container-selinux-2:2.229.0-2.module+el8.10.0+1880+8e896d1b > 6 6_6 3!pQp)Tξ7]mtZ`g*~8 ]mtZ`0 |o/蟈F6< Y}bRȮ_deȵ :b0Ia4C:07ƨ6, 4CߣB9pXvxV[rˋܻB^>}6s&mգj ϟpċ_?__ .?'#I<*B3/z4+5&KmY^r@7s}6>ѿ,,dyʎnUY,?%Ї JF:5Q&W芎;$Ŝg1ֻ2N緳)pvyla,ûVua̲*7%U! QɁY EV0]OzE'U3xtTH;6p QvL ;rn\#Y>-#gd" 멱X8^CypE A:|p 45e9ff4482db0c0f8618308a89c312ebaf92ee5fa7959533f2b18c2e7b795d1cc2917a8ca7d7c16ecceb77efcc2aa2bd4347c9293!pQp)Tξ7]mtZ`g*~8 ]mtZ`^4- UJ~M4&<1MeO\:e-|! ?ڎ"J99c,G6B%sQQ=hW.u~-+dn@L{X 5;Bz(Ȇ,Bڳ{$:tx,,|2,_;eom{.z~n\8[ML$;SZky8rXWLd&@Ty]x9듶pZ>vmLk )ۻ,z,"0̸73sFD b|EiV '4SHZԭ^w0oKR8fnGuhnn6/"%+pԕ* 4ԏ${ E]ڭ& rVUVM][ӫ-qv.ZA@rfsu(3 =9wHUɚ'*m" pK;;-zNMh _E],>pIo?od< @ h CIPL t    @  T   l 8pS(894:/=gR>gZ@gbBgjGgHgIh,Xh@YhLZh[h\h]i<^jW bkdlelfllltlum$vmtmo_oholorooCcontainer-selinux2.229.02.module+el8.10.0+1880+8e896d1bSELinux policies for container runtimesSELinux policy modules for use with container runtimes.g*zord1-prod-a64build002.svc.aws.rockylinux.org }KojiRockyGPLv2infrastructure@rockylinux.orgUnspecifiedhttps://github.com/containers/container-selinuxlinuxnoarch . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if /usr/sbin/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then [ -f /var/lib/rpm-state/file_contexts.pre ] || cp -f /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /var/lib/rpm-state/file_contexts.pre fi# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -s ${_policytype} -X 200 -i $MODULES /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi . /etc/selinux/config sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types > /dev/null 2>&1 matchpathcon -qV /var/lib/containers || restorecon -R /var/lib/containers &> /dev/null || :if [ $1 -eq 0 ]; then . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ $1 -eq 0 ]; then if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -X 200 -s ${_policytype} -r container docker &> /dev/null || : /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi fi fi6frb0(: BA큤A큤AAA큤A큤A큤g*zg*zg*zedg*zg*zg*zg*zg*zg*zg*zg*zg*zg*zg*zg*zg*zg*zg*zg*z8c04ac861d425e9947eb5bc06c3125d682dc981f6327e789ebe1c4eba0d856fc7fae14152b8ba0da99d2e5a4f0ae0560d8d5286b63a573231284445a99e8c24a9e4227f868d83af4473931cee518f866ed22abf972db1ca104c674038475bdcfd8bb85c348c013c8ae5d252dad0ba613b1ba609b1bc7cffd54d2ff144e1fda47c95d8badacc674ace0d2fed4fbee4d28d2a92799b23fd5cc30cfb444ee8896b71724330eae556d61248fca0b0920b1de3697d8cd42bf56da8d062a4265ed1b9f2aaad24c9578fa9575445ab4c5208b80b1226e49174e20bb2609de935466b9ba9eb7fd75efad4068dc1e00d43c6176477d13f5c759c1986174a340cb07b822119af286e5e19e15cffaaf7b29c745c800ef94c03d90ee90e0e8e18edc2ebf8f01280274d7f1512ce4677f123f310d300672d6872c3e1f3f13144cd5a03e85ba4b0a6fa6a05496c83b67185cb54805263c502181507d1ae899909090caf986d623dd478baf01b7ef0daf441b7cd616c79ea77eb8e9d2725976b9edeec3991e3d5f67de3bb8fb85b4531702c64fa11b1fbf1746cbd844560f2f680b862915f25d69rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.229.0-2.module+el8.10.0+1880+8e896d1b.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux         /bin/sh/bin/sh/bin/sh/bin/shlibselinux-utilspolicycoreutilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)sedselinux-policyselinux-policy-baseselinux-policy-targeted2.5-113.0.4-14.6.0-14.0-15.2-13.14.3-80.el83.14.3-80.el83.14.3-80.el8udica0.2.6-14.14.3e@e@ed@e@eeqe'e ddhd@ddm@dcp@dbdRLdd@d @c @cc_c!