container-selinux-2:2.229.0-2.module+el8.10.0+1872+2e18eb19 > 6 6_6 3!pQp)Tξ7]mtZ`f ]mtZ`o,)4Rl ڄh%TaqC c|s+3T7`@ڹDKjZ}>Od -6Zp:|3,U5 lUQRhu_.Z|UL* Y:C=ob-i֨O`Ts]MfL*"tLT<4b=l6|=SG{z3AYȳ5_(ͧդacnR:`oVTnѿ YV;LK]1mxyAw)wa=jנwP4u=dU 6X4ܢZx?V"~0\$o#Ow>B؂w t4VjR+L?i 8^/SMY-NoGuc(u0:VtO@ѰrYl^HwboXMZ2S7Onϝ~9.3576f6fb57cadb5be30fe51ce15a810c2475d9760892af4d73f3ebbbe57f2940f349d2edbb2668ed419e82709a670ab5b4c016573!pQp)Tξ7]mtZ`f ]mtZ` GڭNk1.6s ˹MM|H逿J!>ޙ_+e2SK4WBTUӄl ONF]fGUY{wGv}HVe fyRRU}xSފ It[;Bp˻72G2֖8Y\ t$[@~!-T&g 8b8=ĩԫ?p?@i`D10VN}jG,Pa@KLj6964S 5CTai[F>ޣN)uxz;h8cLmt6$vqWq}Ξ˃J J9:j~)zS{@ 6?idf3=R9{i?gpxaH1Qt!+]fJK WRN*piA!pzz2O 5kS&6M%p(?Nՠ!lR"!XXn ߱8, p->pIo?od< @ h CIPL t    @  T   l 8pS(894:/=gR>gZ@gbBgjGgHgIh,Xh@YhLZh[h\h]i<^jW bkdlelfllltlum$vmtmo_oholorooCcontainer-selinux2.229.02.module+el8.10.0+1872+2e18eb19SELinux policies for container runtimesSELinux policy modules for use with container runtimes.ford1-prod-a64build002.svc.aws.rockylinux.org }KojiRockyGPLv2infrastructure@rockylinux.orgUnspecifiedhttps://github.com/containers/container-selinuxlinuxnoarch . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if /usr/sbin/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then [ -f /var/lib/rpm-state/file_contexts.pre ] || cp -f /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /var/lib/rpm-state/file_contexts.pre fi# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -s ${_policytype} -X 200 -i $MODULES /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi . /etc/selinux/config sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types > /dev/null 2>&1 matchpathcon -qV /var/lib/containers || restorecon -R /var/lib/containers &> /dev/null || :if [ $1 -eq 0 ]; then . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ $1 -eq 0 ]; then if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -X 200 -s ${_policytype} -r container docker &> /dev/null || : /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi fi fi6frb0(: BA큤A큤AAA큤A큤A큤fffedffffffffffffffff8c04ac861d425e9947eb5bc06c3125d682dc981f6327e789ebe1c4eba0d856fc7fae14152b8ba0da99d2e5a4f0ae0560d8d5286b63a573231284445a99e8c24a9e4227f868d83af4473931cee518f866ed22abf972db1ca104c674038475bdcfd8bb85c348c013c8ae5d252dad0ba613b1ba609b1bc7cffd54d2ff144e1fda47c95d8badacc674ace0d2fed4fbee4d28d2a92799b23fd5cc30cfb444ee8896b71724330eae556d61248fca0b0920b1de3697d8cd42bf56da8d062a4265ed1b9f2aaad24c9578fa9575445ab4c5208b80b1226e49174e20bb2609de935466b9ba9eb7fd75efad4068dc1e00d43c6176477d13f5c759c1986174a340cb07b822119af286e5e19e15cffaaf7b29c745c800ef94c03d90ee90e0e8e18edc2ebf8f01280274d7f1512ce4677f123f310d300672d6872c3e1f3f13144cd5a03e85ba4b0a6fa6a05496c83b67185cb54805263c502181507d1ae899909090caf986d623dd478baf01b7ef0daf441b7cd616c79ea77eb8e9d2725976b9edeec3991e3d5f67de3bb8fb85b4531702c64fa11b1fbf1746cbd844560f2f680b862915f25d69rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.229.0-2.module+el8.10.0+1872+2e18eb19.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux         /bin/sh/bin/sh/bin/sh/bin/shlibselinux-utilspolicycoreutilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)sedselinux-policyselinux-policy-baseselinux-policy-targeted2.5-113.0.4-14.6.0-14.0-15.2-13.14.3-80.el83.14.3-80.el83.14.3-80.el8udica0.2.6-14.14.3e@e@ed@e@eeqe'e ddhd@ddm@dcp@dbdRLdd@d @c @cc_c!