container-selinux-2:2.229.0-2.module+el8.10.0+1896+b18fa106 > 6 6_6 3!pQp)Tξ7]mtZ`gF G ]mtZ`@߸ I*jCLtofgb8|ų;1%"qsִi:VZ 3u tF@hI^$h4I,X;kHXxg B7켍@ul˻rmr.ppq_LJHۺ!c:yrreolL~|8?P4)Jv2y(/f%4~iciz/k? H`%K~N`OCTUNyt7e5 lMf%$//[{c׋Wu%OI8$ .ny4RKSGrGe|/2-BpGÖhI.v}I\gB2Ykfb)o(s"| =X{IFɚdwUɘ'28xU{v;SŲeJt'Ic$Ȃ.Lc577fae42750883246604aef164b32fc4e0e619ae1c975aa2dab8c887d0322ed5fcadcbeac6ae57a8057dd2ae53a2e896bb86c2e3!pQp)Tξ7]mtZ`gF H ]mtZ`:A]/įA r_.\׫ZVOAً*vl{Ұ៕ }$J$Ƒm"Sݞd}VduGI9j˕E𩉘$sm-f9jn4_[BVD$(nZK"g\'Q:yWdmc ,>ksֺK UumPXoaa_\P9 Q, lv"LU aX; @_ ֋/Ɔ[ @ʏ6ZUӆg+ cI`mHm<\SERB0q-:Yv31!;0D[a(ikL|<_ۊn9:Lخ Dk]5Tݙ!/ʆ\A Geo1"BK 5+ R P9I e/&)n<]7FaJҖUH^5lL]w6ro0b>pIp?pd< @ h CIPL t    @  T   l 8pS(894:/=gR>gZ@gbBgjGgHgIh,Xh@YhLZh[h\h]i<^jW bkdlelfllltlumHvmmooooooCcontainer-selinux2.229.02.module+el8.10.0+1896+b18fa106SELinux policies for container runtimesSELinux policy modules for use with container runtimes.gFord1-prod-x86build002.svc.aws.rockylinux.org KojiRockyGPLv2infrastructure@rockylinux.orgUnspecifiedhttps://github.com/containers/container-selinuxlinuxnoarch . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if /usr/sbin/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then [ -f /var/lib/rpm-state/file_contexts.pre ] || cp -f /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /var/lib/rpm-state/file_contexts.pre fi# Install all modules in a single transaction if [ $1 -eq 1 ]; then /usr/sbin/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi export MODULES=""; for x in container; do MODULES+=/usr/share/selinux/packages/$x.pp.bz2; MODULES+=" "; done; /usr/sbin/semodule -n -s targeted -r container 2> /dev/null /usr/sbin/semodule -n -s targeted -d docker 2> /dev/null /usr/sbin/semodule -n -s targeted -d gear 2> /dev/null . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -s ${_policytype} -X 200 -i $MODULES /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi . /etc/selinux/config sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types > /dev/null 2>&1 matchpathcon -qV /var/lib/containers || restorecon -R /var/lib/containers &> /dev/null || :if [ $1 -eq 0 ]; then . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ $1 -eq 0 ]; then if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -X 200 -s ${_policytype} -r container docker &> /dev/null || : /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi fi fi6f{b0(: BA큤A큤AAA큤A큤A큤gFgFgFedgFgFgFgFgFgFgFgFgFgFgFgFgFgFgFgF8c04ac861d425e9947eb5bc06c3125d682dc981f6327e789ebe1c4eba0d856fc7fae14152b8ba0da99d2e5a4f0ae0560d8d5286b63a573231284445a99e8c24a9e4227f868d83af4473931cee518f866ed22abf972db1ca104c674038475bdcf1f577dcb5732849d952a0d91d14dfa5b9cdbdf109dd8afea7b2d227782eda420c95d8badacc674ace0d2fed4fbee4d28d2a92799b23fd5cc30cfb444ee8896b71724330eae556d61248fca0b0920b1de3697d8cd42bf56da8d062a4265ed1b9f2aaad24c9578fa9575445ab4c5208b80b1226e49174e20bb2609de935466b9ba9eb7fd75efad4068dc1e00d43c6176477d13f5c759c1986174a340cb07b822119af286e5e19e15cffaaf7b29c745c800ef94c03d90ee90e0e8e18edc2ebf8f01280274d7f1512ce4677f123f310d300672d6872c3e1f3f13144cd5a03e85ba4b0a6fa6a05496c83b67185cb54805263c502181507d1ae899909090caf986d623dd478baf01b7ef0daf441b7cd616c79ea77eb8e9d2725976b9edeec3991e3d5f67de3bb8fb85b4531702c64fa11b1fbf1746cbd844560f2f680b862915f25d69rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcontainer-selinux-2.229.0-2.module+el8.10.0+1896+b18fa106.src.rpmcontainer-selinuxdocker-engine-selinuxdocker-selinux         /bin/sh/bin/sh/bin/sh/bin/shlibselinux-utilspolicycoreutilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)sedselinux-policyselinux-policy-baseselinux-policy-targeted2.5-113.0.4-14.6.0-14.0-15.2-13.14.3-80.el83.14.3-80.el83.14.3-80.el8udica0.2.6-14.14.3e@e@ed@e@eeqe'e ddhd@ddm@dcp@dbdRLdd@d @c @cc_c!