@bVbbkb_b<]@b%b@bOb@aar@a@a@a@aaa+@aaa]aQ@aI@aA@a'@a&0a /` @`9@`Ȗ@```q`@`@`N@`@`dd@`Y@`&m`_T_`@_%_%_F@__"_5+@_16_p@_5_X@^n@^Ӝ@^@^^k@]@]B]]@]|@]@]X]W]R@]@\M[[ͻ[[@[[Xf@[L[K7@["X[@[@[[[Z@Z?ZZZ%Z%Z@Z - 2:2.229.0-2Jindrich Novy - 2:2.229.0-1Jindrich Novy - 2:2.228.1-1Jindrich Novy - 2:2.228.0-1Jindrich Novy - 2:2.227.0-1Jindrich Novy - 2:2.226.0-1Jindrich Novy - 2:2.224.0-1Jindrich Novy - 2:2.222.0-1Jindrich Novy - 2:2.221.1-1Jindrich Novy - 2:2.221.0-1Jindrich Novy - 2:2.219.0-1Jindrich Novy - 2:2.218.0-1Jindrich Novy - 2:2.215.0-1Jindrich Novy - 2:2.213.0-2Jindrich Novy - 2:2.213.0-1Jindrich Novy - 2:2.211.1-1Jindrich Novy - 2:2.205.0-2Jindrich Novy - 2:2.205.0-1Jindrich Novy - 2:2.199.0-1Jindrich Novy - 2:2.195.1-1Jindrich Novy - 2:2.193.0-1Jindrich Novy - 2:2.191.0-1Jindrich Novy - 2:2.190.0-1Jindrich Novy - 2:2.189.0-1Jindrich Novy - 2:2.188.0-1Jindrich Novy - 2:2.187.0-1Jindrich Novy - 2:2.183.0-1Jindrich Novy - 2:2.181.0-1Jindrich Novy - 2:2.180.0-1Jindrich Novy - 2:2.179.1-1Jindrich Novy - 2:2.178.0-1Jindrich Novy - 2:2.177.0-1Jindrich Novy - 2:2.176.0-1Jindrich Novy - 2:2.174.0-1Jindrich Novy - 2:2.173.2-1Jindrich Novy - 2:2.173.1-2Jindrich Novy - 2:2.173.1-1Jindrich Novy - 2:2.173.0-2Jindrich Novy - 2:2.173.0-1Jindrich Novy - 2:2.172.1-1Jindrich Novy - 2:2.172.0-1Jindrich Novy - 2:2.171.0-1Jindrich Novy - 2:2.170.0-1Jindrich Novy - 2:2.169.0-1Vit Mojzis - 2:2.168.0-2Jindrich Novy - 2:2.168.0-1Jindrich Novy - 2:2.167.0-1Jindrich Novy - 2:2.165.1-2Jindrich Novy - 2:2.164.2-1Jindrich Novy - 2:2.164.1-1Jindrich Novy - 2:2.163.0-2Jindrich Novy - 2:2.163.0-1Jindrich Novy - 2:2.162.2-1Jindrich Novy - 2:2.162.1-1Jindrich Novy - 2:2.162.0-1Jindrich Novy - 2:2.161.1-2Jindrich Novy - 2:2.161.1-1Jindrich Novy - 2:2.160.2-1Jindrich Novy - 2:2.160.1-1Jindrich Novy - 2:2.160.0-1Jindrich Novy - 2:2.159.0-1Jindrich Novy - 2:2.158.0-1Jindrich Novy - 2:2.156.0-1Jindrich Novy - 2:2.155.0-1Jindrich Novy - 2:2.154.0-1Jindrich Novy - 2:2.153.0-1Jindrich Novy - 2:2.152.0-1Jindrich Novy - 2:2.151.0-1Jindrich Novy - 2:2.150.0-1Jindrich Novy - 2:2.145.0-1Jindrich Novy - 2:2.144.0-1Jindrich Novy - 2:2.143.0-1Jindrich Novy - 2:2.142.0-1Jindrich Novy - 2:2.139.0-1Jindrich Novy - 2:2.138.0-1Jindrich Novy - 2:2.137.0-1Jindrich Novy - 2:2.135.0-1Jindrich Novy - 2:2.134.0-1Jindrich Novy - 2:2.132.0-1Jindrich Novy - 2:2.130.0-1Jindrich Novy - 2:2.124.0-1Jindrich Novy - 2:2.123.0-2Jindrich Novy - 2:2.123.0-1Jindrich Novy - 2:2.122.0-1Jindrich Novy - 2:2.119.0-3.gita233788Jindrich Novy - 2:2.119.0-2Jindrich Novy - 2:2.119.0-1Jindrich Novy - 2:2.116-1Jindrich Novy - 2:2.107-2Lokesh Mandvekar - 2:2.107-1Lokesh Mandvekar - 2:2.89-1.git2521d0dLokesh Mandvekar - 2:2.75-1.git99e2cfdLokesh Mandvekar - 2:2.74-1Frantisek Kluknavsky - 2:2.73-3Frantisek Kluknavsky - 2:2.73-2Dan Walsh - 2.69-3Dan Walsh - 2.69-2Dan Walsh - 2.68-1Dan Walsh - 2.67-1Dan Walsh - 2.66-1Dan Walsh - 2.64-1Dan Walsh - 2.62-1Dan Walsh - 2.61-1Dan Walsh - 2.60-1Dan Walsh - 2.58-2Dan Walsh - 2.58-1Dan Walsh - 2.57-1Dan Walsh - 2.56-1Dan Walsh - 2.55-1Dan Walsh - 2.52-1Dan Walsh - 2.51-1Dan Walsh - 2.50-1Dan Walsh - 2.49-1Dan Walsh - 2.48-1Dan Walsh - 2.41-1Dan Walsh - 2.40-1Dan Walsh - 2.39-1Dan Walsh - 2.38-1Dan Walsh - 2.37-1Dan Walsh - 2.36-1Dan Walsh - 2.35-1Dan Walsh - 2.34-1Dan Walsh - 2.33-1Dan Walsh - 2.32-1Dan Walsh - 2.31-1Dan Walsh - 2.29-1Dan Walsh - 2.28-1Dan Walsh - 2.27-1Dan Walsh - 2.24-1Dan Walsh - 2.23-1Dan Walsh - 2.22-1Troy Dawson - 2.21-3Fedora Release Engineering - 2:2.21-2Dan Walsh - 2.21-1Dan Walsh - 2.20-2Dan Walsh - 2.20-1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- remove watch statements properly for RHEL8 and lower - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.229.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.228.1 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.228.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.227.