ELBA-2019-4539
- ULN >
- Oracle Linux Errata repository >
- ELBA-2019-4539
ELBA-2019-4539 - docker-engine docker-cli containerd container-selinux bug fix update
| Type: | BUG |
| Severity: | NA |
| Release Date: | 2019-02-11 |
Description
docker-engine
[18.09.1-1.0.5]
- apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736
[18.09.1-1.0.4]
- fix authentication error when using docker hub and using --default-registry
[18.09.1-1.0.3]
- fix authentication errors when using docker hub
[18.09.1-1.0.2]
- use epoch in container-selinux dependency
[18.09.1-1.0.1]
- fix 'docker cp doesn't work for btrfs' (OLM-158)
- update build to Go 1.10.8
[18.09.1-1.0.0]
- update to 18.09.1
[18.09-1.0.0]
- rename back to docker-engine, rename dockerd-ce to dockerd and stop
using alternatives
[18.09-0.0.1]
- merge docker-engine.spec changes by Oracle into docker-ce.spec from upstream
18.09 branch
[18.03.1.ol-0.0.7]
- fix [orabug 28452214] and [orabug 28461404]
[18.03.1.ol-0.0.6]
- obsolete/provide the docker package [orabug 28216396]
- Fix docker plugin reference resolution [orabug 28376247]
[18.03.1.ol-1.0.4]
- Fixed issue where RPM overwrites config files
[17.12.0.ol-1.0.1]
- Update docker-engine package for upstream 17.12.0
[17.09.1.ol-1.0.2]
- Update docker-engine package for upstream 17.09.1
[17.06.2.ol-1.0.1]
- Update docker-engine package for upstream 17.06.2 [orabug 26673768]
- Migrate to new 'ol'-based versioning
- add docker-storage-config utility
[17.03.1-ce-3.0.1]
- Update docker-engine package for upstream 17.03.1
- Enable configuration of Docker daemon via sysconfig [orabug 21804877]
- Require UEK4 for docker 1.9 [orabug 22235639 22235645]
- Add docker.conf for prelink [orabug 25147708]
- Update oracle linux selinux policy to match upstream [orabug 25653794]
- Use dockerd instead of docker daemon as it is deprecated [orabug 25653794]
docker-cli
[18.09.1-1.0.5]
- apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736
[18.09.1-1.0.4]
- fix authentication error when using docker hub and using --default-registry
[18.09.1-1.0.3]
- fix authentication errors when using docker hub
containerd
[1.2.0-1.0.5.el7]
- update runc for CVE-2019-5736 (Laszlo (Laca) Peter)
[1.2.0-1.0.4.el7]
- update to Go 1.10.8, fix version strings (Laszlo (Laca) Peter)
[1.2.0-1.0.3.el7]
- add RPM spec file
* Wed Oct 03 2018 laszlo.peter@oracle.com - 1.2.0-1.0.1
- initial spec file
container-selinux
[2.77-5]
- rebuild
[2.77-4]
- typo fix
[2.77-2]
- add rule for containerd (containerd.patch)
[2.77-1]
- build @lsm5/RHEL7.5 branc (cherry-picked commits from master)
[2.76-1]
- Allow containers to use fuse file systems by default
- Allow containers to sendto dgram socket of container runtimes
- Needed to run container runtimes in notify socket unit files.
[2.74-1]
- Allow containers to setexec themselves
[2:2.73-3]
- tweak macro for fedora - applies to rhel8 as well
[2:2.73-2]
- moved changelog entries:
- Define spc_t as a container_domain, so that container_runtime will transition
to spc_t even when setup with nosuid.
- Allow container_runtimes to setattr on callers fifo_files
- Fix restorecon to not error on missing directory
[2.69-3]
- Make sure we pull in the latest selinux-policy
[2.69-2]
- Add map support to container-selinux for RHEL 7.5
- Dontudit attempts to write to kernel_sysctl_t
[2.68-1]
- Add label for /var/lib/origin
- Add customizable_file_t to customizable_types
[2.67-1]
- Add policy for container_logreader_t
[2.66-1]
- Allow dnsmasq to dbus chat with spc_t
[2.64-1]
- Allow containers to create all socket classes
[2.62-1]
- Label overlay directories under /var/lib/containers/ correctly
[2.61-1]
- Allow spc_t to load kernel modules from inside of container
[2.60-1]
- Allow containers to list cgroup directories
- Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.
[2.58-2]
- Run restorecon /usr/bin/podman in postinstall
[2.58-1]
- Add labels to allow podman to be run from a systemd unit file
[2.57-1]
- Set the version of SELinux policy required to the latest to fix build issues.
[2.56-1]
- Allow container_runtime_t to transition to spc_t over unlabeled files
[2.55-1]
Allow iptables to read container state
Dontaudit attempts from containers to write to /proc/self
Allow spc_t to change attributes on container_runtime_t fifo files
[2.52-1]
- Add better support for writing custom selinux policy for customer container domains.
[2.51-1]
- Allow shell_exec_t as a container_runtime_t entrypoint
[2.50-1]
- Allow bin_t as a container_runtime_t entrypoint
[2.49-1]
- Add support for MLS running container runtimes
- Add missing allow rules for running systemd in a container
[2.48-1]
- Update policy to match master branch
- Remove typebounds and replace with nnp_transition and nosuid_transition calls
[2.41-1]
- Add support to nnp_transition for container domains
- Eliminates need for typebounds.
[2.40-1]
- Allow container_runtime_t to use user ttys
- Fixes bounds check for container_t
[2.39-1]
- Allow container runtimes to use interited terminals. This helps
satisfy the bounds check of container_t versus container_runtime_t.
[2.38-1]
- Allow container runtimes to mmap container_file_t devices
- Add labeling for rhel push plugin
[2.37-1]
- Allow containers to use inherited ttys
- Allow ostree to handle labels under /var/lib/containers/ostree
[2.36-1]
- Allow containers to relabelto/from all file types to container_file_t
[2.35-1]
- Allow container to map chr_files labeled container_file_t
[2.34-1]
- Dontaudit container processes getattr on kernel file systems
[2.33-1]
- Allow containers to read /etc/resolv.conf and /etc/hosts if volume
- mounted into container.
[2.32-1]
- Make sure users creating content in /var/lib with right labels
[2.31-1]
- Allow the container runtime to dbus chat with dnsmasq
- add dontaudit rules for container trying to write to /proc
[2.29-1]
- Add support for lxcd
- Add support for labeling of tmpfs storage created within a container.
[2.28-1]
- Allow a container to umount a container_file_t filesystem
[2.27-1]
- Allow container runtimes to work with the netfilter sockets
- Allow container_file_t to be an entrypoint for VM's
- Allow spc_t domains to transition to svirt_t
[2.24-1]
- Make sure container_runtime_t has all access of container_t
[2.23-1]
- Allow container runtimes to create sockets in tmp dirs
[2.22-1]
- Add additonal support for crio labeling.
[2.21-3]
- Fixup spec file conditionals
[2:2.21-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