@bVbbkb_b<]@b%b@bOb@aar@a@a@a@aaa+@aaa]aQ@aI@aA@a'@a&0a /` @`9@`Ȗ@```q`@`@`N@`@`dd@`Y@`&m`_T_`@_%_%_F@__"_5+@_16_p@_5_X@^n@^Ӝ@^@^^k@]@]B]]@]|@]@]X]W]R@]@\M[[ͻ[[@[[Xf@[L[K7@["X[@[@[[[Z@Z?ZZZ%Z%Z@Z - 2:2.229.0-2Jindrich Novy - 2:2.229.0-1Jindrich Novy - 2:2.228.1-1Jindrich Novy - 2:2.228.0-1Jindrich Novy - 2:2.227.0-1Jindrich Novy - 2:2.226.0-1Jindrich Novy - 2:2.224.0-1Jindrich Novy - 2:2.222.0-1Jindrich Novy - 2:2.221.1-1Jindrich Novy - 2:2.221.0-1Jindrich Novy - 2:2.219.0-1Jindrich Novy - 2:2.218.0-1Jindrich Novy - 2:2.215.0-1Jindrich Novy - 2:2.213.0-2Jindrich Novy - 2:2.213.0-1Jindrich Novy - 2:2.211.1-1Jindrich Novy - 2:2.205.0-2Jindrich Novy - 2:2.205.0-1Jindrich Novy - 2:2.199.0-1Jindrich Novy - 2:2.195.1-1Jindrich Novy - 2:2.193.0-1Jindrich Novy - 2:2.191.0-1Jindrich Novy - 2:2.190.0-1Jindrich Novy - 2:2.189.0-1Jindrich Novy - 2:2.188.0-1Jindrich Novy - 2:2.187.0-1Jindrich Novy - 2:2.183.0-1Jindrich Novy - 2:2.181.0-1Jindrich Novy - 2:2.180.0-1Jindrich Novy - 2:2.179.1-1Jindrich Novy - 2:2.178.0-1Jindrich Novy - 2:2.177.0-1Jindrich Novy - 2:2.176.0-1Jindrich Novy - 2:2.174.0-1Jindrich Novy - 2:2.173.2-1Jindrich Novy - 2:2.173.1-2Jindrich Novy - 2:2.173.1-1Jindrich Novy - 2:2.173.0-2Jindrich Novy - 2:2.173.0-1Jindrich Novy - 2:2.172.1-1Jindrich Novy - 2:2.172.0-1Jindrich Novy - 2:2.171.0-1Jindrich Novy - 2:2.170.0-1Jindrich Novy - 2:2.169.0-1Vit Mojzis - 2:2.168.0-2Jindrich Novy - 2:2.168.0-1Jindrich Novy - 2:2.167.0-1Jindrich Novy - 2:2.165.1-2Jindrich Novy - 2:2.164.2-1Jindrich Novy - 2:2.164.1-1Jindrich Novy - 2:2.163.0-2Jindrich Novy - 2:2.163.0-1Jindrich Novy - 2:2.162.2-1Jindrich Novy - 2:2.162.1-1Jindrich Novy - 2:2.162.0-1Jindrich Novy - 2:2.161.1-2Jindrich Novy - 2:2.161.1-1Jindrich Novy - 2:2.160.2-1Jindrich Novy - 2:2.160.1-1Jindrich Novy - 2:2.160.0-1Jindrich Novy - 2:2.159.0-1Jindrich Novy - 2:2.158.0-1Jindrich Novy - 2:2.156.0-1Jindrich Novy - 2:2.155.0-1Jindrich Novy - 2:2.154.0-1Jindrich Novy - 2:2.153.0-1Jindrich Novy - 2:2.152.0-1Jindrich Novy - 2:2.151.0-1Jindrich Novy - 2:2.150.0-1Jindrich Novy - 2:2.145.0-1Jindrich Novy - 2:2.144.0-1Jindrich Novy - 2:2.143.0-1Jindrich Novy - 2:2.142.0-1Jindrich Novy - 2:2.139.0-1Jindrich Novy - 2:2.138.0-1Jindrich Novy - 2:2.137.0-1Jindrich Novy - 2:2.135.0-1Jindrich Novy - 2:2.134.0-1Jindrich Novy - 2:2.132.0-1Jindrich Novy - 2:2.130.0-1Jindrich Novy - 2:2.124.0-1Jindrich Novy - 2:2.123.0-2Jindrich Novy - 2:2.123.0-1Jindrich Novy - 2:2.122.0-1Jindrich Novy - 2:2.119.0-3.gita233788Jindrich Novy - 2:2.119.0-2Jindrich Novy - 2:2.119.0-1Jindrich Novy - 2:2.116-1Jindrich Novy - 2:2.107-2Lokesh Mandvekar - 2:2.107-1Lokesh Mandvekar - 2:2.89-1.git2521d0dLokesh Mandvekar - 2:2.75-1.git99e2cfdLokesh Mandvekar - 2:2.74-1Frantisek Kluknavsky - 2:2.73-3Frantisek Kluknavsky - 2:2.73-2Dan Walsh - 2.69-3Dan Walsh - 2.69-2Dan Walsh - 2.68-1Dan Walsh - 2.67-1Dan Walsh - 2.66-1Dan Walsh - 2.64-1Dan Walsh - 2.62-1Dan Walsh - 2.61-1Dan Walsh - 2.60-1Dan Walsh - 2.58-2Dan Walsh - 2.58-1Dan Walsh - 2.57-1Dan Walsh - 2.56-1Dan Walsh - 2.55-1Dan Walsh - 2.52-1Dan Walsh - 2.51-1Dan Walsh - 2.50-1Dan Walsh - 2.49-1Dan Walsh - 2.48-1Dan Walsh - 2.41-1Dan Walsh - 2.40-1Dan Walsh - 2.39-1Dan Walsh - 2.38-1Dan Walsh - 2.37-1Dan Walsh - 2.36-1Dan Walsh - 2.35-1Dan Walsh - 2.34-1Dan Walsh - 2.33-1Dan Walsh - 2.32-1Dan Walsh - 2.31-1Dan Walsh - 2.29-1Dan Walsh - 2.28-1Dan Walsh - 2.27-1Dan Walsh - 2.24-1Dan Walsh - 2.23-1Dan Walsh - 2.22-1Troy Dawson - 2.21-3Fedora Release Engineering - 2:2.21-2Dan Walsh - 2.21-1Dan Walsh - 2.20-2Dan Walsh - 2.20-1Lokesh Mandvekar - 2:2.19-2.1Dan Walsh - 2:2.19-1Lokesh Mandvekar - 2:2.15-1.1Dan Walsh - 2:2.10-2.1Dan Walsh - 2:2.10-1Lokesh Mandvekar - 2:2.9-4Lokesh Mandvekar - 2:2.9-3Lokesh Mandvekar - 2:2.9-2Lokesh Mandvekar - 2:2.8-2Lokesh Mandvekar - 2:2.7-1Lokesh Mandvekar - 2:2.4-2Dan Walsh - 2:2.4-1Dan Walsh - 2:2.3-1Lokesh Mandvekar - 2:2.2-4Jonathan Lebon - 2:2.2-3Lokesh Mandvekar - 2:2.2-2Lokesh Mandvekar - 2:2.2-1Lokesh Mandvekar - 2:2.0-2Lokesh Mandvekar - 2:2.0-1Lokesh Mandvekar - 2:1.12.4-29- remove watch statements properly for RHEL8 and lower - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.229.