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.226.0 - remove dependency on policycoreutils-python-utils as it pulls in python - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.224.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.222.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.221.1 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.221.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.219.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.218.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.215.0 - Related: #2176055- add watch statement removal from container.te - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.213.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.211.1 - Related: #2176055- use conditionals from https://github.com/containers/container-selinux/blob/main/container-selinux.spec.rpkg - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.205.0 - remove user_namespace class, thanks to Lokesh Mandvekar - Related: #2176055- revert back to https://github.com/containers/container-selinux/releases/tag/v2.199.0 (2.200.0 fails to build as it relies on the new selinux-policy which is not there yet) - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.195.1 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.193.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.191.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.190.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.189.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.188.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.187.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.183.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.181.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.180.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.179.1 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.178.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.177.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.176.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.174.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.2 - Related: #2001445- update minimal selinux_policy dependency - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.1 - Related: #2001445- lockdown allow rule was removed - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.172.1 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.172.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.171.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.170.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.169.0 - Related: #2001445- Start shipping udica templates - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.168.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.167.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.165.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.164.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.164.1 - Related: #1934415- fix the build of 2.163.0 - Resolves: #1957904- update to https://github.com/containers/container-selinux/releases/tag/v2.163.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.0 - Related: #1934415- do not use lockdown class yet - it is not available in RHEL - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.161.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.159.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.156.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.155.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.154.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.153.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.152.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.151.