From 47dc5ce6cb21b0aecf1b899e411d09a26f8e3f7a Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Tue, 5 Dec 2023 16:32:29 +0800 Subject: [PATCH 1/2] update to selinux-policy-3.14.3-128.src.rpm Signed-off-by: Zhao Hang --- container-selinux.tgz | Bin 12732 -> 13523 bytes download | 4 +- selinux-policy.spec | 149 ++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 144 insertions(+), 9 deletions(-) diff --git a/container-selinux.tgz b/container-selinux.tgz index dbf2468387e4a2ac83cae406d95eec7d8f36b846..663edcd82c29048188961177c24dab8c29d7d82f 100644 GIT binary patch literal 13523 zcmV;^G%U*>iwFP!000001MPillibFUpuTc`1!AZO%{b;k4k>Gol;zM$jpn(>Ep5chW{q0*>@Am^hlk}ZBBu+PwnU$6G%F4>jD!O*e>$d8z>h&i_ z`aDCQ-@kkbf1iKx`7`-1ym|5R`OPQKU%vd}=K1p%pWl4`$+PD#Uc7kuN%rhm49TCv zFy?)hee&!6ajcr$2^V_*FZy}~?wo_|?zbD(m)DdpUH6zNoT%zi;XyAM38o z3f51us@w`0|>^P)QY2j^zh zAKJ0rRV!2;rt{gwKTe)(s&>^^zZ~iw!Ja&MGCuC58gQKP!t$^}5?GC|Jy^T_dcY8$ zou8aMDZ0KYcI9fQ^1j%vZtM2!)92?WPZ&e1eLf<-;in#BU@u53$9IJ%NnPQIt1D;)^j%X~$p45QbK-eXRKpOW z3Y3a`e;w>@=xsMN-Q0Orx3Bt`{RuatB)_J<%}T^(F?M}j4GEq1ID(}8 z46zj>$osqpP$5XmWWZrwp?YSNKKi=aSN(24h_I9ltY8X_JNd$^%Eu;ZJVxKApdE7t z$6I2$P{oa#_Ja!=PYzH+%+4fnJNxJpOq{&7PaT}rdyx6C&HL(Ok~(H6UhX|nEMw%} z)WZn9+c{%1Qr3qt4HrkDY42uHS+e<=dW^RUA4@l2nkxv4>|x@&gMI5Wqf@8^J+GoV zNHVoxXGx$qtKCfl} z@uD{b|20UwsK;%VBf!ImBs|syK1h*{ z6_BzAaJi%f?)&;4$^ppt*q|C^%Ebz}u+WDCVqBGOjrC9>6i{6YETxp92<{4>QaOqu zCs;;Vw-qg}OeqikJj3ec@JfT= z(;M{v3-tfXW$jEq{N>w^WPQa}m3>{N=|=sbbxb&j)R17;#e}R67eBois{Vcvw}^$# z!X3v)kHc8)im^#PrPkgZ+IrO1T|&F0+e}svX{{Q-`>N@{=8Pm&qy9wRFf7`h)O7*1 z=`cK$zyblYoTo@Eyu$7dyi4#Cl>ipyBx9xw@{?h|$74r4e)G1>9{Sp5SJ+iMv}Aqw z(foj9w3~E->-9oFL^DF0$$pkJ{l=SozpvU7;9xoY$o35kPe6RtqAR+i`>BB5KfY0-;`hNIfa#;P4tWDFm(B#*2yLXy0NG6dz9E6OE^KSKVpZsqFv z9($$ss_8bi$Fjnqz1ns=iIUA|7d#Nt0PgO0W`Sis=DaMqr_qs2)hFinG@2p& z5vff38nHc(5u;s_DOmdFL>iY3S|x_jAmt(>9jUpRH=d_OiMiW*rm(F8F}Z3)Q9qR? z?noPet0%5tRgic}CMU5dCgOFyxvJXxW$A9aVH}nxi48%EQthjuYwoW=4hs>cjgM5{ z+wM)pgzz*2>(uGc=KEpWA=wDCqvD-Qbmo7D4*1u4%yx$X3|Lr+&ToO^e8|xAddQI8 zTEefq%??P*@4@f2=aPK~EF+5&q>?xW z&C7b1Z>nYM&q$;H)g@su(l{M(`O|k_|M1hFzyJB? zKmGXCHE~Pn`cqcMpiX&swjs0i)t5hh{oS|U|Lv<&G&y#C_Wd`1$T1EdapruL660H~np7jHLbyI^bx3Wb3D&61)9gRnroJOa3R8$;roKQBXyz3&ciB}# z)^;N!k12?HNsx%ox~$OD&5Hb{>#Izfv4#Z&E6I#cf{XS_sem>g>-(h^WrOf|#pzsUlCEu;#{^?IgWiO; zT8FlNlMQ2EpE~fIo3UL;x8rb?oLJ z95Z*K{(yMNDErv&0?+I=dTv+PJU#uH7Y_z#Zub8Tg#*-r@ArV-4o_2QiP{ ziaW=PjrDn7yVy zLb}I70H69cY4{-i2m+*)0GplOaQsaaI<3AmGpJrbK5VH2h24Fa;|>Bdy>@)1umVn= zFbBiczH92@5f2dNi$tA|kQ&;KEZF5-dLQsr`fO?EvQ>Trw%xD9oV$nzWZphnilxg45f4&g(Hhr3?mHv_qWgl)d&%@&3uo98>`qPE z327T>dOtYrBxVUXo*p;{(xWL;-K{eHMd;R0N8`inIjh`daz<3R{27{%KBDS zs#Sbn3QnIT!-gk03zJ-mWC*YN3;2dMlB=FIGe-UNx!rEaIa7$xb^|2o6{f1bVuC@> z&fw8Ge>5C!|G7d_QnAh34PKshc;Bjl0c{t|$&))UiZ`@p6W(wKXGG-pu%m|F!;yCl zwX%~0LEWlokk*;E1xM!)*!kZE0*YzZ!<^se4-iFydR0}T$$z+GM6hxRvtWz%()Czu z*$ZKcXfgL-W!McH`uhD2uMak?CQ`;~3=6$T8?#f#>QTq2dm!>+-9rgZ=)~Yy!I^V4 z^6p1fLQu+Yl%O(M3$!RPWFy8UNYs$?nTb^G$r3VF%Kyv#&MMZAr}vTBu7`=1n4HvZ zv?~VCn&6NCp_lBjdsPTbzSeHZ&Xq|>Hkug6>}}RpO@3Q7>%QBu?`Vg&%lBaBc4n#| zLCE|Rm48J%d&toWME=DsLk&tJgk5hkKsw#i)crsA`?8K zQ@7g+Dyy7aEO27|FLyNnc!{9S7I8koAjb>-b;gN=N<#czDi?uDpS1!n<^R8={H*HU zr2JeyX3l-RqnufC?n~%PopMl;AMx=9t90xMhcu4t-ULVYD4I6b^j6C7hb9`zg_=vk za}>|>xO@Ub(bs!&s_l)*{u!qw!WMg8l;VE^6z0Tevv_#;s7;t@ADh}uR%*oKYYxsr znBfC&1e#)ZmoRDj)1BKn`;CnDW z=fBr|cDzXVgOAeZVB?pWI@qkg6kaTfHnIb&VSXzy@9kqyU`tGpL&Zr~SIbGf&xL|ez zOd!3T%-#&rDysdKXaR(wM5zG!dP1kMGgB4)<9?jM4j~{j6mu98JmxtwAkI&)M$pu` z_0Fn{yrBn{U?lS%>Z{;vf5zRCECpP+NS#}2%xY?ThmFcUfR^kZobPdBG#`MZA-Nn$ zs3(oivE=?*KDKgFOY!xcN!6gH7Q?9y^`_W1*Lvle*TfYkA+1u2Wo*@J<*lxFyaM&~tw`%QWDypaise z_)xFQYJK*P3J=}Yt{`>`Y>Jj8W*bl{W!`|#usWd8ZI+^YBAch=V;OofZZnEgXnnvF z&ogzPlV`83ptgxYacLx@F0X)l!rGZ$n$ww4)JxjIs-a3}%3FqF$sa|~3Xx9!%#t}> zuOdIMP%9`MV@NwG3z|uh#C@scSUxHi*oJ31{1EU^$2`;VO}eyV8s&of_M6o=aZRek zOeQfar%$e@vGpq4UCmx)@8cF!ldA4dsuDN7Tb*U-pk`50e1KYt5}LwX`1!