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.228.1 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.228.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.227.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.226.0 - remove dependency on policycoreutils-python-utils as it pulls in python - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.224.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.222.0 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.221.1 - Related: Jira:RHEL-2110- update to https://github.com/containers/container-selinux/releases/tag/v2.221.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.219.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.218.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.215.0 - Related: #2176055- add watch statement removal from container.te - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.213.0 - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.211.1 - Related: #2176055- use conditionals from https://github.com/containers/container-selinux/blob/main/container-selinux.spec.rpkg - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.205.0 - remove user_namespace class, thanks to Lokesh Mandvekar - Related: #2176055- revert back to https://github.com/containers/container-selinux/releases/tag/v2.199.0 (2.200.0 fails to build as it relies on the new selinux-policy which is not there yet) - Related: #2176055- update to https://github.com/containers/container-selinux/releases/tag/v2.195.1 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.193.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.191.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.190.0 - Related: #2123641- update to https://github.com/containers/container-selinux/releases/tag/v2.189.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.188.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.187.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.183.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.181.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.180.0 - Related: #2061390- update to https://github.com/containers/container-selinux/releases/tag/v2.179.1 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.178.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.177.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.176.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.174.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.2 - Related: #2001445- update minimal selinux_policy dependency - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.1 - Related: #2001445- lockdown allow rule was removed - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.173.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.172.1 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.172.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.171.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.170.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.169.0 - Related: #2001445- Start shipping udica templates - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.168.0 - Related: #2001445- update to https://github.com/containers/container-selinux/releases/tag/v2.167.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.165.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.164.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.164.1 - Related: #1934415- fix the build of 2.163.0 - Resolves: #1957904- update to https://github.com/containers/container-selinux/releases/tag/v2.163.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.162.0 - Related: #1934415- do not use lockdown class yet - it is not available in RHEL - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.161.