@bVbbkb_b<]@b%b@bOb@aar@a@a@a@aaa+@aaa]aQ@aI@aA@a'@a&0a /` @`9@`Ȗ@```q`@`@`N@`@`dd@`Y@`&m`_T_`@_%_%_F@__"_5+@_16_p@_5_X@^n@^Ӝ@^@^^k@]@]B]]@]|@]@]X]W]R@]@\M[[ͻ[[@[[Xf@[L[K7@["X[@[@[[[Z@Z?ZZZ%Z%Z@Z - 2:2.229.0-2Jindrich Novy - 2:2.229.0-1Jindrich Novy - 2:2.228.1-1Jindrich Novy - 2:2.228.0-1Jindrich Novy - 2:2.227.0-1Jindrich Novy - 2:2.226.0-1Jindrich Novy - 2:2.224.0-1Jindrich Novy - 2:2.222.0-1Jindrich Novy - 2:2.221.1-1Jindrich Novy - 2:2.221.0-1Jindrich Novy - 2:2.219.0-1Jindrich Novy - 2:2.218.0-1Jindrich Novy - 2:2.215.0-1Jindrich Novy - 2:2.213.0-2Jindrich Novy - 2:2.213.0-1Jindrich Novy - 2:2.211.1-1Jindrich Novy - 2:2.205.0-2Jindrich Novy - 2:2.205.0-1Jindrich Novy - 2:2.199.0-1Jindrich Novy - 2:2.195.1-1Jindrich Novy - 2:2.193.0-1Jindrich Novy - 2:2.191.0-1Jindrich Novy - 2:2.190.0-1Jindrich Novy - 2:2.189.0-1Jindrich Novy - 2:2.188.0-1Jindrich Novy - 2:2.187.0-1Jindrich Novy - 2:2.183.0-1Jindrich Novy - 2:2.181.0-1Jindrich Novy - 2:2.180.0-1Jindrich Novy - 2:2.179.1-1Jindrich Novy - 2:2.178.0-1Jindrich Novy - 2:2.177.0-1Jindrich Novy - 2:2.176.0-1Jindrich Novy - 2:2.174.0-1Jindrich Novy - 2:2.173.2-1Jindrich Novy - 2:2.173.1-2Jindrich Novy - 2:2.173.1-1Jindrich Novy - 2:2.173.0-2Jindrich Novy - 2:2.173.0-1Jindrich Novy - 2:2.172.1-1Jindrich Novy - 2:2.172.0-1Jindrich Novy - 2:2.171.0-1Jindrich Novy - 2:2.170.0-1Jindrich Novy - 2:2.169.0-1Vit Mojzis - 2:2.168.0-2Jindrich Novy - 2:2.168.0-1Jindrich Novy - 2:2.167.0-1Jindrich Novy - 2:2.165.1-2Jindrich Novy - 2:2.164.2-1Jindrich Novy - 2:2.164.1-1Jindrich Novy - 2:2.163.0-2Jindrich Novy - 2:2.163.0-1Jindrich Novy - 2:2.162.2-1Jindrich Novy - 2:2.162.1-1Jindrich Novy - 2:2.162.0-1Jindrich Novy - 2:2.161.1-2Jindrich Novy - 2:2.161.1-1Jindrich Novy - 2:2.160.2-1Jindrich Novy - 2:2.160.1-1Jindrich Novy - 2:2.160.0-1Jindrich Novy - 2:2.159.0-1Jindrich Novy - 2:2.158.0-1Jindrich Novy - 2:2.156.0-1Jindrich Novy - 2:2.155.0-1Jindrich Novy - 2:2.154.0-1Jindrich Novy - 2:2.153.0-1Jindrich Novy - 2:2.152.0-1Jindrich Novy - 2:2.151.0-1Jindrich Novy - 2:2.150.0-1Jindrich Novy - 2:2.145.0-1Jindrich Novy - 2:2.144.0-1Jindrich Novy - 2:2.143.0-1Jindrich Novy - 2:2.142.0-1Jindrich Novy - 2:2.139.0-1Jindrich Novy - 2:2.138.0-1Jindrich Novy - 2:2.137.0-1Jindrich Novy - 2:2.135.0-1Jindrich Novy - 2:2.134.0-1Jindrich Novy - 2:2.132.0-1Jindrich Novy - 2:2.130.0-1Jindrich Novy - 2:2.124.0-1Jindrich Novy - 2:2.123.0-2Jindrich Novy - 2:2.123.0-1Jindrich Novy - 2:2.122.0-1Jindrich Novy - 2:2.119.0-3.gita233788Jindrich Novy - 2:2.119.0-2Jindrich Novy - 2:2.119.0-1Jindrich Novy - 2:2.116-1Jindrich Novy - 2:2.107-2Lokesh Mandvekar - 2:2.107-1Lokesh Mandvekar - 2:2.89-1.git2521d0dLokesh Mandvekar - 2:2.75-1.git99e2cfdLokesh Mandvekar - 2:2.74-1Frantisek Kluknavsky - 2:2.73-3Frantisek Kluknavsky - 2:2.73-2Dan Walsh - 2.69-3Dan Walsh - 2.69-2Dan Walsh - 2.68-1Dan Walsh - 2.67-1Dan Walsh - 2.66-1Dan Walsh - 2.64-1Dan Walsh - 2.62-1Dan Walsh - 2.61-1Dan Walsh - 2.60-1Dan Walsh - 2.58-2Dan Walsh - 2.58-1Dan Walsh - 2.57-1Dan Walsh - 2.56-1Dan Walsh - 2.55-1Dan Walsh - 2.52-1Dan Walsh - 2.51-1Dan Walsh - 2.50-1Dan Walsh - 2.49-1Dan Walsh - 2.48-1Dan Walsh - 2.41-1Dan Walsh - 2.40-1Dan Walsh - 2.39-1Dan Walsh - 2.38-1Dan Walsh - 2.37-1Dan Walsh - 2.36-1Dan Walsh - 2.35-1Dan Walsh - 2.34-1Dan Walsh - 2.33-1Dan Walsh - 2.32-1Dan Walsh - 2.31-1Dan Walsh - 2.29-1Dan Walsh - 2.28-1Dan Walsh - 2.27-1Dan Walsh - 2.24-1Dan Walsh - 2.23-1Dan Walsh - 2.22-1Troy Dawson - 2.21-3Fedora Release Engineering - 2:2.21-2Dan Walsh - 2.21-1Dan Walsh - 2.20-2Dan Walsh - 2.20-1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- remove watch statements properly for RHEL8 and lower - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.229.