3whILnk"q٫^osJBrn í/v\v0AN]{c1{.A뽀MW gtxW'(̐Rw@X7O:zh puf.Dhb32I#}TK N(X ՏYmĂ/N)㏩KO|ϗ`bwܕ4*-T#  &MF{lIa`NENOP[тX-H+"RhvU<1f@x&׫>(ߵW)?ӧ8@=DT" a{5OZnw;0L=~BͷcE#`+#$&OŌ 63$!bݱt9釩$0#;a9_JߎQKfB78/=9`Nb*/LFPe=OX{Z3p54 ʊ2Ct1+[;]X+I!L5'&];"S7%p۬n{N^Z*:ZɎ kXl 2[QTcBjE>:M'4FNfTQXpԇ@tW;ɷCn]1VЫ=Ĵw++rjMϮ}"=b~hVJ%BgϏc*IӟCTٮh]efKڈ}%fނI_g:wzuqE_Ѫᦳ^hkYgYr&`p=#*Ds~ባ f(eMRJFU!b&&@قF 韭ЖEŕ7+]ȋN2L|pk)Xi|E-!b@f'@Ǧc.%""bM*Ei;ss=g)MƼM,G~o?awT/ c˚y,`X NB|] . DƮ_ksMˁM'hP#X`J2`]GTuԤXn c݄վi"eFr0ΟQ Eci?Gt4w||6&=G=(" Jnv5 ؏Z `x /ME{gmFl& dWNՅ Z6a;D:B|S)/Uό'~>"rF(ɧɴflo(Hm hZ6+fmgdJ1%bKd<հ2t?QLW_ɇ6HΠE4U7_t|,X(0R< '35)NWA-Fe2[ aM~TEg@Q,aT>|Hsv@imEy:}_Uyɨ=/ ],e*\퍊 l~U168 %dZ13l,&X2c+{|9Ikb0*n;Un̤L2_3zRP;v@"c=22,O<-St.-z?DbdXg6a>t:ج x>(9gm>?)CYNk`5 HM6! ْ& Q mȔxdhLUܞ-(W5SHEِd=>Ѝ_*xD;9!7 GkuZ<oCrtIo!r|$S*'wJ^èX8}ґ\LuB.},ue自D/dg;qnfTa ]=l;v.c g< /}f-oh:C^?g1O(^'"?XqP@FJ?YGAI_#A kS8? {yQF1m Ň턨u3OL*nW1f%!*65gO#OTȺ6gVv*Q$$k9vw` } 5qfz0fb MWFҢ1"&bř4g:HT4h.Ym!뺲^Jy{k$4'L T^.`?a+1_'n{;͔~&y˰u?w2/bhb~ #fWGQNbRYb8=nIgrMuoL{J V*oy) ?׋wX,Fɢ`Jwݓ|'LP HdZkFp$/d(I_ oҢ̘zgN\*^ҢmMFT"BzYGksq-r9}bgho$a,d aiF>Ȓ-O {l2-!j8Jo~t,]?c9~ϬܘLhL|he`W6}~Tu1?A;Ctq &7Zc cQUO֧xܞO@`W\V[r"z $Fhz8s϶\XepE*Dh)>0pkv!otw!n]#\n?Oɑ D9O5ff)>z5ITPMG=]#oFSd]x}"oKAΤzHaԮ_=vжQ<8T꾷)buL\U{H^ALY;r;w4X"<ɍO9^ ۬{%c/pD@UZAזg:M Rr9Kk/Ў:Hpr֨ӀQsi06UU~> BIМL[ Jh^ {f7B6rBpu[`d&)҂|+y91Ƌose4@.S;-.~DGiM" ('-̟Is:ٰKqDJU#Gd70<^ab䌐cAQ/6ϸhXBߑ*7ίG'>w!(;OƶHURRp's[^]S t-F6/|!v|"uvh3#*kS*6 rZm|W lHvu*ظ%\',0j24mfbN$Ũ$\Ġ]fuNeB~.05H2{n)/Ϝ)&3jɫ4 *9TMEPmo*^pJ Z_@񼫰OL^}Ukv-n=Ʈ^kϬ*GGptyK W߼^@D\pީާVH٫PshFrܮZ Z}Ps7 ]i[v<++{W͒-e "Z@R=XWPfC9Bzihl;:w-k*iһz\W1V3/͇e K rQt~ 8 Ȧ =& z e̒FsQuf_1ķaa= `_޶M ճhE"vh$R(;\LC:RQOh\}3~e]H"-Z/XQռ}DftRl;Xݺ&'|E ,!