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.2 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.1 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.160.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.159.0 - Related: #1934415- update to https://github.com/containers/container-selinux/releases/tag/v2.158.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.156.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.155.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.154.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.153.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.152.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.151.0 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.150.0 - Related: #1883490- synchronize with stream-container-tools-rhel8 - Related: #1883490- update to https://github.com/containers/container-selinux/releases/tag/v2.144.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.143.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.142.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.139.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.138.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.137.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.135.0 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.134.0 - Related: #1821193- synchronize containter-tools 8.3.0 with 8.2.1 - Related: #1821193- update to https://github.com/containers/container-selinux/releases/tag/v2.130.0 - don't use macros in changelog - Related: #1821193- update to 2.124.0 - Related: RHELPLAN-25139- implement spec file refactoring by Zdenek Pytela, namely: Change the uninstall command in the %postun section of the specfile to use the %selinux_modules_uninstall macro which uses priority 200. Change the install command in the %post section if the specfile to use the %selinux_modules_install macro. Replace relabel commands with using the %selinux_relabel_pre and %selinux_relabel_post macros. Change formatting so that the lines are vertically aligned in the %postun section. (https://github.com/containers/container-selinux/pull/85) - Related: RHELPLAN-25139- update to 2.123.0 - Related: RHELPLAN-25139- update to 2.122.0 - Related: RHELPLAN-25139- update to master container-selinux - bug 1769469 - Related: RHELPLAN-25139- fix post scriptlet - fail if semodule fails - bug 1729272 - Related: RHELPLAN-25139- update to 2.119.0 - Related: RHELPLAN-25139- update to 2.116 Resolves: #1748519- Use at least selinux policy 3.14.3-9.el8, Resolves: #1728700- Resolves: #1720654 - rebase to v2.107- bump to v2.89- bump to v2.75 - built commit 99e2cfd- Resolves: #1641655 - bump to v2.74 - built commit a62c2db- tweak macro for fedora - applies to rhel8 as well- moved changelog entries: - Define spc_t as a container_domain, so that container_runtime will transition to spc_t even when setup with nosuid. - Allow container_runtimes to setattr on callers fifo_files - Fix restorecon to not error on missing directory- Make sure we pull in the latest selinux-policy- Add map support to container-selinux for RHEL 7.5 - Dontudit attempts to write to kernel_sysctl_t- Add label for /var/lib/origin - Add customizable_file_t to customizable_types- Add policy for container_logreader_t- Allow dnsmasq to dbus chat with spc_t- Allow containers to create all socket classes- Label overlay directories under /var/lib/containers/ correctly- Allow spc_t to load kernel modules from inside of container- Allow containers to list cgroup directories - Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.- Run restorecon /usr/bin/podman in postinstall- Add labels to allow podman to be run from a systemd unit file- Set the version of SELinux policy required to the latest to fix build issues.