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.150.0 - Related: #1883490- synchronize with stream-container-tools-rhel8 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.144.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.143.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.142.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.139.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.138.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.137.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.135.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.134.0 - Related: #1821193- synchronize containter-tools 8.3.0 with 8.2.1 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.130.0 - don't use macros in changelog - Related: #1821193- update to 2.124.0 - Related: RHELPLAN-25139- implement spec file refactoring by Zdenek Pytela, namely: Change the uninstall command in the %postun section of the specfile to use the %selinux_modules_uninstall macro which uses priority 200. Change the install command in the %post section if the specfile to use the %selinux_modules_install macro. Replace relabel commands with using the %selinux_relabel_pre and %selinux_relabel_post macros. Change formatting so that the lines are vertically aligned in the %postun section. (https://github.com/containers/container-selinux/pull/85) - Related: RHELPLAN-25139- update to 2.123.0 - Related: RHELPLAN-25139- update to 2.122.0 - Related: RHELPLAN-25139- update to master container-selinux - bug 1769469 - Related: RHELPLAN-25139- fix post scriptlet - fail if semodule fails - bug 1729272 - Related: RHELPLAN-25139- update to 2.119.0 - Related: RHELPLAN-25139- update to 2.116 Resolves: #1748519- Use at least selinux policy 3.14.3-9.el8, Resolves: #1728700- Resolves: #1720654 - rebase to v2.107- bump to v2.89- bump to v2.75 - built commit 99e2cfd- Resolves: #1641655 - bump to v2.74 - built commit a62c2db- tweak macro for fedora - applies to rhel8 as well- moved changelog entries: - Define spc_t as a container_domain, so that container_runtime will transition to spc_t even when setup with nosuid. - Allow container_runtimes to setattr on callers fifo_files - Fix restorecon to not error on missing directory- Make sure we pull in the latest selinux-policy- Add map support to container-selinux for RHEL 7.5 - Dontudit attempts to write to kernel_sysctl_t- Add label for /var/lib/origin - Add customizable_file_t to customizable_types- Add policy for container_logreader_t- Allow dnsmasq to dbus chat with spc_t- Allow containers to create all socket classes- Label overlay directories under /var/lib/containers/ correctly- Allow spc_t to load kernel modules from inside of container- Allow containers to list cgroup directories - Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.- Run restorecon /usr/bin/podman in postinstall- Add labels to allow podman to be run from a systemd unit file- Set the version of SELinux policy required to the latest to fix build issues.- Allow container_runtime_t to transition to spc_t over unlabeled filesAllow iptables to read container state Dontaudit attempts from containers to write to /proc/self Allow spc_t to change attributes on container_runtime_t fifo files- Add better support for writing custom selinux policy for customer container domains.- Allow shell_exec_t as a container_runtime_t entrypoint- Allow bin_t as a container_runtime_t entrypoint- Add support for MLS running container runtimes - Add missing allow rules for running systemd in a container- Update policy to match master branch - Remove typebounds and replace with nnp_transition and nosuid_transition calls- Add support to nnp_transition for container domains - Eliminates need for typebounds.