_o* wVB!ptZŽ/ao a7a"Z$)87n\9dӒG׊BQtIY<`DyIbXKP~̅ڌ"N¤Zp)g>MEyXwS:\8MǺ!z,QQH݀tOhthV pOPzhFS?<_o#j s$4G:%QPjʍ3ռ:`멟utlG/֚e_@}SLq O2"9XtKx! ien!;D (7"Fx/]7m˪x8>?tfg 3pdF K*J"y`3n2pᣌo]U@㰃g{pj}8ՂV")fBu+'J|m7 Xe`PTLZ#l}ePST0gEkA\B8,wI1d;K XrwZ-ܘ^v{'w*ވQ1pfn2Ⱥq̛lq~#Eq"˜BlLǕ8`c$$F/dUv?lmQPsKѢ}Kka5i9%{3~ %~͡, Yf"ːǙc:nLyX#\#UֺgHs94RKonDVu(_c$q2#[5vnZut_K /Kc=V6/ZWHl-0R:/\ 䆟pD  3T 0=eq fRL],Sb(;v KxÏny!-"`Ev•=jqJ?nu`ikzSIRS@^[ke@/Ywr1SU{xݥDCz~,7ÈZLg 1Y~l$RɎ0k@ŀR,.`m]"7O ^UFM=\dQ4:dpFJ] Q>ؙo; 琧VUm5v10A|M[x)pF UfF gf+Zo~R#:v5ةmNKޔV6}̫E˪*G>9=ۗWX횫' *l'²C+iIe!8!]|W.έv%UR1"wJC,a41}i<~ gا(nlH Ւ$c}C%xb?cjW%k Գa=R[l NSn:sr6NF,w4&d=M0Xڋ./SW7{eb4B¿QʺF?J@t 3'/>-%wX]W>RR⾝u`j"~Ig%#|4 ~b3V" 6~f&퉮ރD"!9wBGG' Sgwjf1ƕnU;>AZhx @~78~˛?L$O+ g+ ry 0f2Ιxq?+.jDm-=s1sP3%i+/wm*$SJbmhM0UnlWO=r+0ǥLЬS̯D [khF4?޲oj=PrFϳfq w71rxѪ2\GGe7f1TqL>1oE H]*'7z8\8H.ʛ:^íG!Q1q~Vw˲,vMKt m@(sYsHj(0NP[oꑏz,騙\7Ry<(F>vA)pD jS ƀ#E (ם3 '䞾rl~9(/₵?Q2qňh,vpb*ޠK05z3TPL#LO]4:\u*v{N9je/>\|vIiƒ:-SARpW :g uUqeu03n&OљGc_[jZMIҎ5ԣSo;iO/hGM{;7R{[KBO͖^'r6CC#+ښŔC AiSw2g DcKHD|5L_~QA AS~+"bnA>́4.8Mw֑8ؘN~v_ivKh5>Pܬ8oXjOW Ys{VgAˡ9ELX"BGkG?S̞Ec44ʱ(` U#zfTB7ЪzVTߋʄY-Jx 67à/O71Mdwyas"ݧߗ#^U7W 0q,xLLsaA,\+#bF=q}>OPN!Rꫦ@H3Z{ā^!@9з<1yaG^ЁLH"n#eW x"9NB\Y2($S뀶 DQM@Y2J+"?gَ6;eWK PL#EaC0MUK)1dub~㢑^U L=|`|̡ @,I#3ZBMÎ; M@hR77ߺ2/0.E}_A"l6 &>y$;@>'Dm`< "k--!q=,Xe6elbD0{$8zA4\yjti. ʰTkJML({[? \$ZkԈFw$&z^=Tvp oWE jp\>tz5 PhvNc7o 0(]99Els a=19#z NN4.ѵl)?YLtAӗt9WHUr$2ޟoh3u!ir$/ZMÞ!b'秿'(/E bgCOHpH|j棆&h:8C ElNYQ=;Z*u#>fw#W? ѥKGּkBcc`Gi⻋mB+LˆCZzP#:H H3 ?