- Allow container_runtime_t to transition to spc_t over unlabeled filesAllow iptables to read container state Dontaudit attempts from containers to write to /proc/self Allow spc_t to change attributes on container_runtime_t fifo files- Add better support for writing custom selinux policy for customer container domains.- Allow shell_exec_t as a container_runtime_t entrypoint- Allow bin_t as a container_runtime_t entrypoint- Add support for MLS running container runtimes - Add missing allow rules for running systemd in a container- Update policy to match master branch - Remove typebounds and replace with nnp_transition and nosuid_transition calls- Add support to nnp_transition for container domains - Eliminates need for typebounds.- Allow container_runtime_t to use user ttys - Fixes bounds check for container_t- Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t.- Allow container runtimes to mmap container_file_t devices - Add labeling for rhel push plugin- Allow containers to use inherited ttys - Allow ostree to handle labels under /var/lib/containers/ostree- Allow containers to relabelto/from all file types to container_file_t- Allow container to map chr_files labeled container_file_t- Dontaudit container processes getattr on kernel file systems- Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container.- Make sure users creating content in /var/lib with right labels- Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc- Add support for lxcd - Add support for labeling of tmpfs storage created within a container.- Allow a container to umount a container_file_t filesystem- Allow container runtimes to work with the netfilter sockets - Allow container_file_t to be an entrypoint for VM's - Allow spc_t domains to transition to svirt_t- Make sure container_runtime_t has all access of container_t- Allow container runtimes to create sockets in tmp dirs- Add additonal support for crio labeling.- Fixup spec file conditionals- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- Allow containers to execmod on container_share_t files.- Relabel runc and crio executables- Allow container processes to getsession- update release tag to isolate from 7.3- Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets- Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40- Make sure we have a late enough version of policycoreutils- Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container- Resolves: #1425574 - built commit 79a6d70- Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4- built @origin/RHEL-1.12 commit 33cb78b-- built origin/RHEL-1.12 commit 21dd37b- correct version-release in changelog entries- Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc*- Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7- properly disable docker module in %post- depend on selinux-policy-targeted - relabel docker-latest* files as well- bump to v2.2 - additional labeling for ocid- install policy at level 200 - From: Dan Walsh - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel- new package (separated from docker)/bin/sh/bin/sh/bin/shcontainer-selinuxdocker-selinux 2:2.229.0-2.module+el8.10.0+1896+b18fa1062:2.229.0-2.module+el8.10.0+1896+b18fa1062:2.229.0-2.module+el8.10.0+1896+b18fa106 2:1.12.5-142:1.12.4-28 selinuxcontextscontainer-selinuxREADME.mddevelincludeservicescontainer.ifpackagescontainer.pp.bz2templatesbase_container.cilconfig_container.cilhome_container.cillog_container.cilnet_container.ciltmp_container.ciltty_container.cilvirt_container.cilx_container.cil/usr/share/containers//usr/share/containers/selinux//usr/share/doc//usr/share/doc/container-selinux//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/include//usr/share/selinux/devel/include/services//usr/share/selinux/packages//usr/share/udica//usr/share/udica/templates/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2noarch-redhat-linux-gnudirectoryASCII textSE Linux policy interface source . /etc/selinux/config _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if /usr/sbin/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then if [ -f /var/lib/rpm-state/file_contexts.pre ]; then /usr/sbin/fixfiles -C /var/lib/rpm-state/file_contexts.pre restore &> /dev/null rm -f /var/lib/rpm-state/file_contexts.pre fi fi #define license tag if not already defined/bin/shutf-8cc1082dcb8dd6604b2d83740728a8463173649ff04048525d2c6633de6e5e88acontainer-tools:rhel8:8100020241126171315:82888897?p7zXZ !