container-selinux-2:2.229.0-2.module+el8.10.0+1874+ce489889 > 6 6_6 3!pQp)Tξ7]mtZ`g ]mtZ`fKU\,H$%]S:;VP'IZBqAa.C15*r_졛ak]7@cBM?aX ^p)Ŷ-M\}G:[<}V"K}*3yJ8dѩܔAVi⮃4,F ZKnoe3r;!^-MaD@/ۊo~6ў'*nZ>'J\C/bPKNXǭqI˝ZӇ̜uj|/,ٴ˙ho"Lj{9qfROּct՚*_(x`rvyU dq؉[OSev-"Nɢ'6lHPe/BGg^(@e6S_THđfZ ^V܃|#Ay8ȶW.i^_{q`^49N=Xk-UDT;搚tdfe5c7f78aba09180f9d124d93319022a2ec7480828f09ced3fb44d3002e6fcfc540a666e1a547c5a7f57cfb1e20b1b0448623c8׉3!pQp)Tξ7]mtZ`g ]mtZ`J(p٥\ 0vT+֕ҨhT! qH%]%/j6|Xu--M3T: y_w$bτ¶6wm腿r{.Jd[-E߇$f-JΊ]>oi<,<8,E8&5N/ĢWj/=+osztn{EMqshA*ZJlCfpPu*,w8fbz.jW.=5l{ڴ^Rs6zgK@?|$ZP<z-P6]H*d'5I3 5!z3u@{ @)%iAOΰ,liH-(EsGS,[S i^~~}{@inH{,qˎb{W (-a> ȗo@2]䏻(+x?)PtBLQ>-F7B/>pIpK?p;d< @ h CIPL t    @  T   l 8pS(894:/=gR>gZ@gbBgjGgHgIh,Xh@YhLZh[h\h]i<^jW bkdlemfmlm tm$umtvmmooooppCcontainer-selinux2.229.02.module+el8.10.0+1874+ce489889SELinux policies for container runtimesSELinux policy modules for use with container runtimes.g ord1-prod-x86build005.svc.aws.rockylinux.org }KojiRockyGPLv2infrastructure@rockylinux.orgUnspecifiedhttps://github.com/containers/container-selinuxlinuxnoarch . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if /usr/sbin/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then [ -f /var/lib/rpm-state/file_contexts.pre ] || cp -f /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /var/lib/rpm-state/file_contexts.pre fi# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -s ${_policytype} -X 200 -i $MODULES /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi . /etc/selinux/config sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types > /dev/null 2>&1 matchpathcon -qV /var/lib/containers || restorecon -R /var/lib/containers &> /dev/null || :if [ $1 -eq 0 ]; then . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ $1 -eq 0 ]; then if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -X 200 -s ${_policytype} -r container docker &> /dev/null || : /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi fi fi6frb0(: BA큤A큤AAA큤A큤A큤g g g edg g g g g g g g g g g g g g g g 8c04ac861d425e9947eb5bc06c3125d682dc981f6327e789ebe1c4eba0d856fc7fae14152b8ba0da99d2e5a4f0ae0560d8d5286b63a573231284445a99e8c24a9e4227f868d83af4473931cee518f866ed22abf972db1ca104c674038475bdcfd8bb85c348c013c8ae5d252dad0ba613b1ba609b1bc7cffd54d2ff144e1fda47c95d8badacc674ace0d2fed4fbee4d28d2a92799b23fd5cc30cfb444ee8896b71724330eae556d61248fca0b0920b1de3697d8cd42bf56da8d062a4265ed1b9f2aaad24c9578fa9575445ab4c5208b80b1226e49174e20bb2609de935466b9ba9eb7fd75efad4068dc1e00d43c6176477d13f5c759c1986174a340cb07b822119af286e5e19e15cffaaf7b29c745c800ef94c03d90ee90e0e8e18edc2ebf8f01280274d7f1512ce4677f123f310d300672d6872c3e1f3f13144cd5a03e85ba4b0a6fa6a05496c83b67185cb54805263c502181507d1ae899909090caf986d623dd478baf01b7ef0daf441b7cd616c79ea77eb8e9d2725976b9edeec3991e3d5f67de3bb8fb85b4531702c64fa11b1fbf1746cbd844560f2f680b862915f25d69rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.229.0-2.module+el8.10.0+1874+ce489889.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux         /bin/sh/bin/sh/bin/sh/bin/shlibselinux-utilspolicycoreutilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)sedselinux-policyselinux-policy-baseselinux-policy-targeted2.5-113.0.4-14.6.0-14.0-15.2-13.14.3-80.el83.14.3-80.el83.14.3-80.el8udica0.2.6-14.14.3e@e@ed@e@eeqe'e ddhd@ddm@dcp@dbdRLdd@d @c @cc_c!