- Allow container_runtime_t to use user ttys - Fixes bounds check for container_t- Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t.- Allow container runtimes to mmap container_file_t devices - Add labeling for rhel push plugin- Allow containers to use inherited ttys - Allow ostree to handle labels under /var/lib/containers/ostree- Allow containers to relabelto/from all file types to container_file_t- Allow container to map chr_files labeled container_file_t- Dontaudit container processes getattr on kernel file systems- Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container.- Make sure users creating content in /var/lib with right labels- Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc- Add support for lxcd - Add support for labeling of tmpfs storage created within a container.- Allow a container to umount a container_file_t filesystem- Allow container runtimes to work with the netfilter sockets - Allow container_file_t to be an entrypoint for VM's - Allow spc_t domains to transition to svirt_t- Make sure container_runtime_t has all access of container_t- Allow container runtimes to create sockets in tmp dirs- Add additonal support for crio labeling.- Fixup spec file conditionals- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- Allow containers to execmod on container_share_t files.- Relabel runc and crio executables- Allow container processes to getsession- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/sh/bin/shcontainer-selinuxdocker-selinux 2:2.229.0-2.module+el8.10.0+1880+8e896d1b2:2.229.0-2.module+el8.10.0+1880+8e896d1b2:2.229.0-2.module+el8.10.0+1880+8e896d1b 2:1.12.5-142:1.12.4-28 selinuxcontextscontainer-selinuxREADME.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2templatesbase_container.cilconfig_container.cilhome_container.cillog_container.cilnet_container.ciltmp_container.ciltty_container.cilvirt_container.cilx_container.cil/usr/share/containers//usr/share/containers/selinux//usr/share/doc//usr/share/doc/container-selinux//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages//usr/share/udica//usr/share/udica/templates/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2noarch-redhat-linux-gnudirectoryASCII textSE Linux policy interface source . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if /usr/sbin/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then if [ -f /var/lib/rpm-state/file_contexts.pre ]; then /usr/sbin/fixfiles -C /var/lib/rpm-state/file_contexts.pre restore &> /dev/null rm -f /var/lib/rpm-state/file_contexts.pre fi fi #define license tag if not already defined/bin/shutf-8ef861073eac73d8e87db0c1138bbb74b2e4f889ce4fd080615b523d9576d683fcontainer-tools:rhel8:8100020241105193234:82888897?p7zXZ !#,] b2u jӫ`(y1:L 2W;"(A0 0i\6#Z`f. Mw,/W^vmPm@DM&AB, jX2vz!>r B =Rf:T:z<&[c]z=lF]yH"#SZd˰] (l;u-8 N'̹b$up7Z LU,4ÙJ֣DQ\< EvϮ?/#t_8*4V\~.eL!A.7Yhv = y+=;WpPxdpSGZ }Q3g7d2E]M1Cᗔl O׼L kF|O"*g, )&fc`sOim ٷ#Ʊs$&7#gs o?.]B`]5l]`)w(< oXaH zt ?8.WMvaGyh0cQ$?Db%cFɥ!x}kVGfl@}J4>Uٜ ?\)6TTMFW x{#Kaڱم82nI!Ѷ/~Ŕd)]({_oچ#gJp2h/1։4N9H@;]%jԳҟ;svA)תr;;dR?XNm^Lz!/,: ]HXq YY`Y)ZV|'?9`3 gז}F}j%8fIw,,ZKGjlE{fr?<ĒX^&-|C9;ΥA]7k1uG6Ai۩Ӄpt4\@Y Ƕw_\jPcʼn6E mC(6tuU9b'ͮ:{.w۟I08ۂ,v.!GO,%0MUTl\@Fs B84W͐Okf(u 'CK -[biMkk~A# q"A`~+6fZ!Bql2;}$?z=4 ፻9YSJIq Q?o@_(;b`j00C>7ۧ˯0rwtB9W]ߛsηfJ˜)A],tsxDBkfx#V-ǩ`T--QՅj['{SU[/z={yh)v0Swaˮ̟HIBX@C7-ÀWgX]QJ1ϯȴ*A-@%Br&!A[ehȰDX^6aY[-h4skOĥ8FNZH{bք1  נ=9U`؛zFT4ċTD6qCM@=g G3Dg5国oI!9GؿmG쐛rw;N ^=̖*|M%<~7YWXT/iR C>"=72BևsAۜsۚ'.ɽʞ,9r  %rݚr}[R1-yN^GfEQZbp4= oQ} @0?PPmɷ:rhE7](Fe_zP~`݅£Qb`E>ZՑ #mNϔPL@n>1RwۓD 'T!