#,] b2u jӫ`(y1;IC>hˊ`U =p7Lyx LyЍ WM?QUcv/0 : mNż=U(o E\ /lt( H/A,7tWۭ팦q_r]4R\>tr²Dߌ5EVz|/c>ZXyC/1(u{P rI\ d%.f0.}ḿrÏZ=ee~&-=Sђi3r0Z`RMH#BL ?hRF$a)k@9ޗ,mWL._^[K+X֤kb]+CPC\?%7`xjfe2/O}NsCo1QFQ"^ ^m_7}q «z*R{=#hX q.4u1SaN:})GƊeM/m=F~VCf1d`EuH{QTQquXpuz,V:sfˁ)saY*{S.:i.]jcHb:&0;2{]y8sVF3>ԑHw96#8Ǜ\_2t~BQߛHFIRlXUtvcE5 k00X#fuB8Vq PZV4s?@SG3 e@p5=/6/ 3߳T3e'gG$ˍv3Ͼ00 @f(~:¶~).ijui?DYز7l Y5fFq9+p͊.1l-4xiFuD3O!șudw8@eFe@>u p$>( *Ŋ!GN,^`usgQk!j~IG'bgiKA/K!xz]a.Lc4/"WOJ}|AEl !'9&aܫ&RՒE] .%] k w,`ox'&> sV0Q2(o&ߍIF$٥kC^憪I8bEapT9i|6]#&V3eI=Ȧ]x/4T(pJ#fJkt6+p;XtS b[w|:ҚAKƫ2ޛO ٜ#K*S91`ҷY7z-͈lMޚU6ր\zedt=ރػ XԆզV`s, H)֗2fΑ=Rbf+ZP\hXbOBx.?0Ys VPbqT:Nf6Ӡt-@I& [:P*Kn* wF9Ï~$#MӒ~]| PMkZ! j+c'߮דB(McvqJ):y0ɦpl1 DL|9=5clbVf\xۖey]{N[%ȩ4켰AmVYy9 nwJ}7*aL?XL!熴^Jݞqfc^9Y+ V!{֟YZ׽naM` lf(5 ;tNF"rFAC#\ jPDh}1[kGM/uq\_ԾّRO%=:[M Vx~auR,[tfJl4X.ƣE)TB|8ko L5|zki\{"=&6{PP>\q˔leo]kG_ϱ)yQu4dR3^M}}Q R/wt2t= DפP;xm~gKe#G?mS f9x iv(H6B[)|'DžA?(P1QsC\<o~Rٞ!иӖݍ#l|>%Z WgsSV VpEF1Ys'yv9|fOl:#V(I)[qEp&cئCy!x`di]2x?m쀙/f$PmD^hީVYcƠ@ }#lrq*)1;V0>ga<m٦TbAۛ$7:~G!+s^ٰ{% WHdt8:0a>X ?^dGi!AFE4.1ށ3c wך<& 9b&v#GxZ9LH6gx?qK^Ǿq\H{ PSpgn &͟ʙ!!`kݺڥLܦ,QzmYW%䎈,E 7*Z !0(H?P˹89(n`BEA1hNZ 037Ci5,i_)V`ϰ4sWqq%9s9~x13v!o5'7r6Ppv|5U2M$zC23eZJ\/vMiZm ;l=4RAX}CițO%Af''a$R83ޚ/*ZF'LնxTpJ~Z71>[u&xl]'@>'Q ,~z;|v//!6N:# 2o^"hh Ow^:f .L*9ib\$MK'&yUgw}}\mE.6QS|3){_۲S6@ u(c)ohEGhr(J]8Qm5PH(,29wZsm8fe DjM/VFm7tںzړ7UcFXr` 9H\!+_(Lt[ o4w;YdgH)djSrLTi4)OH  JX4.fVG5RaR>GIm3x*9,F_M=>)!gmK:O2avkkaOטF4@u(4hᬓ'17FVvBό8mAU,M[|M█ĝbוkT"hdĉU^הD*mYQd&D\n&>#a 1c5E/"*o?{tmCsqU[+nBRi pd i)KO#@]b*9xIW{;\D{6 GkU1/V3 A}>cTi}lK5rXz)Z[`HݵW]%P@p `{ *ѹ"j huu qR6r7a-O~(l: v<*Jshg{Ғ騱,d-5Y1Hً仜%OL@nf='RuVAUc!+I]$~~g/ v?OL"s"/.=yeU+.PV L@ ̀J>Atg`&oԩx8Fk\į{$ăcnT3ixؽ= D<^6F÷ 8㆏= 6Jͦ)xK׭=ma !D)z(QJwbLRml,wHp2p$Kq^TЀwH?,h٢ǎtW_MiE -0}u'cƄW>Sgn'3ݨF9wKa> 45&,[lY\ lucYW؊4_N;(}=PhbiXc'f{a CV/.Ӳh/Vn4jvH/Յo x!+emKBEWdWT=Lvo]lY:RXs[-TMRd@a9dQWdu*+ ZL9{صVx-{g\I7#({nޘ{d6?x_|-^Ye5*2X/ajȷM[{ Q76N;rheZbpp6u jxA+-}[O!VPj@Lɲ$8\QLw4)]gg6C*C3KfET:N Oۙ^ob:(wiܛ%檶ocG8= HNvDʛ-?Mv?+'54ی1w-P!r-HҍP\ga-; ӭzG˛}$. |m$n5_cFgRvrG>"}bV\Zߨ 'Х;IoHf.Ovfqx-`v$V^a JМ|s25.b9\t?5*:w*NA0X[ հR"u(7̀tUe{G) "3R`v~VZadw}*<ͨ Z%߸OvzUZFt#2#譂]ApdNA>8VX$6(F Vf 4ydl5 oZqcds`3MiǻqAy<ǻ/@"1n~-OУ͌(' "̢>ItXSm|L倖Mk#wjM)ldO ^2}АZovKne|o r^r|ò CUౘ k5S^ w2Eݹ_E[ۯ6M"umgv)6 ,&_qlb`o'r,| i\{(Z/I@ TyEh78?Ȍ{;).D Sh EvA6}\WʵS76XFجe%! +mZx3YuTARb{Y@u1&\ܲ#J@;acLPtF3R"l j}YC$NB4`%lDDZqqW8L~yƨ!cK'5}ښS w {-,e]h`DZN$geKbOt4<,]>hNGo3TqF9KX[yٞf]nAgv27 Zc_犗 c^9gq!⾖"7~0O7iͯË"L>؉]$jO=m'5ah,'z J6t@؝⟒D^9R$?,3レԻCL_crb 36xtW⟖w0|_e I|I,6X"٭9i bqR3Y/JƻkX(MSamd# >kV5,v0]η?j;c}q/T ZMKYE(R߽v|@i[?/Wk &XP{&i}tAP#ʋs<.AQ!w΢BE7 dP{p$j`ufk!5h֡xO QFf<6^v|oF\V|q2:eC\``Uzo,u#T:=0cKey՗aD%=Yȏi8o/3q0C.\G(iHsP4EV)0hֶ ,`x9Qd.:;]+Gf*@Plu_s~em"FD 蜐E5X^ʅHjTa΋[hK cAA^!I : z,J` 98<zL- Lybڢϲ i.-h*Ox% }8RY.(ܣk7cj{V:԰*SEuKA!V u]Æ<, bݨWuѾIin?0n+6%NԸMv'Rۿ}#jC|H|Ujc.J4?)\Io%c\rj$S+"k ob%P'Ɣg:||TLO4$]st+i6񾄢i %@ⲕK.JяC u0]˧,s;XJkd>w&fpj:=Ar]b kC#A\E%Xex0*,eFL+)вǨ#nΣDiIa_hFC_սi)z 󽪕<( ŰȺanr`"vF BGVK.VRyo]"]مpVm\Yn29j޶H"ghwAemwP}^WE 8G mY*ϵ2۾I ,5J>agJl]f~AY^x4bS]BuE|Ri.vAzR\$!vwhMǼm{x/[82 ,W?uvw|&0l{٬]U2m':;X =G'&o0>qRc\d8C40C'G\|O#!⎧LbS(ﲳ F۲ZKpdPX#|_jzP$Ŏ)vſ {60=+ٹw WSPE[ɴ຋E5\CQ.VHF"լ>DKJxy=C;k 1T;^~'e#?tK ZCEŞ!HN`^1 .>JPuYkٲqڶϭ'x C\JCiR.U׺ 2:/H36! #/ٙ-lžɨ~/49N63h %4=13 q~>wxJSS!˟HhE18)6j7xʆ}5N|J+u7b7Am$t 1qʰ!JL*3V!?-yY'cߡ%AMOٗ_NƘ(_kH-LHV%T.ZDprL[DS<=xBAm,݆\fПŃ{!0;VHH]%;FcB5 zPRxx7 "X~;~' $W!6©فPŬ($4) ]Wϗ2Y7[X_ƻ ߱}[F6A[IQc:>rYL[N׌GD&_@UͶh`qjŎ1%mc޲0>XkB)eQiN^JvPaV=VI[ũG+E CMVqì5f?sP}]Zzh#κz)y?$[`UKů+?