@bVbbkb_b<]@b%b@bOb@aar@a@a@a@aaa+@aaa]aQ@aI@aA@a'@a&0a /` @`9@`Ȗ@```q`@`@`N@`@`dd@`Y@`&m`_T_`@_%_%_F@__"_5+@_16_p@_5_X@^n@^Ӝ@^@^^k@]@]B]]@]|@]@]X]W]R@]@\M[[ͻ[[@[[Xf@[L[K7@["X[@[@[[[Z@Z?ZZZ%Z%Z@Z - 2:2.229.0-2Jindrich Novy - 2:2.229.0-1Jindrich Novy - 2:2.228.1-1Jindrich Novy - 2:2.228.0-1Jindrich Novy - 2:2.227.0-1Jindrich Novy - 2:2.226.0-1Jindrich Novy - 2:2.224.0-1Jindrich Novy - 2:2.222.0-1Jindrich Novy - 2:2.221.1-1Jindrich Novy - 2:2.221.0-1Jindrich Novy - 2:2.219.0-1Jindrich Novy - 2:2.218.0-1Jindrich Novy - 2:2.215.0-1Jindrich Novy - 2:2.213.0-2Jindrich Novy - 2:2.213.0-1Jindrich Novy - 2:2.211.1-1Jindrich Novy - 2:2.205.0-2Jindrich Novy - 2:2.205.0-1Jindrich Novy - 2:2.199.0-1Jindrich Novy - 2:2.195.1-1Jindrich Novy - 2:2.193.0-1Jindrich Novy - 2:2.191.0-1Jindrich Novy - 2:2.190.0-1Jindrich Novy - 2:2.189.0-1Jindrich Novy - 2:2.188.0-1Jindrich Novy - 2:2.187.0-1Jindrich Novy - 2:2.183.0-1Jindrich Novy - 2:2.181.0-1Jindrich Novy - 2:2.180.0-1Jindrich Novy - 2:2.179.1-1Jindrich Novy - 2:2.178.0-1Jindrich Novy - 2:2.177.0-1Jindrich Novy - 2:2.176.0-1Jindrich Novy - 2:2.174.0-1Jindrich Novy - 2:2.173.2-1Jindrich Novy - 2:2.173.1-2Jindrich Novy - 2:2.173.1-1Jindrich Novy - 2:2.173.0-2Jindrich Novy - 2:2.173.0-1Jindrich Novy - 2:2.172.1-1Jindrich Novy - 2:2.172.0-1Jindrich Novy - 2:2.171.0-1Jindrich Novy - 2:2.170.0-1Jindrich Novy - 2:2.169.0-1Vit Mojzis - 2:2.168.0-2Jindrich Novy - 2:2.168.0-1Jindrich Novy - 2:2.167.0-1Jindrich Novy - 2:2.165.1-2Jindrich Novy - 2:2.164.2-1Jindrich Novy - 2:2.164.1-1Jindrich Novy - 2:2.163.0-2Jindrich Novy - 2:2.163.0-1Jindrich Novy - 2:2.162.2-1Jindrich Novy - 2:2.162.1-1Jindrich Novy - 2:2.162.0-1Jindrich Novy - 2:2.161.1-2Jindrich Novy - 2:2.161.1-1Jindrich Novy - 2:2.160.2-1Jindrich Novy - 2:2.160.1-1Jindrich Novy - 2:2.160.0-1Jindrich Novy - 2:2.159.0-1Jindrich Novy - 2:2.158.0-1Jindrich Novy - 2:2.156.0-1Jindrich Novy - 2:2.155.0-1Jindrich Novy - 2:2.154.0-1Jindrich Novy - 2:2.153.0-1Jindrich Novy - 2:2.152.0-1Jindrich Novy - 2:2.151.0-1Jindrich Novy - 2:2.150.0-1Jindrich Novy - 2:2.145.0-1Jindrich Novy - 2:2.144.0-1Jindrich Novy - 2:2.143.0-1Jindrich Novy - 2:2.142.0-1Jindrich Novy - 2:2.139.0-1Jindrich Novy - 2:2.138.0-1Jindrich Novy - 2:2.137.0-1Jindrich Novy - 2:2.135.0-1Jindrich Novy - 2:2.134.0-1Jindrich Novy - 2:2.132.0-1Jindrich Novy - 2:2.130.0-1Jindrich Novy - 2:2.124.0-1Jindrich Novy - 2:2.123.0-2Jindrich Novy - 2:2.123.0-1Jindrich Novy - 2:2.122.0-1Jindrich Novy - 2:2.119.0-3.gita233788Jindrich Novy - 2:2.119.0-2Jindrich Novy - 2:2.119.0-1Jindrich Novy - 2:2.116-1Jindrich Novy - 2:2.107-2Lokesh Mandvekar - 2:2.107-1Lokesh Mandvekar - 2:2.89-1.git2521d0dLokesh Mandvekar - 2:2.75-1.git99e2cfdLokesh Mandvekar - 2:2.74-1Frantisek Kluknavsky - 2:2.73-3Frantisek Kluknavsky - 2:2.73-2Dan Walsh - 2.69-3Dan Walsh - 2.69-2Dan Walsh - 2.68-1Dan Walsh - 2.67-1Dan Walsh - 2.66-1Dan Walsh - 2.64-1Dan Walsh - 2.62-1Dan Walsh - 2.61-1Dan Walsh - 2.60-1Dan Walsh - 2.58-2Dan Walsh - 2.58-1Dan Walsh - 2.57-1Dan Walsh - 2.56-1Dan Walsh - 2.55-1Dan Walsh - 2.52-1Dan Walsh - 2.51-1Dan Walsh - 2.50-1Dan Walsh - 2.49-1Dan Walsh - 2.48-1Dan Walsh - 2.41-1Dan Walsh - 2.40-1Dan Walsh - 2.39-1Dan Walsh - 2.38-1Dan Walsh - 2.37-1Dan Walsh - 2.36-1Dan Walsh - 2.35-1Dan Walsh - 2.34-1Dan Walsh - 2.33-1Dan Walsh - 2.32-1Dan Walsh - 2.31-1Dan Walsh - 2.29-1Dan Walsh - 2.28-1Dan Walsh - 2.27-1Dan Walsh - 2.24-1Dan Walsh - 2.23-1Dan Walsh - 2.22-1Troy Dawson - 2.21-3Fedora Release Engineering - 2:2.21-2Dan Walsh - 2.21-1Dan Walsh - 2.20-2Dan Walsh - 2.20-1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- remove watch statements properly for RHEL8 and lower - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.229.