=6кCS4CbCvh}u%{QbA rGvS[prѺa2,~У{og]]Cr6Vgq֜`X;>-*vaWT-ѝ;9/ ?LfNgҳ wg&:/{"'ן爿miHmǴz/-+EaB>SΓg?'ĩwHOTd\^&MbfCʹdY@z}^Ux ̋'=}NTg@k8FЦ>C7 +e~ mkf-E/2$9ɫ^ecz볬 $/ǀ}.>`\bJT қz5J:[a]+EsHeFXH;9x2'?TI)gK9Фܬ#*P~R0o\eҐ—A'5JH}ui)S?@$enp$g/0{M6dD|Dh0OF 灠Dۉ!NѪo? CO; 8 $v)ZLX9pmz}[D?^%v#K @#(֤R&@%%7&҄=_YEgrb]Jt๸4ŒlLQOhif; ^tu=s {kJPAZ$5DQ3eSuNމa#zҜ3X>_8Z,n'hIv+<[[/;[iD,F,Zy%uF&%T?޾Y^XX@}kw:fa̐?<&#yC=7NLe;WWگV}f>Ζbr374',#U|_ky9F;}q6GD߃Hj|fO(y2$W%DMhKd2>?.P 杵͆m&GzWG'{W'P3ugqRzCznCQWV^4hy}сkM$NUnoTla., SIBSe轗U Wb2W!~u{]:tH|A["8ӵgfdS[`N[: oY[@ O/;u?!/{H`W+50aI/.2#e#m`LCFzro%^;ڰi^Wz$R^`Ū݂ Ps {agmaTg8+5Y 3| m4M1,m[6ނnj Q7#rMɃ`AnZ59ﯴE5!po[~<_4^ixo*,Y:/f IZop1si 5WRMxs*&˟-$<2$37H ñ)j3@W}@*;~忞5Yʋsg> "A35+U[ZxJlzJhq؆)5`RSU䁾]I@8m&Qs56l\Aʡc~ň Hɱ?<P\rWG>gvljԚ{H&SnS;pk=G 4B|Y"*)eV/2BGEJv^*U5LsL/mE" "JQTf0G"?J]*`SNsL\ =,\G#fC{-Ev몵 (ř oƺ0c9e.̶f;5V'i=-ԟX>x뛂mٰŎCs2)GlXTZ+S^a.&Rt{Di(۔*!ztؕo+(hO'yaIDjMa7/:-^Oz.Rc 8{ I^I1\u9t\]p!32S ꔫxˏqRbB업Im8!K@O "gdӝ@jE̢ؔXP{%L>"yt_MzADb gY6L7G;Š}\I އ?cwT c|DLJPv{Up@p^nQ~,E5'si p4pmAv)4☝r4pO^^ !"_UCm]/ ۗa=IOdèn'8k4ǔc.@/dEoBq;p |N2$ ?M`gS?wū$q1lbn4Pϋ&6|^snJs<7$ 󪄱d`m{{wjwwIC +vr[GD AvaWW3:F wT@:)|;YS9c@RvͥCN?Pi)QM_gBh3glZ;udOd$l14=MݓKoKW}}S Laڪ} %fP D!{|V(Q.%1a'`̂~T{u *Q=зJq7y8,fmx56a eԞ>*AE}NOHe^x*>qclȀyhdIZ Ї:(CB9j sEI;1&aQo ƢҎhڙLJAu4zh LOvvRzk0g\!C|:%EǨu}r #u&~&7`?< [QZ-6%$sDhc_vOâGMATzz HXI)HKzee^*6<}#h+=pr9׻ \Jo!xo%t1{ǵ/[ Qpw߿{+#}-G6jY%C-nǫ,yNʾ?2p«D"ǸVЕGߟ0%0r`\ Bq>=9D}Fˢfc 5d BəqEO@L?ZV"@ᶠ)Gfe JfAQUAJ̈8[$l:/‡6jGB5*~F6~ٌjp&@l>TY֢?E^~kFفIl սn&i €E2{104)>'sBmM`;aZ6yuYJKt1+kX&+I|߰UD?k@<{Ԕ*2h8*qez;hv M'HRSF(en*xӾ D~v!