`$\L(WMg"o!ivapO"w  )ḑ|=\횸->,ق,1DKis{@ uJc̻ IdtOq⅟E!͈bqg*mIEʐ3' VcɢEܱcl罂Y_yZZˠ3wwT x!Gp?k uv`MòœR(\A%&@TkbEЭ0 Ia]I$1M޼j<#_~C'>8+wlnjAYx6tX8|*qSHF.WyrFmGd~Wݩ^/)hOYnW6ʂϦ>DeE؇u! hYmpxu1HL>츹\`ø&7BJ2fwA=kI7ZTf1!KUn}E1xd;[C%W}Y1&&ZK*^f>_1k:%ɕ{`S)J`ua;lP+6jḉΔ'M̯9ade!kyX&N(2\6iOR#^3`vH,p[RyT-1-/Pr)7DVacǿh=]N)'f\wO̫}Ջ݉[uUc-oJDz( 4'MTfip=zg c6v{.LTM i 5mt}}d.@.HV}Jk ' u7$ Aڀ{`l PL-˹d!(yxawO\z&"uH2Q9D;Sbao '&uL I|z,R/IPT8g6H[  l$x{~Z&"@੝YrFNK3_Y^U<3s-SI*nwz6M] aQNo]2`߃Tȋ$TvVxD&L(G6>u Ȩ6Լ]:]j!' *yt7sY %'_ *~=q<`N RgpLb)0rm9iOX>s8c@$;+e f?E[{Te3lTO\UY/(6;3DȜᤍGkHı$5Ctވ0՛d|W,^š(iXm gEC 7(Cҹ3O{5U2jGϼ擃9!>Jy/tc0\3 PhԁvD-+"tzbͿg0zfpRg8NcOWa$(Zћ 1ԛ*Dxwhi 8 N X6M͂UьdB$/UdnYj[N/5*Ud$~?`yBgpfc@j=<줰9"_< n`y| j::oؒ~[qS1(bp PKpD~$( u< `P;ĎLJTcPe )*\|.h@礴6/C FOp̐*;GZe] n (J$+,ut wwtR4'y&vtT[ߎCl-ro.x\c 8>}xmMMS78ۛ@p}L*@SX Å;6^ ۇ| =?L#-HE ^H씨ǐp}J3^[<~s*lt {Q QYsςxVXZ=S?am? S1ܸ)3z3GHAH s2G=2DR 9.LEq.iw˸ٖ鱰^GI7,HulI|!#Ý%lv%2 Uê!do\I㲏W錇6 zxd}0ŵP Y^SCOsbĈ]0\X{ TrfTjuEZb+n$M&vӎr}ؼN)? T$@c22rHyzaL =lku8cCkvwʚJ;La^l8{Q dn\T|}'i8?*fps @]'H es_g(\|ݵU2*P6+ش3z%MZ݋?1֩zQQ7(xd 0c4Saf2|æzA7yɖӾpW !p1F^CӵN#*zF#΁Z]uΤ[nr3 6/FaqА->SkڑU,EPc!4Kw3Zi(Yr3pRvm/prCKp?=G~൙1CAT8#@j2[g vyޙ:5usOPit|r>=#1',0U~i/"r3Uw'jz {3|3. 7 S4*bh!vOO#%w ONwc]>U)1TJf$<2U$Hj $4NS#f O)Q6W3==-ﱮbi͕]R#J@߫4B|4BZ`+H':1[gW]l_8o 'wܠbOu^9>&+JhtB uD ċt6n،CxA<hⲒg n$; wAl/ Ʊ2~r['θEq8Q $*fܹ>K.`ёHCJV +=Ol:zǎX9q/njIdJ /6۩-3{2BDwd! qV L'{TرPɼg:OeJ1IK[21rsSF5 9Yρ!SVZI!s]I`Zg}P.RbNjû3?HDyf %%b+ەjCMպ*@@<w|T- }Umyj5/''5.h7S4'jIpe'*qկdnoBoblRt| 0Rdm]d~&عP_;fFɬ )Kj۷&XXt6TMemSAѰ*.]Lk Ae{S|I.bZƬI]4:1?F9MDA([KzŒ rE J,KMfͩ h CUdQ=PK锷)8@>^fV>zg l7NrH y@Ӽ[XɊ5FJD g(%+ZHڿ`͓G<䤈s\w2 8=I| MkuB1gL_ j^T\+%}>hdڱVnhEh%n=v(tG"oi/[bǠ_=|EU a*>ep{p-E̶T踦&g0GTλ=;6m9F+;|C{/c6Գu*X4;  2oZJ=I7םrpGՐ<]f- U Vˁ:wEƬ o hTq׌F(,H /22F3zɻ蹰|d|ޒЧTz?b'Wm!R =Pdids Y=yQ:ި?Pk?Ed%)YYk:Jh_w]IN];=$*GROT\0xlS٘7z9)ZNߗyBx~oVHC*%uЩl!b0pqG?g*wL*3_Fԏ%H3m~-zQUj~kF%4S+pбĄbm:/}4̛'g3Z}!yP s/=)hd`)}MSY苲8Q%W`EM0I."O;t66E>;k"-檫^Ta5ٹgay#XUWWrp6l۪RxϙSފ#s_qS_Xxm/H?.0N[^Vn|}}Mo2Π{ߓtwJBiHK(8mMp*$Mwס4n{Q|I鿐4 B/kDV,V}&_} iF!OАF̊E~p^( ؁Q]"JX1350ns86/U @ hT#;eY=|OFػpƅ{˜KʬVނI<~[|5vϾ.h ILX RN?@m%舱5]LpK3V|VT A7,/,kسK-`+!@zk0dj92U7Km#%J  t!0Jyw+<_^Gφ5xhU,bfbtO̟7 `]-d3 8|:BaW'@&AU.*?;Twߐxp K)U/h a~>qCEԖ[_~3_y+:I)w= /~,) Bv uV>;erR^sXߨ> gOy  ǫ7zh!3,lfCaRבw2BJ .]s"`& 7XMk{"a0vi|fTHBMHiwbRC$SC.]ԗJ"\^>6YoٮԺ)VOtP֥+K֧pá0 N0eK-T alr72:ؙtURr%q1lZp &y*|„b{/X|ҨgPή^vx{XS,3/_"$"%'1E|77M&.צۇf;6ZdO ͷg&E[@0=mޱ\m<\4tǽE_E/߃_[3 YˉGϥ .h`'ƵSe ɑ N07Grܯi! u՛HX[Y Gf, w(K~ͱS8эjjV3@ⴂ2֠Ba{c 5dB:<6:ڿ%K̋S #Z4<~)UkbOEg< xc>5t:HE(Kc{L- LkOʡՆs?7 1Tf}.ʨlePOc] vE)I}8q49yuʉ'x != mY!IE*v/̔O/SR 9!~K}+gDAm$zIv?;)Ε8ÐMR;`,4+|x^YB0鄕4sʹ Y5#vO# *vJaQcg*^Q@j͋Qk&Dny|^^diW=Cb5^y"y?'h|v'l]Gsf#z}v3-3D3*TKM.9..yr5 H5HFNpl N'k 75mlٱ ޳p ~ 4J~ Ƹ'%sci+܋TZd9NoLQ}uPׁ8S>Te4]VG>Uޙ>d,:83_-"Oƕ?&OyRؤ _'II+I HsM4ʀg:LjkNM*d5PC[d$~LS?k8w1F0{kO ʁq߶νlWhTP9Za">rsl6OzR&;9 O'8j4=9&v`PVY?Y=t7%D@Wb|\_ 1RM1'^;]b[H>\o,+fYVkJc=0i¥+̺ s9X@ uN`(7!|H R6@-wx .exuGb-ڛ̄6RTgd"#`yk `CBSMUoK\|³Z#~IRo3~~k6d?'.PGڵM{ĿMR?Mcn$h9s[#\N {cTi밃HQ(a+ eV(ռZBf AS?,1IHkH3AH2 da$pJ^FP`1,URXC^LcRߕ =7o I:ȶa9=x-0y9!IP\-\ƚ /q#CdLc8a!0Y9Q mYϑ2n\P}ĩE:JaQK8N٧RLfˮdju>~t]%B{H9NI9ƆnkԘfuezvfŪ*"C,ogto)alMHb:<2 \K8{w .OOvadL)o 5 :Re w(ߕ$oq.W,EL l/ͦJDo ^E &t=/:t:;i#}:ܗޕfQr2^h!ç^n!s'fa Db}p׵ ,:mnzFޏ7.P55 :}g(kkuH + pY2u&sou 1 rR ]骋&Wڬc‚/6A%tUm g*6t5X8? F0 3ߐB5){:u5yNyQlG"*-z wFI3}HE&Er0tEw$8j, T' [+thKj"׽̝vQ7% \$cI ^݌8*"t!e@ن-呀t_ZAvm0{݃R@ {keNtPjV?^}.=İxm O$|b xhrhU~SÐ5sXxyF_\1,V8&}pqmi{fΐtxsϲvt.yTH\>JTW3Ɵ"H[S\*wh]D<۹.aM=S4 RZ`roM7šv.D";ħhw#{ϏT'g%aV,|۔ QйGFJ ˥SJ` ]^X3ʓp0axfs"t?nc1j 7P vj#C=]4?JUF-Y`zҙ`Xy#;]>/xCTȷǪxc2D<4D_[xEx+V'w6 [ 3 $WVB;&pF XLZFt}+gD$ c/uS1pOO2hd{I$Db/qB=< &]pSvKLaYeuܳ rAc}vVT\$bB IV#a2Um]dhYօIt@˧*2FYQ u;J-:Ws {˗zuҨ,&=ؔz\d}+#A}s Se(WP6!Bn ~f*W;Gr-'%[UӕJvZ\)u,aY?_9Z- 'L+; ?ju7u=#6{6Et G%lBNiӻ6.lVm5|( cUJ&4 o'#uz >Wy#-+&ޭj13p*-%Mw*AQJTp{qKãGb4~r?m0 1 ݀*${ΉO Hux+ ^v sMUNz-[rz@F{aFWdg8L+(C= Ku"*w´A~WGԺg0:xVx X62{Ocw>DXd4JtDJkP)'w$ hHPX?S0;2U<5FZ-&/r7o%QҩNxƻsuWYz{ͶUl]{H4`RM {D*oAdLx?