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.228.1 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.228.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.227.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.226.0 - remove dependency on policycoreutils-python-utils as it pulls in python - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.224.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.222.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.221.1 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.221.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.219.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.218.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.215.0 - Related: #2176055- add watch statement removal from container.te - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.213.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.211.1 - Related: #2176055- use conditionals from https://github.com/containers/container-selinux/blob/main/container-selinux.spec.rpkg - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.205.0 - remove user_namespace class, thanks to Lokesh Mandvekar - Related: #2176055- revert back to https://github.com/containers/container-selinux/releases/tag/v2.199.0 (2.200.0 fails to build as it relies on the new selinux-policy which is not there yet) - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.195.1 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.193.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.191.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.190.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.189.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.188.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.187.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.183.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.181.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.180.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.179.1 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.178.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.177.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.176.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.174.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.2 - Related: #2001445- update minimal selinux_policy dependency - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.1 - Related: #2001445- lockdown allow rule was removed - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.172.1 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.172.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.171.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.170.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.169.0 - Related: #2001445- Start shipping udica templates - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.168.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.167.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.165.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.164.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.164.1 - Related: #1934415- fix the build of 2.163.0 - Resolves: #1957904- update to https://github.com/containers/container-selinux/releases/tag/v2.163.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.0 - Related: #1934415- do not use lockdown class yet - it is not available in RHEL - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.161.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.159.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.156.