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.228.1 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.228.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.227.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.226.0 - remove dependency on policycoreutils-python-utils as it pulls in python - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.224.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.222.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.221.1 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.221.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.219.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.218.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.215.0 - Related: #2176055- add watch statement removal from container.te - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.213.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.211.1 - Related: #2176055- use conditionals from https://github.com/containers/container-selinux/blob/main/container-selinux.spec.rpkg - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.205.0 - remove user_namespace class, thanks to Lokesh Mandvekar - Related: #2176055- revert back to https://github.com/containers/container-selinux/releases/tag/v2.199.0 (2.200.0 fails to build as it relies on the new selinux-policy which is not there yet) - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.195.1 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.193.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.191.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.190.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.189.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.188.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.187.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.183.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.181.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.180.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.179.1 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.178.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.177.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.176.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.174.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.2 - Related: #2001445- update minimal selinux_policy dependency - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.1 - Related: #2001445- lockdown allow rule was removed - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.172.1 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.172.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.171.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.170.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.169.0 - Related: #2001445- Start shipping udica templates - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.168.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.167.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.165.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.164.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.164.1 - Related: #1934415- fix the build of 2.163.0 - Resolves: #1957904- update to https://github.com/containers/container-selinux/releases/tag/v2.163.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.0 - Related: #1934415- do not use lockdown class yet - it is not available in RHEL - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.161.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.159.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.156.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.155.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.154.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.153.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.152.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.151.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.150.0 - Related: #1883490- synchronize with stream-container-tools-rhel8 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.144.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.143.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.142.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.139.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.138.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.137.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.135.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.134.0 - Related: #1821193- synchronize containter-tools 8.3.0 with 8.2.1 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.130.0 - don't use macros in changelog - Related: #1821193- update to 2.124.0 - Related: RHELPLAN-25139- implement spec file refactoring by Zdenek Pytela, namely: Change the uninstall command in the %postun section of the specfile to use the %selinux_modules_uninstall macro which uses priority 200. Change the install command in the %post section if the specfile to use the %selinux_modules_install macro. Replace relabel commands with using the %selinux_relabel_pre and %selinux_relabel_post macros. Change formatting so that the lines are vertically aligned in the %postun section. (https://github.com/containers/container-selinux/pull/85) - Related: RHELPLAN-25139- update to 2.123.0 - Related: RHELPLAN-25139- update to 2.122.0 - Related: RHELPLAN-25139- update to master container-selinux - bug 1769469 - Related: RHELPLAN-25139- fix post scriptlet - fail if semodule fails - bug 1729272 - Related: RHELPLAN-25139- update to 2.119.0 - Related: RHELPLAN-25139- update to 2.116 Resolves: #1748519- Use at least selinux policy 3.14.3-9.el8, Resolves: #1728700- Resolves: #1720654 - rebase to v2.107- bump to v2.89- bump to v2.75 - built commit 99e2cfd- Resolves: #1641655 - bump to v2.74 - built commit a62c2db- tweak macro for fedora - applies to rhel8 as well- moved changelog entries: - Define spc_t as a container_domain, so that container_runtime will transition to spc_t even when setup with nosuid. - Allow container_runtimes to setattr on callers fifo_files - Fix restorecon to not error on missing directory- Make sure we pull in the latest selinux-policy- Add map support to container-selinux for RHEL 7.5 - Dontudit attempts to write to kernel_sysctl_t- Add label for /var/lib/origin - Add customizable_file_t to customizable_types- Add policy for container_logreader_t- Allow dnsmasq to dbus chat with spc_t- Allow containers to create all socket classes- Label overlay directories under /var/lib/containers/ correctly- Allow spc_t to load kernel modules from inside of container- Allow containers to list cgroup directories - Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.