=6lgГ/2B d -J?7g_f2dtLJ⓫tSx $k`t+O*2e2*NJ c2He!RJ3%GMД[ V淂y 8goĢq@bn5Vqi9f omSDNv9)+^ Zl?t3fJռ [ _'7dc^i-djÛr-#$$0'md[4kYsYwVciԕ?{P^).K 䌡zkh⃋&@Í*L0ʽ:2 Oy^_`OD=9׳_U3?|69ځ+\p /oORT6Y"NsT.i&9$^a˅eD ^zRPq*j\`ې90v.=³YT\v0;LoA2 K, T/E12٨{Fë3&)1 ;{%l0'n>|:Z7)~ +3aX5ҟwuwcgTH;0O[YS ~-=$G닷v5o-_L1[5 FK~'L0ӏXֹI4A3Iv.; mnb8R>Q1C6M} \1 eɬ^< oM靜Wo\ߺ[1ȶCGךYz{k=DW3NnQ3`P匉ǿ#71RAjj!vݫ:a$%ꐻ0g9>VѿcS w@!h6 "i 9?͎[{ ^ ͪt.IyV80#_w?W/k9ss3FeIUvotƠΕE]qK5aa?h|gff=2GrNͭHRqi]$dyuE1,V{ v<슒vf'qt.(SE !6)^ }' (3QCylmUogD)nbdqg~AJ"Q^n8l՜(`8 i9w/Tz?w_~}Y"4"/6brj<Vvp,J5ՄNƻdL3hfxYSdRm$A98D,}òߢ pY+WL4}ܰWxT'v/n.3jk|Bzjq) pnj_(;|YT_+HI2FO.}.?eaJ%ƣ%˔?j/Yܭ!!, f۩Хzml9@a(i:ݬq蔲 p^6dq=µXW 7{ v Ν'4&H!7$RuF3!h.=yoA#LA;+gGWw&!`M~OQ 7q:l?GN_mNOk6M\“R 0g6NMcfo` >1/UŚs,O UҠbP}\5:ϧ}`[%V\ 렲q.-\۠/_ XVeAd5'Tv]VeDp+˟no^s1߾Y Vobx!1-\~k"6Tq ClK+Vr`+~%+?w~itNf 55C2NnZV X(n8GiZhךDy@_cYׅ9!wTϴ jB#lUVgqܳȵd '=sΦJ4ZO7ՐQ!Ig%YǪ UBܶDLz*pTށRSf &ZvV[~F7G*[oE=TT+",>A*ѤQ y\Y_m]jgPLM猏3i@bﮭ X)7Kf{PbojB,p3'|9r-6H<;0_gɓ:nݖ:1uNɟl%dBUL[,rbo'IJvv7z.;(1ܑұnG$MKS'TMpG$bf] SݦMirbA/ŵ@eL"*8FDzn85.9}L-ϼ (A. 7 R= td\2 I=mj yh"9뮂'dQY0Xl8ȃ/Xɽ BRڈ/<#;H$vo4z*ێM sr tߺY9w0$A琲bh D3u$q?3ݱ#{KƧ_Kڬ0%+ENMmA69\Woqui]䙙Y˱gJ&0}ҏZkiPU teۘxl.PpnYB^&Yz}@:{ x\E+g/t_ηA79d܏ME@i9Hh ;yOTp+ڡ$;]&O-3DbkD*+u+ #{? jXqgA]NbX‡m[2֖djjWig>jb県%k9dFQjl "X kbMχckܐyȬG2߇Si~2Oh_\|*1Y:]r'%Țܡ:0`+ SR;{1 J}Y|``gƎ`tj.͆X7"x0ۅM1$#5n߈?R$VC5XfHW } ޷Q(ſ{f6{Weyb{3Z68'D" w4E3>iVs6:({t<{1Nv(ZGio ',3>y='ea،Xƃ+ .9OY Jz7?m &4VXe9 @#Qezf\@ߒ5gNBt4@~Y#DP3xZaHF/V/µP`vRhՈ @6pWAp, kyz~>< ?-&޲ӌs,UN [!DѩJ82pofx?g@ߩg-׸`@GlcUSq)O^.<:Wܵ{P= 8*9|*gnKTKM0$By$ Әh>a,5I+,nLSֵ~>;*?ckЧx&uԙ60nO-X.?{ 5>'hvA;1@RK^#T z f;e#46>BcT? ܽ7H/CE;I ڋe1¢_h3}m9[T b6='NlO^ Ƭ ,˓!