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.155.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.154.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.153.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.152.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.151.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.150.0 - Related: #1883490- synchronize with stream-container-tools-rhel8 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.144.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.143.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.142.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.139.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.138.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.137.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.135.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.134.0 - Related: #1821193- synchronize containter-tools 8.3.0 with 8.2.1 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.130.0 - don't use macros in changelog - Related: #1821193- update to 2.124.0 - Related: RHELPLAN-25139- implement spec file refactoring by Zdenek Pytela, namely: Change the uninstall command in the %postun section of the specfile to use the %selinux_modules_uninstall macro which uses priority 200. Change the install command in the %post section if the specfile to use the %selinux_modules_install macro. Replace relabel commands with using the %selinux_relabel_pre and %selinux_relabel_post macros. Change formatting so that the lines are vertically aligned in the %postun section. (https://github.com/containers/container-selinux/pull/85) - Related: RHELPLAN-25139- update to 2.123.0 - Related: RHELPLAN-25139- update to 2.122.0 - Related: RHELPLAN-25139- update to master container-selinux - bug 1769469 - Related: RHELPLAN-25139- fix post scriptlet - fail if semodule fails - bug 1729272 - Related: RHELPLAN-25139- update to 2.119.0 - Related: RHELPLAN-25139- update to 2.116 Resolves: #1748519- Use at least selinux policy 3.14.3-9.el8, Resolves: #1728700- Resolves: #1720654 - rebase to v2.107- bump to v2.89- bump to v2.75 - built commit 99e2cfd- Resolves: #1641655 - bump to v2.74 - built commit a62c2db- tweak macro for fedora - applies to rhel8 as well- moved changelog entries: - Define spc_t as a container_domain, so that container_runtime will transition to spc_t even when setup with nosuid. - Allow container_runtimes to setattr on callers fifo_files - Fix restorecon to not error on missing directory- Make sure we pull in the latest selinux-policy- Add map support to container-selinux for RHEL 7.5 - Dontudit attempts to write to kernel_sysctl_t- Add label for /var/lib/origin - Add customizable_file_t to customizable_types- Add policy for container_logreader_t- Allow dnsmasq to dbus chat with spc_t- Allow containers to create all socket classes- Label overlay directories under /var/lib/containers/ correctly- Allow spc_t to load kernel modules from inside of container- Allow containers to list cgroup directories - Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.- Run restorecon /usr/bin/podman in postinstall- Add labels to allow podman to be run from a systemd unit file- Set the version of SELinux policy required to the latest to fix build issues.- Allow container_runtime_t to transition to spc_t over unlabeled filesAllow iptables to read container state Dontaudit attempts from containers to write to /proc/self Allow spc_t to change attributes on container_runtime_t fifo files- Add better support for writing custom selinux policy for customer container domains.