- Run restorecon /usr/bin/podman in postinstall- Add labels to allow podman to be run from a systemd unit file- Set the version of SELinux policy required to the latest to fix build issues.- Allow container_runtime_t to transition to spc_t over unlabeled filesAllow iptables to read container state Dontaudit attempts from containers to write to /proc/self Allow spc_t to change attributes on container_runtime_t fifo files- Add better support for writing custom selinux policy for customer container domains.- Allow shell_exec_t as a container_runtime_t entrypoint- Allow bin_t as a container_runtime_t entrypoint- Add support for MLS running container runtimes - Add missing allow rules for running systemd in a container- Update policy to match master branch - Remove typebounds and replace with nnp_transition and nosuid_transition calls- Add support to nnp_transition for container domains - Eliminates need for typebounds.- Allow container_runtime_t to use user ttys - Fixes bounds check for container_t- Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t.- Allow container runtimes to mmap container_file_t devices - Add labeling for rhel push plugin- Allow containers to use inherited ttys - Allow ostree to handle labels under /var/lib/containers/ostree- Allow containers to relabelto/from all file types to container_file_t- Allow container to map chr_files labeled container_file_t- Dontaudit container processes getattr on kernel file systems- Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container.- Make sure users creating content in /var/lib with right labels- Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc- Add support for lxcd - Add support for labeling of tmpfs storage created within a container.- Allow a container to umount a container_file_t filesystem- Allow container runtimes to work with the netfilter sockets - Allow container_file_t to be an entrypoint for VM's - Allow spc_t domains to transition to svirt_t- Make sure container_runtime_t has all access of container_t- Allow container runtimes to create sockets in tmp dirs- Add additonal support for crio labeling.- Fixup spec file conditionals- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- Allow containers to execmod on container_share_t files.- Relabel runc and crio executables- Allow container processes to getsession- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/sh/bin/shcontainer-selinuxdocker-selinux 2:2.229.0-2.module+el8.10.0+1872+2e18eb192:2.229.0-2.module+el8.10.0+1872+2e18eb192:2.229.0-2.module+el8.10.0+1872+2e18eb19 2:1.12.5-142:1.12.4-28 selinuxcontextscontainer-selinuxREADME.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2templatesbase_container.cilconfig_container.cilhome_container.cillog_container.cilnet_container.ciltmp_container.ciltty_container.cilvirt_container.cilx_container.cil/usr/share/containers//usr/share/containers/selinux//usr/share/doc//usr/share/doc/container-selinux//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages//usr/share/udica//usr/share/udica/templates/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2noarch-redhat-linux-gnudirectoryASCII textSE Linux policy interface source . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if /usr/sbin/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then if [ -f /var/lib/rpm-state/file_contexts.pre ]; then /usr/sbin/fixfiles -C /var/lib/rpm-state/file_contexts.pre restore &> /dev/null rm -f /var/lib/rpm-state/file_contexts.pre fi fi #define license tag if not already defined/bin/shutf-8a8a6ae07f972c17a289e452231b219b22abd71a95f9d6edaabe8d196bdf1265acontainer-tools:rhel8:8100020240924165032:82888897?p7zXZ !