*7MdbJ}u7tCEt]Kߝ= eZ_6)HQ/uӴ31Q8]pA}e RhBR%}8aV{S+ |^FXxdO<-@2iNmbpht9Rnk-uBkbUf;󴄇|A~&&Q8Liғ ;_6;5 !I(Fѳ+c_x=W+]I*fhZZBƸNj;^y"aF &rBߧ3Rτzwe] knd9zW# Ȟ3Ɋf8;u7򵺎i VJNn##{0zn-boirX`̜T֖wGל湴JY|e$g#&/w[oKzB䣣t$+:#\yzyڡDg|WmWOjEmOyĕ#"2}>P\{GtmsԣnǸ yV'80ks1QmԣSלc5`VP_gI܆̓q0P\'HDoPq\Oam VtɮoBRre΁+ i]}N3>k-YK:xKFR/:\玢aqgtTDD"z@2azuB`tSGd4!q@!?Ocp zX#x{~gm+i#d|7ߦj}(&lUF:_avi7 ml T '^sH6hUI0R\G`h"Y]͒^ڂ4^2o_1"osud NVF˔I+e"O$Bv(7&ad NˑNh:Mh*`fumtQ"w r2Ik|>c˯ c ` K+R.lNOc zs$60 xĎ':Nvx<f3Uc+1u*%j\P { Rk ҈"k?ÄdoH  =R:&j]ԏ:u5<6X|AםX@=;]T,Y;MXlb]ܽp d&'E~hgȿ3#g+T`Ff]S`\J/iJ: Vv%M;T8/Ȉ B-B_GP(?/T[|Mu72cS )I,xV@tHECѣEbBHU(رĢ-rߟe'O0B{b;Zw{.JJ"t&Odpv-HWK‚] *7`*$DYZV% +>ķ^J*mwĶubOد `ĂHP;)%rB ^eD wJr;yd$#_^/=:aTsS]h(9XAQ843eqٮE5ڕM!3ϖV o͕~=S3 oDmNKY0W.ˮ`:`ne3AAf+0JWdT'[ M '.r]45 e\LG!bg6U|U>"JF6vo.\:78mGj( 5F$dv ux|JR_;5YDL^ehstb>^PJ0 I?[~W–@ۭٚ{Q>O34&NrƱBb)yLI[2.+^}ڥ {m˻3+ޙ-a#X=#}/w[N# DHkZhaǷsY1`,>*5~!M`#e6Z bCYX;2<| cP̂=9#pN 6rC 1m^hjJxlU! dS̚I"_{4Fz *Mmx0sTX^ojtnnwej'μy,@|@vr- 7A鵳@߭7,Vk)]9^ޢ\YqAcI_|'^rj|&RíI͑yTuTM㴞z̴b 1k}k# HtY?|$ ᦒ2)e`FC6NW)gdBD} YK@p8;d E5>ݓO<ƳevJi T ^@u.X\|RAZ1;P/n!;=x;Oeƹa_>'ՏCjsINd"T#]it p>2frD+ NrII#9|~$u(~HvC !Ѓ;H?>G C5 䪚5QDVHxԬMoҁ-Rahd|R-0 Eު{ XqwPܛAM-{P'0XϿT#ďs;*ex<Ljǔ)lkÒdo:vBm,^.Gm'qTW8euK,C#9DFfDu(J|۪RC +s&uE_ >C9Ǐ[Uoqu0ט&x'׏mH>>eIMزgO[yMmJ?wީJ3T,Ex2tbM$V_E?p3Fc-a1C*Ti@d~֕u"#.{b4FzwݬՔѸo{+Yū7Ngy3g-/؃B&CTD lѻZ?C}Š?RTI=*VS[ P- Y5]t0O2Ed~~BQ I,]3n哝{.&,9~2IC12u9l'*r.gFdaҋΪ*H 8ޮ'wܞÕZf)]>(ǴˍTI/ ++D?<3=, Z]{CbxyDUoC|'#ފO)NI+=Ɂ'\azu&?Y2(O dd1tڋ }7}9rrcb"S]e lju3n(VLAULtɓgBp~ ޽wG_^=vÀ,ro&?pEC7g&P0IFhh5 LZ{R~ZO^ٯ-ۓv S)~*&*ߵ6,%;>x9)v~eqOr aDLWf"|$BnqrCH.骰@`FI(9{φ1Akb|teO&>j$Xl9'h^y0vzЎ꫕W>,@nQp(Jzuif01, Oy(Hq=Z@%̎TN^Q%S"dͩ/[#yA$ V [Kv_$~qҍ[DԳHB`wGi ž8|K%UqDA1p:gSd8ܮ\H`;A dx󵕉1 kЎe9mN1ޚUBfˑ)Rk(,!\v/eYz'' 1.1?ӞFԌDq!$+ů~~jaZ2SS7V іDDKp#c3gLejKU݆!(A| 'ք}>Xfv>0δIX]~-m㲬#-1u<(a7h5sy4iRў? k;/IF#ǘ$t/ +EѺ_Wגgxk yq-ϛ&%~OՑBWF8 1FQ2|^mN)Ϲa# v.>Zx45yF&w?7Byq0D iQPi~$k:C!y%BOej4QF7j:5loY2eaIpRxG Vr "yOd3q@/4Gw3yK_QS<; [X >h@qU)I!}@<zpHW+W>t{3^lN߭XRIoD0itl5"nQHYbBڸ\ȸ׫n"ul%3tpU2O\JY#_tj ϖ@l$.{icazdCj.  >/gձ{>z8"af<c^*lkROesO3&d&{ըE^n5Du"<_ؒ>jJo$'~sCWSoOd62mϨ/%|HB-3OY"PJ0 I۪15'n, bCa.l.SYWUЙ}>?Hcu`kr>>ȥ-gA%=gԳ6R:<2tC_sWR∼"UL0/~8[lfب8= $]#4lzOa`y/Ku\d^2NJqH yKXzLѺT[ȩ?%%ä׀"v"q/>Ⱦq,ͥј!/Z#"So7k=4CUAMNiF~(5B=+?ʶ. ]fÄ@mM$ XDcP)@:n0;ӥb3N q3>fe"W?D.,:NNGGcn5= 0 pp:,n9i |n&E(ÿS=t×e1o;tM˼S yr=7UTE"qnY@P,$EqP{Fxzu07a<&JB\HpOy79i y0}u:s#`8 Jmr3?UڞJB'x}aD"BB n:dj9AHt&%X\L(Y3&>Swr1}ܡ0jQwafmKg,U֊̓¬<@,\3h=5= < жCJ=w9PBLR iq9I,!9q!'9aOCQ4 /NgB1ed= ? X]t=I%`zB*U9 { <8!ݵM0U v6YUEZzr,:ms̏@[ޯ/N-/ ǩ}77PKMyqH~V Ċ9J(::.#p[=c,=F4e݌5t-6k4̟9=h|TOr%=&|Ƚ@ѯK*lF\AG'5=hGFU==P/ W?h@7ÒZr*#h6DqB7 ^tG䄱)sՖ/'7.s2)!a9ůNi]%$LDW‡ ,>gC9*cH2cxJ_"G?QM1=0q{q=WX@HAM>5t廳LyaC/43 G2(c6W"> wel)ȠG]$2ݪ,-kCd%iTi@;l}DV?x]ɴV2on30-scC]FazGpI mNOTl/5bKI'W@啳ʁ'yQ1ePaeQ)[1أ,«V澂ea8G3q{*R.յA1YeDG`XQk5$'t5yr6G19YAXLZAArίX*J1,>iOz Q$791x@'(̯%e.C z3 4:ƭLjB9XUh )a+˱\ >c@E·)E|p~婔@r'G+(+<#:M#`;3=Bp[jFtDzpV|y˭XP۵aO )s<> rBH$' FUɓV7Or1qW⃈M u:NO8v.([+T1:c@ [kQ ep!W.,]4~љ#h\0}gmXCݨ5#ypp»ѯe.@+Q& {S0S÷Rj4|>jt~Bmb2ԍ6FWCV޽@Ed3Lzز5qQ#E|$}bTV9&`T]e0uMѨUSKQ{?ac%RfDiĈYs4w5/vۃUUkh Q] &#Oj!sΡ7tOaE$[b,/L[=?MS-aoTyQntorpߣ{!3Qc\Y,s^>ᔤ͋3㌰I@3HSvMKS`9{TrF#T|X`ZmnNͶ{jl'̕2j㠾˻`(Pt_۱ \ Q0G+ jI;AKwa)!_4r La2 t{7a\l1`#X"+!{l*7ۥc~$ߠ{%UߗJYU/PbGD6P-ZI;$Gn89eB"Nfǜ肦5PdGE:F^l;ql0FC^Ҳ>eHknjiTuVl/U%.XJUӈ̀-|FzS.y 'nd>Ȧ"KC5ldW[Nғxx| wJTޙ蕷5QP-*I?ӬӷPYtxb'$آC4ƺ?vT$cb;^y<2!fc_e]_TE529ozTP>?qI 1@n ك⿾֣o"]tQz`޷C {İB0w%c`r]m/uu냞D#|{n,sYAb- }XHOU kwZ.*?^?F=JY8G_cilc20~x#mGH| ? ~u<\ms q8u:#ѝN2bT>5ŭ5-fzti|]z0);[Ծ7\/*hܽԌ}|BWx_=vm49Y}#u]I#~piܘ+ݑz_ ?6 bqtz2bn4`d[\udЯ+v-fzz.ʁkK A_Q|"]QX$ xKa~6g(O!ƷZzmR^PaV)W'&*ޘ `Ų*qEV+&,>Ac'1:}vbene tŧIsK}OtFXn!)