- Allow shell_exec_t as a container_runtime_t entrypoint- Allow bin_t as a container_runtime_t entrypoint- Add support for MLS running container runtimes - Add missing allow rules for running systemd in a container- Update policy to match master branch - Remove typebounds and replace with nnp_transition and nosuid_transition calls- Add support to nnp_transition for container domains - Eliminates need for typebounds.- Allow container_runtime_t to use user ttys - Fixes bounds check for container_t- Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t.- Allow container runtimes to mmap container_file_t devices - Add labeling for rhel push plugin- Allow containers to use inherited ttys - Allow ostree to handle labels under /var/lib/containers/ostree- Allow containers to relabelto/from all file types to container_file_t- Allow container to map chr_files labeled container_file_t- Dontaudit container processes getattr on kernel file systems- Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container.- Make sure users creating content in /var/lib with right labels- Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc- Add support for lxcd - Add support for labeling of tmpfs storage created within a container.- Allow a container to umount a container_file_t filesystem- Allow container runtimes to work with the netfilter sockets - Allow container_file_t to be an entrypoint for VM's - Allow spc_t domains to transition to svirt_t- Make sure container_runtime_t has all access of container_t- Allow container runtimes to create sockets in tmp dirs- Add additonal support for crio labeling.- Fixup spec file conditionals- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- Allow containers to execmod on container_share_t files.- Relabel runc and crio executables- Allow container processes to getsession- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/sh/bin/shcontainer-selinuxdocker-selinux 2:2.229.0-2.module+el8.10.0+1874+ce4898892:2.229.0-2.module+el8.10.0+1874+ce4898892:2.229.0-2.module+el8.10.0+1874+ce489889 2:1.12.5-142:1.12.4-28 selinuxcontextscontainer-selinuxREADME.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2templatesbase_container.cilconfig_container.cilhome_container.cillog_container.cilnet_container.ciltmp_container.ciltty_container.cilvirt_container.cilx_container.cil/usr/share/containers//usr/share/containers/selinux//usr/share/doc//usr/share/doc/container-selinux//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages//usr/share/udica//usr/share/udica/templates/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=x86-64 -mtune=generic -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2noarch-redhat-linux-gnudirectoryASCII textSE Linux policy interface source . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if /usr/sbin/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then if [ -f /var/lib/rpm-state/file_contexts.pre ]; then /usr/sbin/fixfiles -C /var/lib/rpm-state/file_contexts.pre restore &> /dev/null rm -f /var/lib/rpm-state/file_contexts.pre fi fi #define license tag if not already defined/bin/shutf-8bf2b8512bc9826331e95d17342b6772b5144f0a511808b844a184e2b62ac07bccontainer-tools:rhel8:8100020241014084116:82888897?p7zXZ !#,] b2u jӫ`(y|9taT&xqФ)nJP[r\޶<*).Kxbn,9H7O)%37Bz!ظ_w/?@}H_+Hr"W yfe<\䀻S+-& &HM)[6%.x?Wm|_Ke21FtS-'WBtCR9wʱl=l}lxb*FǘUJ%!tV;o0Y~$x3ם-Vۃ:E6zapL^㛯r)`5@ύzAV-ԩ{ҙrgzևH;O9cO4dž_-,BP_ogc5FdIGrZJM yM~N7#R&?DcG1ǔ$Ocԏq ҸI$Q4;f3#I4d&8;]z{IrP% nWY{2q}3`?v |peic8E>7*a"HG*ss:~rP3~> cuEDzvC;9J$$c;"v v|ȩ ql ]mo%{X3ȫD >Xw' xtvt []!N"*Z+n?