#2elfthF?r`NrmYgHJRGMOihh`?oS|x yeWF|lٗT/E Fx@! BT 45P<,% q>UEW2NyvPB6YS[]Vl|xm]V"?8`8ՇY(@oѯjIZAor[%/*eB2p-}?jSε_~OMБnNJ5vP Q5,(P`),oDI2}X.v&aUxEQZ)?LbA# nh[%%/.4Szp36@uuyzw=M$$sh`+=u^:n茸qtTwC+CNR=zs˼,*eif$ ;T)D;"e:xS(+q_>$3,R. `ĉjDжNrn1rbl;F?Ԋt1hURU^enY%a]j̞BcjgyR ΂ Pa")Q8^EF׌!ѐ. - 8jLgPNEE'K[[0t6|ڏ޶_[&Glu#ʹtC{~ּ8|Vuf*tylg~<{NFSdPQ\%Hr$0'`;R0Ihh%:NSqjtõ_)eqT+lX{GA(O;uZ2{҉!.ђ2g&8KUJ.ҾSJɌ >D1Enhzi'4 5ӖwFU 2k٩U:3Im;C)h)(hz (,[*tO{P(Y^$<bKLPToSV$#ULj(@,CNfųgM+u2Tv5vw-jRmD#ԞD'ktT G%v+Wm7*]s[ ~2 biG6`᎖b/䂞CPTGM9i}J#Ɛd>l֘/0WR)PoZrb#;I$LMo8Ju֢dh "I8nߚ?fKd`kI Ȼl7Њ.#&diB8;F`L4NN~u G&Y|7<0 G1Gj=hs |b[AR-*yeKm]}iyBT%wBіNU( ;.Y 'f.j#kiq9 EW.zX\X֦ƅZ>bK*\]VҼ~IcG0qEVk^Dؗ I~%H kR{HtBT !V+ELRA+x2M{|Ϸ*S#VGpZ oe, .BE[wuQ%8Gދtn=gs`r+E["bٜ`'qMWG}WXGf7ۂP5O*(q\0g;Tx"0D^6͋v~Ez]ʑpXHQye>IFGKD5R)gyC(aS**NoGtbݶ._5"h-=Z(1">4'Xj ( 9[Pw\d=W@{kGHSK!3w;iuqj75vm!ibӥ/#6>4!m[b=;)U˧9߿w9fo)YWܪX7f+y& tOno(Ε/' 3N_x [`'4`p+T~H826{梆)XlҚ]C7ˀ嚄`DX2 {+덉x'?I>6qCmRS A[TGY4 E4@W_j1?x[e h,18Ǥ5ES:7"%,Z(ɕu\Biyh[0H}Va!#FEt>lH%q8/ٴڴI}ƶ#긡"wQe`؉L-o cs.!bjŜW_BՄ[>-JI.B<ffz[~?oqD$L͟?&a9Y01#H`uC' mI7hCLtww+YYPc{8J:{&7L;zeo[]v<;p3;,xTe.|-5ERG!~^eXM>atξJqy/ ^ӵ5 |] lԒ]PgIpa͢uq7lvÏ󅱀_c|Ha*a!NN ~ l6j C'ѩ`&i`#UF.UC)R[vCv[ffqtx!bԃ>/?oc9|dUӞ8GgEzj9 ,6fv}*8?'YcFcЙ,rD/LjIX ܬGQ29l#">)&dI^aѣ"TE4"䬵"`NnAɞgY;z 4`Z}X w/u|x{RT~7GSAH!%0=L5߶͓pSrb6yFk"C&J̣ۀ5=+aXgy#G8,Ϭi)zƃn=D9lsbt>sBvXfp>FJRڂXnLОchwä-)b֧msm>zt J4oƹ O6;B? y /׼7uf8ChCM\ g{8q.'[+x]̤̓#=C^\ g|x,v`kauEEq@eKW%Q|wA<ifKD+;|CIJA@vCUƬHNuRٌ<.pkF-aVu||.4<`g\ hPB/H!j5[ZXhJys ԬƦdrZ!{< G(yP̹ly I|6"q9Y"M(>gKwS 4k$tB=sg9&G0zA Od}}Jh\$E&-bOSftHmEހv %QXM O gęz.ZҔԣ;--03-Fb3