+0Y}+ mg%\;|/]DM{4HN˘S R|CiB+P]OQp}}e[ďTJ]>Vyn¦ڄPŏ Y1} "fb_Zt-f,"{30{ NZt >&Z}ɞt+u-RJcv[ ̦-CX]MN3 fZ3OMLtvgL/Q,K- *գo5]LGa_4QF2]5MC̨q~XڙBLuRM"xF[OdkKO"5Bm{gc@HJTfy5 1i_mjόM8[m/ؠ˓\Q~7T{С>9y/E~Aɞ ])u4aә8H,Zȍ"C G|S]ǨĽ rYb',~ơB o`B+7)B=D43}/k28}v1BNH.RH=J2>9i2t͜,*dE`ɡn 5a7`?D`y|j"?3SZ&o we2fUf <È~#6"[݀QI5⚏$IULd(* z(5}6;pUsZ%؞-"lm-G q)˙͎ ,e& 89d^hhhU (&O2R;E[<|:ZCx,UGyuU*6PQ~E*\XsgSE5P^7E?j\1Ԭrq0wmppluzPfy_§K:!œJ2&q7BШIJaɔdKYv]qgrRђWHQ! E#y[|_` d꺳 >XD0dcܹv#Hck˞r</mO(pr[Q2Ώ U%AW"*[]ίcP&+-IfιXDg"d #&"Ncx;Y 68{fr\X&ME}ۜ&MYҡ2|CbB/w="AӷMo_vt9LL~MD$RO> Mo7^cWovDLv{澽歳نs߸Ti.ݷPt*82 ,[MFWsmQEi|op6$%8HN0qeJĀ)67?ETj'f\uW1f˷+F ($ R3{X MꡘM%kS+5BԊM~ CA u߭gfؚskԏ$SknR?J-6e+ t>jKxHMQA5MOW4MU'g~~!(y>4W^)lWfc՞%DF=R|<ţ^;Y"/ۼ$~т-`=ѳZh{l[!Aܯwo^x_:ez WZa Òuɩk~gVC-hAS`kAId#uMsŞ!@#n{qu<%^t3S帋$sfD 0m\L8|z?䑟&; ` B$;8hwF0U8)ꠤYz,v_ Y loIc$]>0d>.w& QUK2dF+8qJq%ZHw7m(ϬQrʪ_'uuY.~Og T:Y@VCDrDgI iOhQ֞%d[XZq qKYj[XT1D{0"׶FmklxVCۯ[EdD%Ve|ƅQmgǛqP77%'i@0J[a#r{ AiD6\Yּٮ1cHTVT;3Xgy<~4VLJ&C ;:杮uj}N=)fSch ?fwb_edCq3oы zz i}0lmKnu{Ɓ GHT.m(7r#p8Lj ~N:Q41; z j (ѱD* 6Ջ+!ܵADL=?&+oL`2&i>IC3(v{՗*oABj0s"HkCz;]nrC`.῱SD !*25CGpsn~$j8;6B}W\w/XPۏ c@+i@bxڲљtb6;DymB5Oѵ 1:.LDZP2_6D®%tߥoqj+ ZM K^em"ZZ\RMUMC칼mW?t^)CSh!Uryُt⿲jj 7,P'{hc`kj̑aƮ&.30D6MZ˽h#KI}P#vi$-s$ɇ:qv|x*By$7(VWm`W'o&W PS:nT_wth,֫}[[R=r?KVkJŀ>'ӊR w}ouw+SHG!ER5'Ҳ#*6ϕvm"ֽM я 5;@^[9O⥮>;Ɖwk:; E;"A~(u7&>*Xq-Xé 1HIls )Q䠲I.:ya?]8M*lة/3|O( ͘bӭlLON) ͻd$dVe|}lox51E_Ikuܝ;C e=eS_^BEw>kSFVg@栧 tas`k%ӬX.ٱmϛ;+[ʼnQ१cKN( @4{h[4aq=ͥDLKF2W)o35^$-5[|ˣ懪=ܱ dcU ϟ|:<4MxLj銄?"g.XD5?4^O_¢QƔ;i7',9]|΋g(Y~Org'65_ZF-5.<<ȹn\35z+=bbHgL YC3d3IYXƇ.h/a6DKAKUS#ZxhE,VY}1 idgЇɇfe;m%WzMD>U4Ėɝ.%xTkj9qQH9(⟜yWOj ~2P)Fl3>^_Z A`(!g:j,xiZ LЖf“ |j:yĊmLcx 5፳=bTTht(yw5HѐSiy{ g5F;HBsi[F)aq7)/ri,#V}|8{e80Kڪ_jì"m`H?N](ДX2uZȓi.z.;^MKf{4V w9`'-tqXXk JsQa"p5 O*Ҏ/Bӫ!$E+*c2)T's|Fe $ uϒ`[#kZf>Hɏe] e$PQF>8̇3^/Zԕh|>(+DAm}yL|$W'J:}ͺ{q Z pÎ)@n1H-8Sԙ񦑈zf R%KQn7FAٓj҈!7`/q9C6DYAbI!Msg5ә)u8Q8woĪD}jBI!Ԟqi[D5JSAdɮ@%Mc1&,2.9L"OZѮӪߙ )yJ!t[u Ŕ_]Fikh3aSInNL Zƞ,B ѪnIFOA_:gPOP\ƕ\ـS+X"0>uS7E05>_6,iAL_ͻJn Q[>_tzKq#UHJߖOTO,ĕDDJz) )g `Q/Dgzonˬ/ x`٩x`HkQfypJyn&+STV%T֣}FQ88\(3 #HۊZ&LaQ +=[g븡ɾΜ*HGkvHzZV4%٦?p&){Ś>FQQvTܥ<#ݙt[#wWmzu$t5碯)waD:NIXϨ]Ηf) Cz49|b91 w%& ZO7@l(YQ&؀N9L1 J ̱yS\{"(g%c+z6=quSqJM,@}e5S^MvX3XXhI)2 ‰V51vc2N#I61*,őZKPԆ輐u#Q`-m/o bDfLJEKq3B 5B7la'5_vN!y?wH4͟\0hͨȍ/"C\%3af49[KtNᐃRvBaj"0}rr@܆aguEדX.=5 GYV<YHojf +" q/?Rhk9d$w` MoYirxhKbw R {_++g P7B`;w@< f!Zwݫ/NF,K{Ŀ$?CˢCGok. #2y(dT_s`p~ɑ'U0Lg``pn3^C'Z Luw*'>nxGHcn˨B4ɦ^Ym3oWSJIiMJ(crv +)籎=$nEO:iO7N-km]Z UoD2.htr52:s:x.eF8ψ 7 40{@n:&*q@ǩˋ_:+_G\=H:="kUxC-t]l lVR&DR!P-^ޅN8KJTL5 b+KڍנQXE7.Ed])F(h%5hJ.TF٘ho&toE53W&szVPW "\#p7{!p5|9 1Htm5>QU'7(O[3g"?4=O`g뱢FbVevVLxWt/DwjHG@5 `$}bXߑRuy4 cڀ=7(Nk Oy峂Yɘ'Q/E6VYDRSAJ`%h;%@_aߋ,Tr͏\@m6j9p5R18R6g4)x!9m!;mi_ˬW@YV$5D8gL2cxy[5y8Z2%6$(d B|V a~,1G2!m}v v(f 9X{g]HI~,ou6Sa3H27k+Rǭj,vV9?NCZ#"AmH} Rٗ~r$jop V-J[^떣͠yͷH!~`W8 Zp]%vU\cit ԪKh]-MŪG\}>n'9~b^, ?ps#Av3!G7,_5J>{:j9=+Y`s=ώ2p|/ mX%!cNrG]LUjIz7h D- RMeWdy& >Vpf8^5}|̾bΝTrɠ5Ug/dDR#Ѹʭjd88>Ҵ<0G3d AW& d(`@Z̊I%IeX*Fjc(fL*?晧NVjڒfu>eTbcM*ar-wƆK~n[r"&C j ʎfzCtD]Vo:nU2]D GJ[?fj(^AeӭDG&5eFЅC&uT󅵿,̬D59']E J2u~me(DZ]|DS^v B6ӫF(tzaL݅WLow|~{iC:8?a759B}@o͆EB6_“\Dtr+\5 ;yfUM瓷9=G~ā\0QO=4BE sgl]ך 5';I) U_Kեt*˂?U Ƀ ŏAZHnr8}vRWLu+UyVP9A5b@?T`Cj4Va1MߛjE bT~L%:¿_;}qj2bx7 dZ-:BYAU jI"E3"\9 ,yGJ[WAYhnBv—J lD%^D豟Yz'LO؈2;әL(MY# G_MeNJ<[>Y"؜5'3gf\${*Roqדۢ{o\ƨLI"cGQ'蚖O4@(,!z8D8c:!7 k'ZN]Lذ|YMtR-`dw'몔fP( [5?%Hٹ9uZ4!'ɟ_VN3&KH\oct!%4 c({ާU 0-׈pOV~Udy&Hʜ/IƼuRGIDd,ߚMY0Mc~Ƿ $EPýdqꞣ?tSx"W,D--Uy)xhr :H8i5MI}Q| ht۔n.ŢytUWёHsMf]Ҭ g AFQ\!KGY 14Y:Zi8.K i2hHÖ}뢛hu2|SW0 (Ez>0хW܋eMpm!ãZ PSnGI=p a-y rMLbt"btCɐ^hpMBM$eͺ#BCLN{fPv~)Sb~-IXQ;Etw<ڢM&vC;rtY{Q$棡|(+`;)c֡Qˤ_g$5T=ّՁz2jR3fzk=iL_u1J?R}:Ȳp{,>NdK)m2f,(O7Z-D:?*>FT#.FOh<ERkSsbHFF}9ʼn~h0dΔ +AKmd6ر0a_ma0uB#|e4&ly r@h6 Gc 3^/^wpBUA{SOG_?