-k^YnB!wr%'g0]up9E),d\i?hެCNЎ`zD.ƱFP[IxEjE,CI>կF~6jWܫ}" T]{=1+i,Ohٜ!DQ<]HAaN^ː! "ۉIE/-o>RKO_^IP-+LQVYݤ4P;pA8QpCVaC 'k:aO,( 7Zk`Y7c@UbHa?(\8nR5\68Youyy4@C+6 5(oP=mhO~>!QW846z < xl.*NOҋ57hU{bQ^XW]C 18%%(ɇ*Htab=L|8+ei`CbRU&M] w)v .ҕ((Mc.aZ+w}P ~uvpZC")uw X|)Hp}[GՉ@B7ĭ{`Eĸv}gT ^ Pd^B[sKp̺^2HP$@)\>2!x{\&.Fd2MJsht.<:JvD"*v(p !7 ߧ;\ʹ! 92Ǯtt' bQߌ9[2YI.YK'ʽ"G6xV$G=VwXw 2.\ơNX "cwJJJ7kc#W1/FuX?B@#c]Lґ,*3Q JUݦ;.HQwiA FsꭥR x@ Ve4!x "jCz-Kse@" He~DFcJa|D,3v#,rלf{W9[]vS.NC2"(?/oOT 2֯_`Yփ|Zr1rQiarٟ9@PB?w>N/y̜sA]eiHuĺɨij⏑G7gV^ =.V1ۅ0ʆdLSpb1sF;M; u17 rTο?\ο" 䖾0)hZ Qx ψ|x3] 8!N^4dk\ه!ϮeL[? &BVJ:{DHDƾac_Xdإ g[纑g9;E] ,:`? Q+^X+ί"=L%i*ʡzW}|5DQgt~-d{zm@9Qu_l1xfj }+8B65+w.&Ѱ,cYlRB~'N;ٌ渙V:|ĂB.ҍEɪGԠQ p*@MEZϐ3^^mX/أN?t-a E7ofS)4g6iuQe,IwCf좒(CsUViI{`,sR;!+Iw1\yqw2GҌQXokJ a 1ja%5(Z^NH>Q29Aha!Qd}-21L"̥QtTX'#EF.PpA ߾d7^{]8&d#PE=bGHV';@JN1'yiqb;*ľ֕eBtXY/A=> Q":L74B8f_]59::RO>%sj˻]TFbxWSg'n+ |"kft0^5?p*Xm;/yR4M;h<ncc'k Uk j2gV{"*?x?#W ,ݡXl_>#C-T^Ra˥/4Y͡mj^˪dFhB74s(:V Ɇ '܋b 9pĵr*_K$NOW Ingt#5/?ADyv? $$:]`U/͆HwMklc5T ӽ۷uڬR(SSfC"ҸXvqum?My"NV'(VbU9>}zlWjܨmȉҀY5b\`_L'!äh9>ZV*bjCG)w0q%[Y]m$^#܆wcMq?4͂%w ";x<զ쮁 *ˋuI~l˭YZ;$ cAfs-(t;at(qXlXdzTH%P $A[69ʵn_jPƕ.GyS{NvWl"!uYrBD'&nxrGSkV Gu(UW6l(6 IxmM:ӤZ&pvxVdpr9MBuћΡYc/W`41cx㕯$?)#\FŞ=q˰cSC^*sID: b{ wmS[)4÷YxzI"7oOVC3mu)E!XԙQj]{_ojDNB _(rW l9tz8Ԏ% G[9A5R;UL=5 a5MSgZ R:K7lfk՟A=F T0jE;~iSѭ^bk' ,$ h~SO0p/ew'iw O^Ys5}DKhTc+Ǫ4Rdv:[3 Jz4?Hm}ӕSc lճ+lғS}X*FNo)+` A`PlM=3"~;W$vrQ֯$J;˨k{|ܧIؙ0H ֖WǼDf&Ү37,\!F&UҖr-J {/'Njg&#NŦbmݢ Q}m sVP̧v~shWIgi,!}&g#M"zoV֩D*6pEY t-ϨJ 6 )'=Evj|isxOmȉOE ~! y`,>f*rvq~so|+4ނ+/gIb$9t93,)ǙI-5>@̉̅ T`Ǔf;qTEuzGxǕn[Ѫ"לh ?\M#jp5=%i=xT[$9p.JF`4#>oX*jDpbCp"QTĮGx^.CCVHїU_?6#פSNl4h4 C vf8y ̛E*gD.P>",?K/Uwb_t1mBʭ1L\{!vDGp=iđR\1k5T )?_%p?:Չ2Dkŏɫ%HP+ίݽ#6͋8 yIץcLhw3.oF'L>Y81/giY'J}Ev:aŗ.aACWtibo+Mnぁ\w@IyCAʵoat// _f>6‘CE{Er!<#)| 6M0}QFo-IJŻQS:OJ̇nE SYlVi1//.~F5!"m'NV߾ o6&վ&pCCP@`js":{ )Rj9;9%TD oJd$uCQmEјm.vfsaPvA MlO|j/u8DZsʫaOEMg6mO0u!;SVG?=K&|:۳fX?0e.<9i v`QBg$4Z6o0߲F, ?Aַ,&B8 O*N[&4sTȟXte^'iͧ-0hϾXYjovmth_ѽ5#9cˑf^6dۣF= 3ڀų},W Jf?R*0R /l5 XB#upUAOsl`M:C|Ҁ}$7m3\;}2cCd9I"~ln Rgc"K^Xo"ЯZY{W9벲erJݩ=J]lBH[ZEb-K`Ee-A=X}bv4>5$Vl;Ԍ|(lvbmǭ'/kyݮ;)8e0ةu(05u(-Q^73[SKp߅W8Uegz293Bi7} <~hI/Em1POW t{LhU'I]n{w"8@0:~ 4tU%Šs?Of҇켤w_P}=3Bȼ[2=խ;,OVsHt u6cFet NZ.>EtKNgAq VM5w6{D.0i̶>=68Ko1+ޕ@ n|[mdttنwO+4]zUg閸 Y͔4S1}s.xl]Bpq15"nufVvqt:AoI|~(,3O9,9pd`Bɥ㹾P5Q4Zme=l>aX%'<\%g{:N˓*B7U拾?zRM7!T$|ZyM5VE{tx-ښYi`NҖt~̙`hJ.kkcН {uZ%| "WF5AaQfA̗( :7o+ ɌNx][E cGo)C-.-Je45W SB#kuY\#sşp..6KX{k~ lԢ$àAпJ!Z`jI62>^ '';3Ҵb)\8-k(a}2 /@&awL]*umB/_|Tڻij`C0 Ԓv0h#4r?I}x3m ST2yMkwYY8F\]\lU+(DWNgL)g܂ywٹ4Nș]b>YLP޼ޘ*M[r;VjȒٶC0k5P`$a>&KK\.f哓noi" up-{ j7\,wvb{gI찫g_' JzXu]%:$?gc;&G_l$C{X(@jhT~s-9%}ҡƒ5z1>А"eCVK}R}+җgnU3Fw}~J䪥˔z7u"ĩGC+i"Ikh|]yzv`l*15O܃B\ì.iV>޷麯py(um R;A6I&׉5fctRW3*NBHnmq+wW7޲a}mfeO=Pr\G3إϓPNA*{@f\L@8M#ytBr:^F/@ h{Getg{}g>c";Hgvhn§NtFQbMTvSeJl :iCK!~/_W _-?+\3Lfvs` :OGP-k%d .U7 mAZ}Z!BZDz%t۬b_PX1XE_QUq.OdlRmYp.ph&8c Li/^ W< r %#JbdqI?^KYc&e wgw7}ϑg/Ao #~[?q[[qǜꤔ@4.Ҷ7Zh_ F3V1s"hƨ7GA5yp 't z}CQ^>J& y2h^B7i"yv}e,\~E#;O: .BR1 FoשKd)8v[36J F_4JӇ8C΋+&(9hc8}dj$8UТnKNC$m^Q8coav!.)5^;4PYobn`b+ )SGWJ+(5Z$4|+KƅD+'g$@3wEdsX`K+6ZۺCJ"椂hE{cTkޥI ;g+^}:Ne\l 3&/׽ԑ;)ؑ<Aa>SHg3琝&+,j(TߧyL;Dw~s2#9[;Ymf | F,N d+n|Y6 8HWB!²Ui'53%N sw79hz&Dz' $n/rW[2/$wD\0K0`7"TE:5x-a#άK4P3!)\M w НCrĹ@Fy ÔMUUpfDl;ڎhώ>a+ lYꨜ:۹z [ڋx4"Y!iNdgmݛO$72<F&jyt掛&Y_ ʎ+ҶMn,.#¡9娔8 KB 4zXHsy²ō-Rw28=" 1 X҂4/i|V,"J[LX xOXh=p K]M؃Kk,5y?*^:3Mv0'rGG(1E("5Ƃ_('O~enXK~]/"ἛI%qjT?4c1>憾,$*OpG/ +RpaM*%$YM׵9Ӈ ؂}"y}+_;Bq e_,7|6~ yٖV:XOC)inF|+$ aQֳ9S9l^h_X%RB"UTWivԫxdDE}N,+'oGQQKN"JrӀ9pf2T Մkr]֩]Z4}&OFb-R֙8&\f쩧4.{:&j[,eU'y$mzZ쒜g/; ȕjh k_Ru`0 ɴMt;kLa 39#vfkJn+'k2 rIp L1M?'Y [%_IG~X9%ViNH aR/?M# #b̕Fs>])QD/ 7֕#^mĆùrIݳ.5/Emk;X ~4Rޫ؜U~&sp>"g>IG3FZԇJrWh#Rm~,6o5vs]I-am,[^x ^2]u`# 0 r^c± ŬLl FU\A @vU~IߞQS6>&;#j{b9Y@ %%boR&7~>#hSi݇hCXC;-YhIYVb@֯q(3KN/7G'KbmQs zqgr'\!\9Af.X2KZabRJ#Cq?v3/a(SZHp2*MbC lZuKV ll 0 i`8F<\ii e628/`2UDLlhϮ4Ԯ0JPo192G5g^R: ~$' ?H7;iEGmooU"x䷫z4vWLG#7S]MuH녷c";"v+Ǚ+hv*'r_!AQTרU#W:l!3+'/RұQ N+myzD YZ