|r+oOnE%cFM(]NqI]M'm9a C2E_-eabl|j.xyj=x@f# ̧ga,4bB8 ?YϮYyX\ 2ho, ϽE+ @0Fĉ,r A?X rS7PӣSN<- U)$vڑ[VpA"jJu/.]$|P24F$<|'~aNv.iRGp+iHPE:OZU?W'B\ElYRQV;ڥP/dVA|L͘1-,״8TfN.pZ̡" Pu^c2wS Ŧd7m}ouʡvCHKJ(G;PŠJo&f1ĺx]pV vg!Ngb+t lG_ͨ֋fw] ۚ_5AHɚge:Mn/̈yޮU`뺚@cF<GxߍPo yu~,M7p'<2}u|ͷ0]?^&Ak6-* %S$zrŮ-0xfFu7ڭA9R EFiy9X1 sˍ"S1k-eܥo6Gߌ;H.Ac>+d:xH"20XSfPi/I4`X2v<^xҥ`a3Z5<ˌ #e{ƻ$p&g>'M-3b(:?|O-aܞ S՟#9Ή -k&ErWLOfF}23CXBS>0C'd&ĢrdD#f_\(lZZ%&ߪ @ɱ4 bȤ]nE"N? ]LӀ9|4}Qt G)ȍ 5 ~@"X Û6|1eYf6:S< h+Dt5d EזWF[sKԆv&1y9hܳ@BQF/]8̤TE>0눦/Yf5֍y0)DOC[S h >;G5f † {z~I+-jÏpÀ+ w'rcFD zHRyQ)jjDQ 8Y¯Nɦ+#s)ȩ7Fj1'o cgx8'?bGt x GAw2 QE90RtT(5Tͤ9id qy9Y\ :2|6Ͱ<+~YTZU0-Lb'<^$n;u~ˎn>R`8+ih1kz+4T.7-PmaXy J1.bdvlLcVz$ސ6!snw+9[g]&l8$0^$R2{ ]w|GW;w'T` uA"#M}OwYTA02^h7`3)= P1Xމ,f^2sg"BH s%Esֱ7+%%t7Yr^ ~jpax62|%82gwcp7t6F%v {vWi}r/- 2č6n!:]$uctG Iz׵'M|ʮ3d\TaR :N}}zU pZ3`ykL)d[*4GͶ | Ym"w=V_NAv U_a3qDSt,ǝ-Z@ӠۮR!;ړľggΚ3vjd/E:-(3%8W@d(%{h&hO[v9GΏ Gu`t`dM'J֕L!8oKk M6&`a\5`1 /ta{ RcF̵¯wDuJWl]U- \lqL2+wBb 3j3%Уghg>VpD"oSWK-,*'+t kO97 0ک^Fksg=ЊL{\D3Ηvu $"ҍΕ J5tE-va .zy !3RNa[g۝O'vmp$v)QŸ\s֥S_d*qQ~' `ɷ/Q[L&ʧȦk0oR"{yƺX4ANGpvA)ڑ"_vF|MpV&,U/Si:u1s\PO 7? *.pnZҸꎆ-am[ , zjItD HWB]'@Lבl7=pN ~UxEqefvVmQD=Hhuo܂h{7x8hA1D~Ukvp%PV'EZ8]A_δ;D'UL+Bώ 1 \͝]DSJɅ]p(9hvיWDmg?"vpqm<=3)Yb rA:yBffԧbqY((5(fs?\E^HHuczEhp`tlrKo}A{X-.7^Kd=MsX9W!%i%ļ=>pf1Xg~pNlW>EQl0 KZ6HaF!Z1ǪU?&dhʞ!i}d2#JBo*5\90qȊ`Jb<т1&XI̩7"/Dd:G?`M2ȤBi2٠$ >$\A#Y~^wg}+MV [AKyb wV#؃Ȱ3Os9QyR\ Sף$4Ify2 Zd 'oH2UCj*Zxj7kxw? 8ۡ~ NͤOk?n3ď*(уl_k7l ɦz*Bzrt⅕*gy%VΕk( rq<8'>͑x2vfln8ie3SNV > ._ iWl]H/݀1P'tN U9bq/aV&Y3bv)d#xx Å띀A./1fjƍ975;l%q.=`*W+ɪK GDic3\}F#|'aCTE_V&{|g۫Q zjU3-ike!Q"tNK=*LLuH!-WwUo!{bZesX%.J% oբ0c YƭG rj6W˦ X7ƯgP .e< =~7X \.ݺ*PdE -M]Aayqs[_̻.x*2RäQG3pA0!@Ua[Eu |oΰ_yK(!@rX_pbGSثd(jQڻ%ǒHi/+5dNf+B v?(Q87걼 {Sjng^ –(J4>c/ZoM`3v8#>H3ră{rj\7{P  kƼ0Bʋ=޽AeZ᷈}APS8Ɋi5VYFH҈h2s,}Wă9W=vQʶ:{n#%XQp;͊,ız{fN>}D~6 ^T]@*$F$NR)F*eY{ڟpRgdKkCͨ+:ej W\ %[ָ 5zBb%7y^ K ho.^# 3=S|Ԩvjx$w+5:[43% qsl7lOQW3I|cYU) siC󁯨O~>kr Hb{}|zq_@j[U3BPna˗`E(L\>v\Sӵ"}gV4}q/ޗrtu1e-).:?f ]DJB{̨NrU P-!ࣟ`ǗQ$QDcDmﶫjMlxVWztk(&ɅpvvCy,ܳ9\ !r4bjAre/-'@YpՂ:&S" qAMzJT:#Lچ8ʉQ7(k7QOq)3+ܖ02)hN8 HzN3cF, F,ֺl:ˇ>^IJW(gtbϷ j`_i\Kh˹ ~cl26ιLSԵGd` V9.V)s3+~aT:`™jKSOhڏ|_e;lKa$3,JLF*Yq?S%صp 86<:W1-&Y|6=Wz$[@.H&nzL>u EEfӁݾ@ !r\aJGa'S@kP&ϣ$3.;q-osŀI9UhS퍑H!bxPX 6 B0a^9u?:!}yC6cGhp;T5ǂq-̪?AD7O+|oE-\2ɯߨE$rsVoU9|1f.Zw+SV2Ha(|m>EnDW9ڶS&;пyyCNIѫԎHE 0JF~.9T}Oo*^D~s.9*ݭhFi1N}J/rˋZQ d0@ϑJ8$ .{͐L-1x b1\{<9 uH˸=^ӯSoFhRoa ' k^)h91ihOE}V^< LIJ8&Ss/t{Co#v ^ eeBINү(0l#&{ ~]Ph B;mʒTr4hebNX,>d%*_8oA??<]qlWcD@8f"H MF.t]%9!񗡟*I~p8Nhn>b 3=atX(yXsd{V@8-g-d6K-3"B,%qB>n_͐m0/v ]GD:Սur 4*u^g8p:hyn/8\q \Mrֺj ĉTS&5:7"u[>IJU}v>dJ8O<گEWNR8DmZc &z7l J98rr= ?䢽QY 9_vP13H%ojݨ)p|=3BO6_ $%^&W<  AǤC+1*ʫ)' bs.xQC`ڀ]U΍EiIU[<5-^C0J5m<-q嗔Hݎ&u):2"~t?hi[Wy*pZ>p=ڭGyUY[zKd⩳'&<_7{ٚ !?US7B=>)8>R@488OLX0⨉kּ W;hYkE$&} HBIB <̕% :7b. A塱vywc%31zcϮ{Of>givD93HϗսpM⢾:Figz4C9&jgۺ&Lȅ H.xS/K!9?&$nl6׹%Ū5`pT߉)N/˜Ƞ˰ZY2c4$k)WK=+g3@n՗)hlLH80@2 & Kzr@+LO"3!>gSQA p6>cvr.4G '\P!PI}jLw9bjNWn{VӪTyde@8H‘' ̺{眎x8Oo'͹d;Nfϑ&k~Xp5{G[ ?H $W\>:w`iܫfqơC/{+/c΍Ϙ!4ȥ5&ė{zV? L|uz1W[SW^8q&޳UH/RYWa𳈧̉څn\n1kllJ>-FS(*GovXg^I 09M׽iLnHF7L$GqO?E=蕱8WT.!_~j)4!# y o##򻧤fXhtFsjf4 Ztnb{-At?2M|1Y3#rrيr>[߯ r&UtqG :( DrK *?Ci4kAQ/ @ 172C!t]TB!vO[g0+)3s َa76!vepE.FN E;pD'sIѵIl<_eT{ =!IjQM] ?%*~7#H&䯾J0w=Z'D>^$j.l*?;諛'+}p'jUt\`Wqi氕ƆXHDv#bR29/qQeY#60bUbT>H5 8e_0Sg߄{P^hMeÄKVۮ=_#CbcL:@Srp8MpAJ̺ ~9=V{7*דi@iHcI? /Soba.ةesa#hltb37#+xS55k\v;-G'X% kg̯aTJȷomwKt=H]N4=(6A~4X9!}K!uoj)aub#?Voc\TwJ WjL)ךZ|*6Q^`Y:I޸6X R.W }!AQ]''2e{70'-,y'{W4\k].Z$n jASUR۾|uz}ِJ:IyVz,L|$Py@zmQK@]m7>HОLQʬ~dNE0,#QtǗPNb;b=T/VuFyG!;u?