~al!= OS^rtG\kȢ>p[ U@$d]Jh$2WҫEC_b+Dg\f@VOyIs1{;;y)>VRwLuP~-q#ƪnxP6)6sNոeLcJC4NIaU.C(oQ(ZhwAf'hρ{KЉ D-qr0t$ݿ83= ))l0fX`sZ&Dv:Gbb]P@D"|3{&NkLm+  _%=9t?4O|qw +B2QoCVWyKl 4z+M~m_qlm{x'Ox&ü&ou|f@׃+ߡ XSGnϛMSLv,7N%ӹ<')G !}E=XFxr -d'ׂ>"te#p3A#X#j+)VRPaHVͫrĦ5M$`K]~xvͶr_*4*:֒B$T5:8$ÉM}ft/P7"SL HW=g^R8ξW^\0{~̟fy|0e>"16|Z}4}4OWFSv:'ҫ,lv{*i:xM*w}=c h%7 /ې'" NAE6kDꮊ!ti*!'FgRԭ Ryzik\*. DJ4 .Yr~j|+U8#M*jbܵx0=fD) c39-պm~C&yW&f5Yo оřF rwrRO{h=x2g^m֌; %敀&/폒$+)A?騍8 vgO`_/=tǤFhQ&J`Tp̭l`"^:xt1v}$Lgq /WEp^bWSoD;Ѓ\MtG7,ۻ #t=7iMAPA7IM$l)Lh38;U'8R|m D¤k4֠IdWi.  Vtsg-/-x6՜hdo~ R"],;M?V^ "eu?tÓWES#$5d?B=lj  Js~7l/D1Ը[%7p"EƍSUGHhA~8f{[0&u2|fmH>nN+ї׆p&%}eEA\8x)!?N]]nM#l=~7|sYLܸ̥{c߳ռ]o-l6 x7HR5M HZ pa $\9Ct7JwEU]߆tv't\bQNdzil0B[,(MY&LI ;X' nl@"lM7VQ'A';|SI{֭u!l+?6w$F[vB#X " Ӊ7,ɖޑy59' ;4n|JՒ}b4.y]L_{S\R {_ju俱 j lj!#yIJY U}Y0H 2 +p۩cȁ/aȂPTI75绒'ajH"w%ƅ(4ºm}`,OPo[X-cz,僛 jVm} g:C1]aBN  'pLOX A^Jwhry>BjϹQץ܏iL4 }VKF0sdK(E1-̔aQn?:WO Gv+nrK^7.f࢚ Ő X2AZUۺ,((k?t<˾QE+ Z#$w_(A!};;ĵJɹELO5dp1|Ar<;005k> ڜ1vFK*}iq78u}1 o3fz1ȓx\@q4~߲%y3K!УE8*UlrzC;,=߇[[Te/?I~X?Hv-ݞ5"cA6EהX /C I|SezO.WMpŽ!SX""RJuۃSM +e\%fb H堘ۭOC6(Me<$ﶚPA|FfvWBީy҉[ _RQ/v : fEcuq]@]k?އzhٸW;,O (:Ace]A--WH+s !|=OPmɾ&<;wvuOr9R e{.N8n#Ȝ@# ?`x#(CkV>Ύb  BSN#ڊȜ(In؄7s cu&Q!l=Լr5Bp(;ly]0K$"omH^hër,C6kAQѩ4ԁF=ScL_1kz P?>:xAw%Rmi*٦ɟ1iBLyh$?t Pn6 }DKl0@&Iob F|6UM)DT#nYFf櫎͘5Dcʂ02HA#]}_bfӕZ"/b3QU:b" Vu$ ݀wlr`P<g|kwvc 2VCϕex8A˯f;_},諻ou1EF-1Yp~@Mo9øͷniL_-X=-`V'Q ,7J%"FAxDDr7^h/4dF FJͪ\]}5 7!a=ȟUfwJS=5jrv$c5Fr ){6i.PR6\$ARS :ͤaar5/<oƤti@q(J{t!5ˉ鷗KB~k0 vo,*IL*P"'('y`Sj kN\혴i<Ӧ+z۬QvYŷlIHz5Mq*AoNY D+5I9±OYS@Bukn*-n5᯷~IyIfW@m*0^װJޠY4 c20r Z{x&UaU8/;ҲԔ$U2A/|t'uw}d@xYLuiٯSD1 .g;eI+miO _dW[.^;/W&E5w͢B6@XOmlR]~W_UADkO4 DeР)ac}/`en*Y6sMZDTSO >؜R $U9P:Ȫ ˦dPЮUa[6g0,}8{8muEx+gդ%U%Z޼f䊦y8(:x<٣aZ֚Y ޷zQ~9GwW= T`@MNljewOf!ӿpY0Qv!NqVB}Y[<-aLm{JuUyv( :Xlcf+C0ON򺷀 3 T.PՅ,wXo'!C{YfBƿmfiz $r|bWFLs6 fJ AݢxE bEe~.^ >)aE8Mѓ l@譶D.P6R@1Vez&O}xNoM˺._2w\!Yn0?m ̓6 } =;`|cc܊֏KP*~Đgr|HI; æ"-RWn|GDgCgX&ka7Zb SoZם)單Z1~4%$0 ҷ7ģ/iqNZbW4sj E~+tA SCFk"Pȧ*9"a+QyıP~&D$眿d&. Xc2M5H)~V#co;`L(qy/c>hmZ:gmK=SJXY^ Q"Z=/ӽ*a?3'lR-F`ap ZӰȰ6x+nV,c@Dt=g&Eꊐe 24>8Z~,)9|ʔ>ǡG )A 9N@+j̶y?̄ei֌Iךҋ9퇾!׆.=]F\@C4S?շ!Q1?68v#P4n AW(bTqUs:Fhu>CY\,,_1ܜ>)0 |+kԍuhc oIe-:3wqKD^:)GVCux8D2'5[\ U5jY/ d7ԯ鸷r̤{ݚ4u*Bʗ?{/9ck?W]o֬3HlDOcByZT~z=,(HCuA6:0,MCʙD;OҫzUr3bB虈LiSMGGq2ܾͅǁ/ŷ <6oH94]--_u)@"M`@Ȁ%j_߻FIo䫠MJMNu7 sbR+HCKܨd 2I &v3bZ0^2$0*ڊE_!@hr^"{ܥ "hE֦TQiƕDѥ3N&YYԂNČI=#"{d a"ݖRRSo.<^GL19:<_n\_aX I[wJA 5IPlͻ2b¸LSɍ}f$If0L" $ߗX_DGR!>iQam-fk9)ɜbE R,4KNC@lKSo!Nj H hh"քs h qNb3PhZh=>b'ûNU"&ϣܥ`9nOp'i#^5h-c|MdlpE-EpcRRUqґ*SoCy g+$FꀁxSI}B gmIWoa zS>"׬D6FR4 p%FՇ 75:…SxH6gYG _<1 =P t9 D 6ڤ S;?mpv@]BCdYu3a[vXV$lD3`9]"o8|%eJE,ԐE9uw:k%ي#gS0 EH;cעzSE4p NhAm^~Ø)^ؐwTϫ2OAB,!N OM,gBw5jʿv$& .{;ŝ7!7 !`sbJJJC$a,`> 3iO~6*,̏{- c򖉼(`Z[ϩxﻺ.-{n֊ x6U BHU`Ź)nl&]уӳs&TS-3Mf5O[8ERc;x93sZnKUp)vb#/2kBg/͗'!uJ X]-)6e $E8`8sHrك{i[RtʢU߭Hd܂_sG0+R5JV:p My=A b+[g?2ak-,dߦ GRy.GΑnpDu=& YҐ(3ؙmj?Tc!` [64/M}#gCҦh=u9E0GaCvi/˙#.^BZދ:ҍsM!L$@IsNrnM_/ >@iSV\b9qͬ]{'%=n܇(%@ u;)sPvXh8udR3!CFGc$n(Yߢ"ezJo5Ni eS퓉Sr5&wKy,xx0r(Um":Snֺ62myen_o [4L/BA :9Zyy'fcJd>`H.$˜NBgWjQsh:Jٝgn)rn`(przN=$8 ꭯D:UBcWF)?>Ö {d,JūgI=:kl C '1vŪj8!}g/ϧϺTA8G`+QD-GQMǩ|pzeBv@ rC5@.'T)$n(Hd@@όdՒmHصN>RgРX4iہnV$J]jaPջ/q Sj7' o&Z$b D $]J8Ԯ(j^EY_=nz{t%0|,:mLozVN>oh67!ƼD.*EVrB4U[,j܄*?2{r 5' fRM`7R $&"Aa6ԮtZN{c`}N{ GIw(70y-`oY\[f J- Aܧ> _$ed"h_oh/1vXBԏv_s+ `᰹*5sŢnEΔE»_m~ǝ\]-ODKsuh ӈ԰#@Z@*@dvOP;sL[cX=dQ@1 ɢn!g@ B&^Q10H幰QV+J Dc":(nH?Nޤ14[ 1L`fD9hZh]z;4fIZK-6xeHgxʁ5Rw$rhK+? dA|QL*p?O:Q6@mݒ8-*pڲQ5ֈe:0Mŧ]uCOpBs<GjIqZB>SV5v3Nm3| V0g~! nyV vHa ٠,حu2e1ҫXNJ!]D S}*s}I{Q~4?s #v4S/6XO\V|!wJ\D-ެTEpe|8۴PS;ɁX ^yek B_ v-0~~qw b,P114{퉓#(qD0wZ,nXӰzPyn|hכ ``& gΥ Gġe@p5(Jۨ LBnQUN)wݻ,O71kf;+4$ZPJ+#ZyDПZG#ISn: KxOX&7Ϸ@L^hXXa@/5Cȟ~m YZ