#,] b2u jӫ`(y0ߗs+/=fy9.Dzr!ta9C=h $aRuPQXЎt LrP[ ߃^M8C ɱp!Ƕs(2u8xHH,>ʞyU-qB.!t^lCJgnE#>B紴E28ӦB M-?*Fڝ>o;yᛄyj _}fH[-zuG3&Ls,oW$wCpXuF93+rH8n>E?9cf1mHc! HJ0u>\ĕwcoWC/W:͢'e_߲iy"ހ$ ?|<*gDs3hjߝ"ZL 9.b~N3@ nTDM dRgߋ[ jUJHI/E6s'*\քece@A&>rU2K&`U.oUFFWtej^ߩ3h,UUUOD%& it7Ιdsk_#{yMvgf}l#(5^"ͮݓ)> W>pv` 1 dYΒA 8hYȂ*ApмdI3, 0Q* /e7?5XmcJzzv,Cs$U/ q&M1`;3AOqUp㕌 Q#^0gd °x ?'r<^!6?LUUO뉣A )YS,`XGWP;FWܽ`k!lgc&I"4BunS Kp4 05/Hp2=ӓ7F_;."K%VBlI'ߍ) myT,>98\AI,yKDatq vAiw;>pxf;v6YW$q?+bF5qҿIX!9uE`gX8ܙjtBECg1+F8=$ɅVA:<մKcKLb3c=4$Ur <@"A'\:|ß{ЅWPhM÷S낈}gF?Г}꺄n܈", 8Yx}hTmM_<^AT=5[,$&4l}3cJ Y&%-A}veA3ۛݩKjG]pmNǸu] ScSIOA[ՇE Q  j &-|0Q kiefy2?Y qazNtAƩ`$Cz5z[ ڿJ'+ <넋n%|{jVLr<ebT=3ǨCla_%kFM͙ovf mh}^hSA- {PKi([ ݡ Cp]TD1q^K+PDޜۅD7v,;+| 8cIF3H39?2OP kF/{]]j| .OQ4X+CqEk$sA]`A)x%?0QkkOFg'=hYWO9T0/;TNza@q{Fsb,Z#ZNj JJjON9x9A_wлwüi^,ֻ 9}jSijL/!X;,enTM$6g6BPzByd94Gq>1a7?]E65+:^8v^DxF~50s/39ӕ>U shԷ<0ӥJb8t\0Z=`, _$\v@ZHKPcq)tNb&q'U7ɜ囚s}Fxw'FK-se1"ڠ4FK9["sl8Kވ4 =l1nUЍ2:3VGh}/i.e.3 ۑ66%c ~7+Leib {\nsh?klYht< +#++Gp$&#>хf=K *7Ƞ h:$VXn "h`̄0 شg~a`%':.ػ)>('Z}S1Y j<#ZQYUpgT>CBT(FacN{G*_HDli'$MTE/M]ߣM }riNTeqc3lev)ltcQrl)5"h_/)}qwpBaL(|_~Bxyrщ4JY_#Pfv B()$\:MRǰ,1i%|}mY"JQ+"<34 } V2w"^\w74ߖ]uӭ[,p8ءy'`#ՆIS;:k0y2MfYX X3J]ҿ U[rFz4@TĠ.D~Tl}x ;vJ N)<܇s2E9c sM;,KycLl>'4VZ{ -v n`!`񼹁Y&`'|%`] V` ~d4b&J5Ȳml{ZoxVFݒQpaU*y`fli,ulu$խm)T 6#hc"q@V-۠,E@P ~2@vtCq,@mu153|.|B{)pY QH`Q.♊f8 e+uАӱ,N=K*Wvh'UN5isIh\q8y5}H3㡜m _ajF4Lj FT;)Rʩ#oJQ~$0azB%36pi-bkd&o@R]dFPɨ }f:;EA4k eLO^-#A)n 2z ߒsd!&Tj%@=ָCVZ\g 9zSP a䵞>XWöhAoc!Ǫ'{ 2[\`iǭ4# o˰/+] ̰س1pK~ {?HQ.aFUG8'$)Jה"Q BuD_+;2зGA| 8+Ѥ9ܯ&AghޟKI+)HrPZN8t~,'L]ϮEG%$l[885W㒣{r:/Wu~;hrۤ`O&k8"CA7l(xO.gZtwqsX2Jf=s{[@*υRu!pÎU/3R=Fe }a[MDUx;UK:r俹vP` L  #I[1*a7-s k4?vz!ni8 🥱~W"S3ʷlS;́*RTO `(o]CۑbTgۥ|η~//'\"B MޠBcvSf'F:-1ƙ9Nٷ,tCSL8y3fw5MN*E_<l,Â`cT!6&/e|CM"z$-0Y3P@h:$׹NH|7ZNn0xGgN.| T&Գ\^@$Am&`2mK4D }ϒ~~@`d1jW䂓$ bl'QdDi.; v8 ㎫鎝ձ~oZ-]lRb2#M욹gF$/Hˆ[8|u@t?*TPn&\XH\M)p^bѸ@t|`pLmD<=vkc Tqh"?%A`FU$@麩RM^Ȭ)Y2rZGkTt_ḓ=, $}` PYt9yv }L]~& (ɁG,B!$՞J3N /_Ol 4)ofYtCsizT-(`ש6`̆ѩ׽Ubhjǽ v9yGS"6nױ"oEˋԥ鐛6k굃[Ren ~\{Ĕg-1޷>gJ԰M xĸejET"H؎OjNHüj;*Cy:zN9)9=4$M]̚떔!_^J|͛Z;,< {5S+Y1'QΞOá^B0jϊU& -=L^,K ݬ*\ y0&JӒBidݓh[|2YE|\=c 2㟖B]txl@&2]nX .Ȼ+ScNm&!<LA~ 꺝g6^>u%{a{J`d c6,>72z7Ɩn3mA(Tlһwe\DMxKM;H.(\AAGgm5%_Oq)oIJ1!I)?HdWfCiOqYrm6B5aJnIP%ryw>!JmD-4}7t5hP-/G5=u^JLM$;rk@>L^uH O*15?HlrpcC'4(tR<Zr s$wF[Dza ?72Y^z?BX%l2?-t7ai?:"NѾEd/iq~㺒e,ěUy!…f3;9NmA/ q9?'OHZ̒ Z#wwzU<3%ۣ(TU\\k7[h;Z/ 7U^rQ>tUΩw ,A;Ӛ_0iyթeyK$7X픐9#CGOp)+V޻PVHK"ޛjU%c8Nbbӯ$ll)٨`Td4 |bÏO,6qL%h*7ٶ/ΛgHg_<׎#>< Xmw!z/#vS_il17o\?XC@yO)čdϊpV@)8o6T^/ RX]wtyHЍª&ﶭ9C @6::i}rMeV,pZ?X8 d)0}9oj# FSUEr$Kg WSks@H]`\'.o2+74(ҁ "krQBDW"ҝ}#s>LV So͛0ȍuS9\U;у _PHO^5Zcx'Bh'vAo59GN܈$S SmỊ !>:.(`zAv3<)uAF Yil/_vbmG7osJ2%yHWVhV48s3FaKTU*[a* wT,pܤRs}c]} tYLm`/ck(8)eU+k6FvgADs&ڸ' Ϣe>$-ވ<- A}(7!WӌEEA #/m -,z#HS)q.3呏S+YID&;b$D9T(orҿg asfMq'V rmLs#C+ 9Zec9~0CG{GdQ/)C[޽\hnK3k:=KJ3D%=!Wb=uZlK"-Q$l֋ .}OG|`.t@+5Xqi/X(?ұSE*(tk33i8, F`BR!)@=@7EN  !soYOTc|Mc?bd 4P6*\He80,'ڨH+/q]\V㇪ - 5E[f(ŀ9CCrP슗a UM }(D$VKYP*WҶ]bjaTExlx?oY -_o= U׍"4ߗI]M !3D8aױ)la}xżsXp"1F,ߕZ^d1QB# 2WÐzܠ8 OX<بWhV$9(0+AAeR$]p=؝.{;}5qcvSFtl- R~ pN`is Fn̰{hX }en?96e>G/d;1-T_o3C.c-j6mޫ,.9j)UJ\g?}{''#)Y2љVAJ&0Zoa߿$גfDHZRQBMTA_yV|T2ufiwQۑsI{̑6,_#PՂ"ӨZ~l髥g?4ɫBge(W6HіmZVvym@|^<ee>tmJ(j쐮0r_uF NB6ePއ&KqC߀6:bE&8,XM t n˼-窷!j n" $]X`GJEJ[,Mdi9.o5:3JJr`hXObs!ȭ,L.=uQK\T)x?P֕y \AuZ/1jw!Pms8$T!