砢>i pЂCDQ6%~HP{#T|ApU; ^D"9ECS Uނ1K`=c6 pr{gsE2FJn-^PXdhY|jx6U5*F)JJuDVi jl-+S _0ܬxcZce1p<7:ZNb*cTjf\ P1;[Eo"y7is^ \`4/t _Ԏ׉QBgh?V !zUせ O [mA "&W:K(\p,]{' Vbk7E0KnvB8zZc^j0WMQ>exH?Vh6^Hki@Rtu3!>lAudPf0fIKCG){nk8.VIkEY ަI_/X4lx[--_~/;NR(si!B;isZ<Q!;O!p%0u[Fo#/h'm-GHE g88vt;:l$W;4c&7 Kp8V co[q}}lɦ 6UhC " k]犝{w;ѿd9B>,KWTz̑ʅ.YBԇiH<J1 =3iƝ `qy(B|/Yl=f<#w )L+#>r']a`U۹>YB^\/90Z(§q[?((? VJ{VmY&FnG}>L68C4cJR]vZT␣_%4-ҁqqTVh]s}*K&4Q6'xIWOͶB;"?EYh W:B˳nYg1}ڣJ2[EdJ] (2J۬'\R5m'FƩt ~Iolc4%z[7xYE&,[ .4yi>(9gi* ;S5CأPE&#$9a'g!h 'Vo-2.uKZ)RzV%FAbd"GM(H˜awp\ Q[!H9zd`7Zarp8J½T!7Tck͜ M&e<;9~x8رG;` sqlqIw-䧱UխUUI.{H3r]LX` Q'shT-=:'\:߬:%!ZJ,qn|>!N>*DK<4:㸩YJzv+{Sb=} 5Kşp( 5r_$ܖk8u`x+S*mPj$5.ܙO4& NM" 6w`6_o$Q *-sv?^~00xe*EǝDΠ~ڹ pJ'}ԯ> };ߢ{LYbUr GCJwzQɇG_ 3mJ i fVx;a> |jطH!},K,S q Q{nV@3doggݘ|[c2O̡^[BC*w&^m,7/@ںfM&̌-&4=3[5/b&j,i.-K%\J{xIVU8 ]fμk:f8/!Qgv~SQT#NJƒ^R em%@4a0>֙/0Ofgqp{s 4fcd&33V wˇzj(;dK֙Ҝ .[I(ç $8xq2F-qg7];L` >ƾwKSHd5XɡZJܪ+ž GR kyNlQEGv\/ ʚ\6bRsWL}q/&$tN3SW{%ۂv8é%KUD9ĖA +9$bkUg]~!1vʬx5iPpd-Li ~J 1QNGC/FaX=?&f&jް2 '9b `@YT֨#L:%)01Rwڑak$j~b5PZzls˺UVA) =N*=[VI~N9a|wڹ86yO Md' 3HjoM/q;{wXuh&kta] +6[c.`z~]&(М߾SRezU)PCqdk=/<(Y@v.Kw?D-VE.o@jx<)MeWU2j1>c0'8e_WϴߵN#mG^>b`wT[{m@$<d~Z;N,Ka&'kViûNʡ35 Bu@~w$JK76 ~z4.,U;1PJvq.1 6~D𿰅rC݁PwP C򖊔?wL\|Kٜ@5ΑܔEE fHH2bOSUD# 7rQ{1g:mLT)SvG_C-)tw5rQaI`[LS8tNTZA73O%A17o4)hY[5z<"uE PtO-Oԃ7T+4)`.k!^FFbƱ>m. $"SSҵ7(1fW`kߌo~w愄rcvAku>`]zb!s9ؽ69KZMj}1^qkv3TVZrP͡:8"#2ŨMGOo 㥌-19IWޚ=\[֓0aM-nP@&i&N϶(<9Sh{":s#j AK@iH X(F_0AN)~錜9HVt6Pӽ[-ݻ@/ F|,*!1"tz Y{3%ett15|FA.|/|cdAҠl;=n{c0#s- a_۹ M$O$WΠ?`Y:x ZHtgb$Fɑ:o:^˖QI(EOج9fXYי*4n(✢5]y;u+Pi$m)ÕU~̜(o42uw ÖPh8_kOvU< UtTFhA]\ᗪ޳0NOi%[*ow {BY3pI}AgyoQv#I x?lJ66Ȉ4EۜM9P+QJGI'82uw5%o4_JM,4h8_VٺZݼ18V3 /X]4@\;ԗSԌ-9xbHi8A1&P8I{> ]ivGD޼|Vv^e[x"Gn]wXf w\gn:@hu+%Jl(sƒr e$"`dH'  Y %ѥNgd\te]MWFRS!=[1s4V:jɓ4b_[ .+ōldOۃkP)ki jF |?kk yC ЫA<8lяLp ,vY+&[VcwT-(o/G++LYFr3}>ԊjՒ%Q922Wv/jxHeLֺ߬Z"M7=m2W磅QzK28S7En<ɘM9m,TW+ ^3YO#א eA=&!r߿J审?=/܆L\O&=61ѝ5z0S(b~Ov}%.h=ZXz\&:;5l#) P R9F~1n#ZC6-?,:\g>7kwJ/}G .1Nsτ A2ԯb"Zw*j nEM} 2 0 Jd n|#&?3?g$Bn*=i +,Z6{AjU&`DZ.6xp w4I2كkXgd/%d 07_h `qҴ{m%G(kW}2)pȫk5y6T:w^MjRy}ta.e5Zn PNiJ/h:wKjIGwnƙߢԌ3DO-y3DS^A=r*;Z 8hP˿PJn${Ae ~j^ˎmM'hdxB~=i(?CyljȊbR,ҶH8{Svi'{˓3:o@ggN$,-}]:2ۀA^NU0w"1pØ@L7 x wXV(%􅍃?=yH1(L%~ 8>j~+R?ZYzjJ plTOYig[I%(3ׄV yWy) 6aK]FL ->h{cf,p M6Yadb=$2łsPZc1| Bbe +H%ʪY,,r?L)ݛ2ařkup2|Q5o74s*3_ܥ%({{SjIۈߊ}DcF§Sfv保g0O\W3SĨR@7#$KiqF)A_Si+:$LG[">N2`v8M5+?H!TP-Ղ|:i 9GOZyϯ~?iUыA?(2RӴ(Q%|)K2Q8Ф3p1XsyBᮽX&b(m,mRivBdӾXQ<[ђFSVYf#pֱA7#r Xy(q@?ShwtDԳ|Gcmw.:)ޅ@sfeUɡdO h-<{-;w[MO“LӲ]An{a VJ: ?G8hW-*,5|*;E 5*?Ñ6uE+H/~'$zĤW؞hVC*kgl[-qO 9e.<\A[a'E0Iby17'wγvɖVKoR@~sU;lϦQ=Ii:n!X"iC3N=/65h;A 6օ?o^'qU殞=rlYg~Tq7ʳ ^1o6Ŵsj ,nI %q :KlO45cThxZAU%kŜ\cp㩛 ]sA@aUP+bq(B E$DR$p Th 8ƶOv);E@-ø@HURØ_- 7bfW:L46&a,͓tbCHDK~nޥn<cUҁAӊN|85"i 2NSș2#KB-iN;M)HǰYWCYT_Nh=JU!O{#ҿ"FLQک!t=[CP(*D-牵1 _h!]vdFҺB)<:/KDGZcӝ7$B;K/$7\<>QwJt8c.t 4mfhN'b۵ ӟܽ=PTgt67D-\T ,1@{v";c͔Le!:B/ ~iRQy|UX,=(L>S8]D'5"_HYEu!VXCn)ܜ,1.u3Bt$;-9BڵZ>C]_ق6ٟ}]#^JPϙ$<3TutѶd#W?c@]5&GzF6faz/۪nXZ|{cpǎJ~s=HKI,l]mO^G!q1Tst!^OesJni m][=ﮪHnnxOٵ|m^bK#z(RPgxs͹&)o8Ē čywI)H{ sUPA2{\7PdZ or^ЩiK27zwV~p8f&eYy0*-jJߕ.ۏBq{ouxFeFdCX?c2nS38E vƺVr F1\RūyC4o@#}ry>(s1ky z1hL=go[nl[4D4h4>M'e+^)]J]Ei6iOKOt.7 \zEG/!촗'ؤ.A5Sѕr%go62 SdD׀V<$AK߬QBY3vq܉UD5w66Bqlb75INgTfZ" Frgٸ5c!Uŏ'asตѷ>LGJ̛Rݪpa} %# qg Ok2v[ᅞ%(0.dޓ"˦3*J|(d E =X>1jQr>S(}X%IEnmkKC9a6!je7 g0쯈decd֖SW5PLuOx0*Ŕ' |.isAqӤ'촼 [ź'u[x09}yyP s{ZjF+|aZc YT[5JE}ښz@`Msŋg -U9R|&<;=y:=]aH>puE]{TDY_7 ˢ:cf= T n5ДfJ=μ COPI~j[QK^A=vlj74<Px/A0)%1hH.RL^ {AC:_# GR? ?<KuK院ިBS~DT!