ݪkfp1({>.!20we8+NF85#BEb[bWB|z8,ܲ?q (TFoi5u_暨8k<45}tzm7"RA 9NlN-Q\ `BڦPMu7Sxk U.6j}gR=B{DIb@y5ϖsPJ;!HZT= ɔU_ k˾/ƕ/pX*JaaըLx4e#{8#tYàiS0 1)]vqIV z$UFu#aL ֜ Y@Γ.JPM!BT}-c(81i$i{mnەfv(x"ܡ ܙOIdوEpO23VȒb tmӲ^d35. \Zeb[,m`u,˜Ϙ,&mĪ,n J On}J+I+|k@ ?[uFr:hEzǮI:cd_Zarcv83_!U2C앟R,fў.\n" ê:R: TV$k#& .`7 e+6"S_I sB3OlP'=A&WdA77l}I t`CHP!ebY³CX6B% z~Ɍ ی9iN-͆8mǮ @~|xZxIxqG3n imhnfbpl0S(f ה3‹k 78$9I>s^e*51jD-=N|ژԿ(:.zYF.=[F*w ~cB V%Zy0dTݮ^䝼 ED0t^\a>l%4i ugȪ5vujZ|{Sӌư z"+S (YebC1Ҹ'E1t_uy*ZsֻNX҉j@_ Xq4/%>]cH~\>iX7zsy.D`WZoW-^^LQO 3-]Px3B_K Ai󴙄zΡk/RLau93JiZxEXoTII 1Ì C~)S w*IZ7-yjO&A2gldv{̩tbʨ>c;Ʋr)gZgG׆=~"2E\:uM|cνjSǬ0}q|Ӫs-E}h ?ˮr2[Ɵ+3 ,gi33%gR}6ë11kI_xч;ApIFjG0 ʳR3<<[ ⯸aGpƥ\:;~|~)SDb.^#yV>^1~O /3[f_Aᦟ/G8pşE]ؽK =:>N2 ̫2 W |qCs`Khpg#Z?nk1^ V#t2z]٢Sr .!XvBǀ|{=!b}gXϟߧKA^Q 1¹K=>;yA~XߞCQ#!ȋ&l@,AL`R$]c6q8;:':kkM&U]`!$Y~ M, - C/s NғlHӨ=rl,'|+s{#S5[ȶ,7O eW uaognYspُ,@j֕@E'94fQScL:Dmjdϔ ~ UQ+ejӑSRB9F.ai$>IG'yfEqLb} tSg K?U k\ _$S[ ^*K4Q($sgHgQ}jЊhR/)5r4CKo)N|Edw[h(zUwK4×4g󊌜a"AUyGAn[20>^dphGƬ?49lp*bqԘADƭOi]e9 Rj]3i2ŭ \4Mn3ٚX *\Hwnɀ*@d& yM0Vr@ѯC]ÃrAn.S]h-}$-vye /`W,3z:WsEmq"9p xxKCJ+ff3+t]b?}GaMQ[4mvHWM՝x\2:1s?[aN )8'Q=^z=AN^ U:H*{S#ƱL}!cÿ(h/Ph;NJ` h>KyrؓlAB9b%#YvNI9@W *_tKFbFTڂU۩ Q#:RTl~gc@xY`՞$ DO~E &R2~Pv1dKK52kC!XdO6o0 ?jur bh6yUc9 |R5O7hn1+iֳUm&u"h\ ]3MI:4+ ջ?`TP WW}en1넶,D %OBk>Sa. ʑL/DNp ٚJgQ73g ݊N]9sۘnYLP¤edtJ{mQ$R ,MխI%YׯqTнİꇬ5/wc-?"5GpelW:S՝7ʦ0Fo)?mǥ|PĐ㗚xQ *cdu#J8%"A; b*Ɏ ['(`FVUX2H4u@|Ae6p6ݢ>Tf9wԩ2r.G^^GIeB(=g_E߆-ďЛBa 놥+${% mcCbx`sh;7R611- r`۹V BJ&h%=BQi-Zg>p}wΪSqnKr,ȗ X(Zc;Gy|Cj;Z-I.0/(ajܹՏ5PSdz*-| +h:cMeq4v`?iWKr)`)F Ha>۫ʗn;/fp HKϬ JבG>?Q\ҺEKZ0x2v3%ke&+x\Ƥ*BlWk5!A{v@4!a.%RdaNdx9SyIO8pjut]{63S@ɏѮJXZO9uܞĜL6n|\'٠ǝ痥O4=='L:b򺊲˽`.W)̱[O,#S7ڀ|(ÅuB0-srN$oP N~F*ف7;EMTns8FGY' (7g)6xq.'+Hy:<ճ m#CxS4܄5v!\p_-L+LjiHܸ:RmA 8qgpI@m{OL zr*F h1O lf Hޏ 1JNkh[b53K y]nRI3 R몤 V7qZ#'&M~@ɠ3 y՜öM-CVX#(DtyRxu eRG{5]FJ 1p+.bj bPA;,"pi1w ش-ƽߜD}(Dr^z/R"WZE\1 jCFz2퓙STB-THYnJCh¢,D:m<^j- K{ͭd{CgB'hJ?cSЈNc@GeZA#hLJfҴڜ? 1=ôE=$t Uilo[Aj ^GV8!b&fOXqnp3^5ǚZz0v㚿D]Qe"BHiGQZ*oP4^t/Vݎ)}*0@I{zdCb Ch}1+ Hl8\%*=/`J"+ dF2~ clqj4@ԍ^n஢@=/1 -V~[ucy"T dH@BOlL-ARY>l7y6m! f:`lhc ձvoeeL2h`lH K'=MrS\4id1gճx8UzOcl4T\V+JhL5O!S|/Dݎp4'h;46bb[)εrV0 ,Xض.8 J?NFZC us @̪Bo7F2295Ǣg=Cer@ u>"{*%}O)ű Tp%_)ny8 s$jXɭlKi<\-PG3yF92Jir=9[Ր9s^JA!ijVK~;GFxhZ5DREIeفަ uMp7P 9ۚ7Χ9iBnp! ]Νp7ZGc 隴JaBj,B)B{iS)d6_Px< 5Kx# I\BM2Bx3k ݄MM( y{*7Ud^ŇSGv(B;mzꂤXfEv&;e/ko[ f;y+f#°/g6 M k n+>^.K4J_QFuvd J5GJ~#/D:ڑ%jy+l_UO?7q`0T_s ;2LEFD䫌d;6lXt}Ή?rx_!fAm$ϕ-QW:2~@]ͮGLkiS>a>n.*PFC^T 﫟Fa(S[>;4:HȃrS\WfR'qs !&@:aѧ0WBsx´c- 4VњG/NQv5g;3! AtDq="P3lf3Ho!)ҎXM=QfqԔIȿ͙fc`tΓU˘h tOI)K^p Wwv@*evI\PI@%fse؞-mǯ$$棱AD1 '4U7(QԅKU {z\Ͽh]xp5<7ڡ? ݦ_|-*壣鸩~i(8~Ӣ~'$W Y9 ՖDZˤ6{ĠY^i|ý{ھN&邍:jU cZ3f*_gF҆s SsTeP`f}nO2#.p-NٔjTr`sFwSl/,cpt:"ysmj=dA \)?XIҾQ0_;^+(p*c.i8q6{t .U#K3 .Bx+BDI8(ɅNB *Zu|GE5a1PLT |Π}Y0g5~8TfUw^ւit[h0EA`;1/K児=k`,!ҬMP :f NW4R\ѩ9?h/lPqeqn'[|>ZwڔHɷu2u,C^ {}cg;]w`+mb{ʭtKW8/vp Il;їr@ͨ8<%ªkw``Ti6lmC]\w@vw0sGfU7lKh'9E}qC5ET$]qC'5^*^1a5iZeV͖l] }fJg›"IT<#cF_0hMo0T5ǰy#`1NqS-n_gG1mD,MK椶1&a 1%bw *AYt~ H+`wZ-iYƁ"5,DF' ]^Loy}/᪑t&& #=;EJ Z͡jm>%se뙐i%i}YRPd*)1l qʼnq3j)F\> }rz VN\JqܢEe|6 ](3攦?IԱu_E#=肫~YTWYrO^zKKFCkQb@40oʹH@C}BE8}f6[c||@={ Xh}'ֹ|t&kh3 Á'7W=4`m^$/ ;}6p;LeMn \La`hq%m6hRl؃G\7 Tsȥ3@@4h;=4[;&)mTK@*MM>p]5000^7[/;;znӡq+NɝV"CrދG7VJ˚xp3;uTY>jLWF} l#MYLɷD@4zɏ3 b;hiXH߳kɒءc,!ZL*ŀ#AH=GrEP|o%IԥjRF?6+Z+1Mx@0ݲr<8^N;~{ xF^1ù(@,GW3lW[BFZ<6|| B478o;6^ !c%+JCTu{$" UmO]y^ULd x' q;z|N¨I̐y|Z,\ _+Jv~ݭx;B>h>umݖ =niu;Ea6Pܮr߻IdWw_JH?vUpA6,w-AvOŲVWucdUIO]/c ^V֧s֪, i|>˖-d7S&  pۙ O: :d;1g-ϙc^kc 35 ռ=%yd@gyQ" <Ѷy.L%{qͮ[U~S#5`ąr?sjk;8U%9;_c,]fifp 5A;Zl LЯ#D޼ v(obzO[>M]> =UW`U`{nC.*غm'M-A#M<: x?z=vIw1 1+ޤ0D˿5+$/8r<>=ϊk$yr.u%OI[_EMizXA33sj [| f;DQqđ=)1VB{)1vaoDzԋGoϴ# #k?ԻtA8 s~5Tl7%](S zW豠֌Qx|ȉ+ t <ONsbfYUSs8-#]D`8V^޻Ο릿̌G3`x$Pǝ+y K $WЃynH62nS` J 1uc߾4Cy2"jR1F7;1'S.y fu#ztZ%oj됬cVhyrDb/c\: د6GKMguPl J{ u6L{H *@I/ϐ[/$迣tX-L.;&(rk#+ֻ̛*7xXN\.1y:Q/6"u|&&kMWm[C&4&Iw@;_!K-<+O{dGqn]zĥvs[7K 3rU[z[MQ]%3yrFʚ_>)opzݧ,^kZ5a||L.`x &{W+*TԓJ%Sԅ եɉ:U;Wq˭Ky}]\gȰZY-AZ{lOlNc|E}K`u n]He՗,)k=o(&\+vO#d&nbD`9 }w=EWoA3Fr<+@8>*4L=4Nuw/ |5zHY3 ¿/P1о>gAׇ/;Yߎ46^ENoգk'.^JS_%!Yɉpo14^ݬ~( '5hle֡~݇'Y#/RWs'=;x.anpjQ (NM+K|es6LP]%ܙN(*NJٗ $ĿʥS=![:pRSIB Iv7O9 Xc$GSQީd6- W]3JdHugcMG k2[ddT#Kʐ!M/^sHJtewnA!!`Czn0WsU9o.B߸({@Gr#=?$̘67yKdQchbMxe[N|X..? O~$) :Qd׃ϗ4B /'V8^sgpGu$f ѶA?9+fW.UɁxB=tPڂ>\4]aP; j ϵ DXGw8bԶOlckXC"{J zֈ bPV -m3Y±qle/Ծԍ {_܍m <XƗ- x} 5h?(MlZVs^Nm+ILXjH 82w^JI#\26ƭ"">-a7{?K:(NrXn瑁PέptaKU5J-Z}5;aIl4GߒU C^j$YhTI 8駫r$P(!j;>V2!}BSγuD*1O_3*#tJ;A!g75 v_͗TɂrIuL"ڣU= />|*?uPTM2qѵWҾ5꿦"ntkѽlpyl>(!y+mZFŽFLʨFA & 8 k qӑ)ahTئpav\tͻP{cVȴsH^cxMĸ}w}bz9/yA$iUxNj28aTA6M\-Z(2(}P-y#m9zwjh0H_k͇Bed{i5VD{"ƒeGʁ$cT Iy7_Td6C>}A&|twY!3hP$fQ2(= ? wq_ ~ oH|$+VN)+gS)PY ,f i]4U^Ηݽ'ǫ|x7Zc^dٳ1֡`B**:}Z ]6C|f+n)c'Ya{1OT|ZA=܎70G:pkB)ɂOAn|*mX x&t-ܪZ\$~ќرp~pbcJ`F^?<:8f "bXN0gd:jW}ևlSb6ߗ_ZHLBOY0ɛ:sJvؑ]Ӏl0W|6,vH6ØɗM .Y  ׄ9VUGpK_͛ z˪ȍQÛqő_$ygnc#*U0Dx+D^O2>2΅w# W{{6°1aÿ=IQUOA{lW1g^íf9~S 6( D$ɾt Ň""|m} T&WnI8ai-BcD?Yɳ5y=h@hT.9r>M9RN@mN4*w r8,ҪZ7gM;NL^_7Trmyd%~@zVW]9Z-ieݹ}hW:#lR79|ƳhcsYOdgCL[;ʰ9? شI5 Qۑ'j,>\u(ča-[疡Tfs=T[/[S_hU=sY?Fld6ʝ4Ҭp(h8QkണT^ 2*4geQc]:-30vL2nдk( [ EXOM.CgsR[Dx" S150U![!O4| {eXrc32,y PCWy6 ޢWX[t-\C؛ [\J~'֒ ~Ybsفmo="x\ L-΍Ⴙsb=>[Օ!a4-t#!6N<&C$i'PT9JCbOa蘤*E7E:)}pDp|]LvFQHx$<")<0ʰUE)PJ+rql=7S.3jmj3yK(6a|3c|@ )$S w/p"kb)by&@@BnLV*jQw'kY5z<} -Uo4^cGqR^曆joT6ݤϼ*֒ul51%D?qnȐ(Jr-NJ(hxʕ6xi`¢AhXx%r}3c"qZcї~IQGaU.#Yqw`~nxq]g/-~KhldB-ڰߓ%?*بFXfZAHbl}u4cL;=^3`H:{Ӆ# rntZ,mAտo%~$ -6lƥ8hE4G葖XW& ȝs煸j_ X{0o y;avm{8bCȼqA׏nbxVuѳgAjp-|l}^KQh9!chJ6+ݜ&w؀x㐴eX 70yXB*ޔlZ *"U*uFkP?171hPml ԓ+~2_ y18U?˅o=И'Eq|Pwba؂R͹D- 0L"X|HP<+Qwn0Qw:*ؑKg,d=`>jQOGPJ|Y +L =u#n4 +=&I(D5Q5IfqW( 𝚫Κ5Rh1K5go gp¤\xQ5LWٞ.ێm~ 7f WWpf0Ul/(v𩀦q_8 ^0>"r3=0;+O'bN2EQZ#PM&WeEm[\/1.BbS@.,K!6t=X\n<1*qJ$5<_zyIuݟ,}<8&Vr/Fϑ ̔|6MDa gK\*8{_"-)M.&B/%##,4=?5Ъ(SRfrkoAIy£n%4J08\U{q3d#w9+%dx?YWqAdcu,A`}F),ykK5M &pt'"'-`k.FYE\+1=K2FJDq5~8@ҾyqWj1<a}6)J-P>BhTkS40"ŴAAԳZ>d?Q#v 2N,AodyCs:{᛿3qgL|N2M*~\$01{x/}O*Z02Fj$ @-zzRhrYqrkf^/0[wE]i3Rͺ;nu'p4G'^Ȑg8b:фXUkyA[%3=_M OG"m/Af\ mt|߰uy.{TAR ]}Dok7!=VxV<6N }m>wi1Z0ex5v6e̩TCøY2a]jwX!%'Q!`|K+!ﴶҹ$.S'9kW0^W˖2Dy>3- tg!WYP&å9] /Zݣs|6{ARc/k  %n9;3`ʳ03ԯ0.Q 2VD, N E $N6ԽfYà 8 skaN4y,2n> a{p5Ⱦ UEƛB=ƳΦCW>츪)a׆ZuoVnS ^HpZײ, X#B7t:C4(pK(r-`IӈB`Vy /]4Dfӛ~t ˦j:VPJ"rJ(r`#yc[ciL ڭC$ƹF.vn1m:\u/S D˸bݽRc>RIAP )kq",zâs,b,'/Y F$ա4No v"M u"CR!`PB& yO=T:ɚ9t!!Uj!wDbp] ^IfOt 53ry#fbH˅r/ |q2kHsX^$D瓠՛n{n4weHU)֓㝅O?0y~<&n?SpP $_m[C(Tv]Gx洘AEB\lCnosTW٠zw+Wz:~9T |crHyNzv!EwVwV uPh`9}'`99Z[Xr+1 fDcBTiM\rLpqe? v*b{x*w )FZL+>oq|Χsb%l[c.ʏ^zCz|eoNM|ΰt6ғ~NvB'2B-c ,m4^PN H!S(\Njf{cp\L䳋hŃol6({:4:F09I`GL.]kUaKz߃ІgƸ\~?-Zv/m_OolnI_i^'cUs~r039,ju]T26RQ+O()(=T820ཋu$A$4Xπ^I*,kkBl8$KSjˠz NUkϿcHwԻP.]x:`зN஬g^:_ZTh4""#60D=!)S>*{'-u |PK6 p_Bqʺq4̐ωmX 2/hk"_'Bk]g^f 73' JRPmjV/ң&tDm brcQ4ŴԢ.IiO-` _g<% *dA:4)yux^XU a?414 v5,~INeDZG>;)aA ߲ÌNĬM-cY j'mwGEhCl[3H r7Py=*SР<"8j]sN~5RlW_U*352%^k3IIe!"jjd?:2*ciiaE&FnM945'ioB\W6֮Ӥ~blRp1\"qFK(͸[P("YO{L^p$,0"F%dZGƷKpa._bʍLڮ:Fmy[QSl8i TSf^$0Rpձp@ϟ4p1JS%ċ_7|կ1¤k7%&^J#wFH4 !P!bx܋qu,E_HC^ ļ .Щ kF;$43?gGve|\D C} Z4(f4:\lq"s)8"[Zb)7`p~y Iš9B}pb(:N2I BU SPwm#rr" "K<%ػQ)ˢ:)U42L \(qbθJ q&iIyr걁h:beeB%#s !L*2`h3}gB1 #ջp2OÚ&2}Ѐ`ַM9ˉ2fߗ;1bNU̲Wz;tVY_F(euL]\x׋Gd՛2iVQ:{NG''tǟe; YZ