(;8͔>E~Z[˒$mQTT!"6fK GL1UEUh] $s}Q䅚 PD!jdG(Մ}?g(Ɖr ,Wf턤5nJ~ 8L,.37wN+,vyvV<,77KS&G);fh9:h2V| 6ճ^9 ^/[]SFj} 9ɉ4>?b:&B8&Y-) zBђSW %IpY)Dr×5(u=(YΣ7'@q#7Ť$g|k1vl*Xm+/9܏ *] D.0NZ}+|=|k zh)E) IOL&Qoa\7$w ڸ1bP#MDHI7j[%kR_En)$ =$W<*^:ϣp*lmGP(dְfSeAA?\,c-NS' +㔆{6%3*dQR׻c/"JBI?eak8".] V 梄c-_J[m#/Ԭȍr^H .2`V@ Hщ%Bs[TrRteGnϽxHncźI;RYl-ϥ$zp<.EQƸ~@$ /T+uQrqtPw$c2M,Rѫ__8Ѡ߀D| ˮʨs2Ko&`M6jA;n}w=|eNSd^IUTuIKkhhޏ6n% }E[$3.,&x~blpP@,(4~ ZeVg>SRӷvHc;P03]ƒv1so67Dn1.5VXP4N {V[bd~*RCoVf]r4u"P@ lzŵƢ1/H˛5Z_mg Q^[˴ =nIv$",iBT 5qn_WH} 6r V."Vz?x*) ʊVĂ dRôs=|3/#*EMgȐ0`Dd(T8&ɘprs|a28iB}z5o';}R~WɐY+3Е8B}4b?Pfɂ MTW\w/.{t7.{x+Q#4o$ hIe1WzSU Q.E֢ ۫3 S;OG*,k | țV#ЈR.K4Rv".EEC i_%7r'zVhnz UmEp $yyt87;0PZOo:|j`p'DV ?r N$`z2n0u`rE Q EYPA*ᯟEb$ :D YVѐ;{<@P3ː']=?8twAKNASkZRn܆ OvVq9J˕K6K&ܪΠ !pfWMeMD9Dž>dK+o5`]K|S?ۡ%@k!dB4O^fYZm̪J ] fgbþv}f#Ŋۅ9mt3v:KK񐸓i3J[dmOZhmɦ_8;OwmeW\=w'3J`"a[Z_vFbS8v%qcR\%It6A4GmPkjq251PʲHZ.a?PBLn"s%w|*y/U؆[1½f'(kE ]sv {ZqJȭ#@ qjP4)T ]g51lh0ņ]`YBţ47K EJX5;OHk1F𨙯tq*!s13Hp?꥛KKG7xو>A<2 ,x8@ c,qݽBJh,fxMOQ&Ǭԥ͏%0w(ʠݡYm g"fQ\cGNyI3Mk7 5t"Ϯ\p152}".jXPinE7WKX3oo:H_͹+*P*3~r{EUq6LF(s H1t?8<7 hTmM Y%xۘtgu&VIӣRKrBF:8KFJj{R%nOEZ-iE:G@ևnHPt`iY RK]c6~NU Ș" ܁N-WY֜ol9Xs顳Z a|y|a7&$b_Q@fǔ#|dT:oιTe[RH65?! C}r˱`cV'6M1trcV&צ$}53gҀ\Ă8o$Hd\JJdJbfC_Ӆ$%g_Z9AI8ү񝹬Otٞ}#G.%7:tq nƽli$$h])sQq^5#bvvF*UF4 p/8@@EY 孛y~nq6QtPޘ\inbB* G4dxV=LkigP1MunsEXZ 6Ôie4laT.$U@-| ]*k0bf@F0xϪK%JjU6lFv8}`'kG E wKAdޕ|!VAd U@q؀?D~_tO8A.'U6FPb⏈Ƨpu5i[@¸!f&ga|H[Ο]r7/U OwR ÀC "-\6P#; qo;7 WQX4&r=(Y,d,9PJS%j0lD^: ~m"Ae=*,o}ϧ/FSmjR=\t,rXüȿ*Yy$qb^8\侮q !8o|Ɏ),=YhA79X9lӧ'x .IQoJ Kb">}"=?L`ij4_GX@IĄ~>3$=J6QYEp'02(oYJ092VEJI'Ty;9H*uR|ٶIXg ̗L X#xz!>!lt)FxFN' Dgh;bC2w/ZB2 Og`i@{џ(}UCiwNϝ2qUFu.! NiGyR,pX8MڗNڵޓ^BCvh9.4V κmCH"|x aa%# rw]a1氲'jYF髉fmix¹NϲK3s8CYT8–川Oywr}tI$׎$8opCأ.s&C1XJѤcC .ᕭR*nBw.* qqϵh3HX@8 ez"~"Iٺl5#L3C5\\ _i%'PT"I\`M4fG4eλk1+Z9i󭔢,WrR԰Ќ=cMSܑ%DS30_uq@f&L~g'8&l0Χ2ԿJavw)OحݫV،W@u_mo=TC&wMPada~WvxѺ) d5 xm>ȍÔOBz! h5+,lNk#ͧ($6tZVy":zt{ZbB)i-TZmCGRFP_mi^OH 'zq鲷Qʷ-^|uR%h­V5z'uyd)Q)FDD^)3g9 )2Gcf6WZ%XIdJ]L''#TQga$ ]AD-ifvc^E \D } FL~?CVMY-VKEYKU.}d dPXbQw.qfɑ" Iz%1 R쳽86 މTG )۟^!)KBxs$YxUs[-[@ۋ , d*6N41lf?dG +>,s)˶7NMh:W!#_k(,4uMܩEXM6j }g$Ae?d*ʼa9gB+Sy"AA*2J]/0X(,:I?+d{iaVE]P^w  *|W`wuyɳpkABr9xA^5IJ("io-1woǟ˿Uمcz\yxZ`Vo jOl=mf݉K>$S"3u?rF*4BIΞεA>Cg%ԽkƘˠ;"B-6e5Ua̚ħXG8Ok/t"a5"0ͼ3C^;;`B!l}FrhZ(fHQ}Bdgwǎ;m)U_8mZ 3nk#S*m1 -L~;j>ԝ  @)sQkhfQcy&FY,^ -VG)-n=u R)U>a~B? fr4},k˪,ؖN"i,=h2cxH_8<Bo Ylm[+?<, @әJȴLJ֪]zb[ Ѹ&F=Q)I;xxZ/sJ rǓà2cmԡdCvXVu17rfI<7pxHZu/х …Kwbcawm' /D35 N\M/7-? ׋cxDmD>8\N:*K[*b\羚q,D1LɎnfxIR!,5aS5* |%̞0V.NY6X雓 =&Ί uʍ=WGZ]V^K0\ȤQtjjE6h$h$f';1F5nér&zYmrL]*7 mGD ?7cN>Ww]si{P)O_]Uw%&5 %-2jIw,[wx~n4"% w iYns䩧<4zg.(0$Y1J^zj >\N* mS4~,zyF"[3_` ż籐wNpMekQj$a0aa$f` ,7ENBih5w65ALo rLEfXCf;*Cݡo ZS JXt {]w.w\xy$L- v^@oǔaozۼ=tzd<"[ZZ3l)R->5Ӿ=JCmiL81nIF6S2р]0&8h-6Yۡ޵ KkvEAU}xҫmT1 b3r* >jʙF4R$tS`S~76TɿwLt1scJmIZV#7+3<;4ZD7jc? 6:At պ1 ԗy6Y=%`V7Ed4Y~XYQ*-B)LyzJ\*+E㶠J罴 5UVS4ա6gdeR[=uK#5JktS޳܋s'=#"V/Mmt{xut!"ү ؋RXGK>->J2 u5'BPĪ"HrF#).mz'>\R [%$X| MdnOX !H\4G]+>8^8 Da|̘_ߦNZ! (aQQЁLT]l"Gй]@ /*:ڤ7U{*%M9f\AGs S 9˗1ȵ[@C'{gBztA5xoD xtfnff9_7RohbZ3y}yZ|5p0 :{JJh̩L>ج}W)K]XQ څh,_:ud۪HS'6YXCR8C .?SDZlrR'\w2jG´3՟Nmbg2BqԼU:^^2-;5\!nm՛b{z+'kAޖ.?1A}&)pWHAM}St3GFdRqPaT"a:Wȑık g1=jdR/0~nSkEFa|O{]]Y #"7/TMxA0A*^͐ @ephIk-BF/J5AW-a#/VqHlS.tw`Qi  GV(6$l[r'*7 .H]M-ZlqFTu*Q4QKG)(".\vI2+l< O/02\ɒ$(V,_dc]߬hl nb?okչ?şT'\= UԌUEY:&&ۅ[9Bk0ͰA1j_.fa|kQxA]SJ˶F&ށU7@z."u9be|:Y{I9.9ZRX&2_n RøJw{8h <)j=@݊fm[-$ȿSk[ d{S~@|U.Dt76 (\ -p_1 vkV(ݻY1t c ўâ*{k,}4=dvw"i~48kc%KOZN{O\牡*^`o- f]udRW%~|D0B%ׯ &"Ve97Nmk4j|KCJZ#z_/->QTʡz~ZR!Aܻr}mFuwBHU&/Ʋ.(Jcu(ݷ&PyV!#eTmP,cYghGmbDuYeU蓫f5]m|)%WNaR%IԂ>́!5%9Y='0pFEUj^Vo9HV+c H0M3dkMs $ ̝s .yO5m FkaZ0DZF,WNLndNϻv*&~ҰaWF=ƺm*}8&A!ՀSRd<0Oxqşnm YZ