*#D+QB0 zOYx`D78wFbw!iW5%tWEY427pt*?lX$BOZGrD~A1iN9H@LUdE|ebcc&f3}2#47{(O~ zrSqu4FM%7akG6M4o8xDoH}(}MNAUYhN5QUZo+&!wre3r+u&$U-X)an=-^w`!T%d(6 zyUgIomvpLaz1gBtvEQ9_OJSyph+}uGGdBA zuL26qP&MmUMZV8(>!uzbp@VO`hc>&b(WZQjzJcL#sK&a?c6V)8X3!sS^bY=ZTemz} zFn-YI4{)XN8j%FWVFjr`@cq{oE!M^g+V-%B!M8MlCjCv1eZ>J~Bt@q3{5N6?>6oZT zkCBL~RVD^yUBV!agM|ZAe$pF79JEc25s4xlE*eLQX%r;)gcJh1VS_`!(BBj^NH@%y zU!)w4!rThXZ4xG8@fU^)-&1gH5wDa9`C$slvDhy~>QEY_l4*!Z;wHPrn%Zy}AenK( z?vkt=a?Rk31Y>@kXW^g4<|bq~RrOOZvrrmXXgMvuLnPS?jDSAn3*;>B)*e)e^-LTjN- zcP9m$b37P%Q}DnEcM2XJT4+%ARdG*z)xdlo$>?N6%xMY|7iTIGKU_$_8;a3Wny~(9 z7`~!xNRUn(wmtbCb`>7JBzvqS2+@aVbrE#In=#dRmtlE$e&X~DT#&fwleYx%RLkaF z^~h8i^p%ZswzGc8i}yQXV^rN>V>q^^9-`F%ipot8{~WsZ3cWlH zE`)DwMOf{p?<|2oQ+ujn)_1;`(Q^|En5cv#mNIR;#1^tdV+3-;Ez=;eh0GRLd~J*v zlp~d7#^)TVplOPKNB0(6-RtxZ;B&+G{O_-k2vB}SBwDl_#Ve_5|xj%!6uzyPVK*;%Z(@Zf=I&CdO;-d zX`?QZ__R?MNql1e4N*V#H21GLS^Nu5&P(o6T$j5Xvj~xO{ymg(bF^Z_&Q4rWb<~oi z8>Wt44z>Ea0*K zjKQ71%)}bcWq2%-6ckGWG$#Vf8JNHpLrE!yx|}4GLNSsGc^vL*mOC*GCAOFoIZsks zjc~6U&0^903XyNql@}xji!))Rp^$kTzTucQ|oOB0k%WuhA1kCP#!q(}Tu5#*7EwK7hUz8WUu@Oh-|GpQo9L z5^A(mZ)~EZDK-)^H!!`{*V;pM7;Cz9EUR^XXhveDf8!OLj7EB;w~)sHJNwgvfEBsh z+&9Q52G;B9b+`nJT3+;MJ4y2{V2#bT3$uBU$hSFJ=nlhHTw~#8$${PPcmCu0a{@yo z3tc`6vb+s}1qyYryGB!3*9qP7EFk9keTRI^xW z*P3v8kS$n)B2&BrBHu$m9;Tv#kZ~yLDtm6h+XBS{IwPlcZlJ8 za+^SW986?$i7g~K!V^b&Y)gq-PpyIN%+HQa(^R5)vUyXGYY8CvT4KQUf4{|X(nM8_ zjcJx+F%f}XUaa8sx39|z{~!U{@x*ZaKs!uk=0+mmW+o|I`)!64ARI-`|G+c=fA^cZ z%$PaPxGyv*_75#;JmxPW7DY3fFfE+$&AQh^fak|3Ql(-csyJA=-1H(=*&b^Tnpb?F zy(I+tttUz~E7*;|F|8(ED957F5%e~E(=js1Ax-u)q8m;{|BJLXZ-@~aTiWY(-No3- ze>qfWcEuYDJ=tW)NWDXY3+dy_nzbz$(bjXkP{fyU{DT4nPr7m}g52tO56Mm(Fo6_& zW!DiW4|B@_ctJ(oj~&<<7|7&=2-X199jk5Cpb;M2jGmO$JukLBfc?Z8HVelM)xEs$ z_SxShNF;x7#rB%{5jgHqXkGV>RStKE1#IrICNmq=}S!>h-qzy#sVVs$anhoY+#aYP=v}hBUfytez(owmqR4gh4N2Z8{1yjZu z8VP5S4AGe%P@;ib*yKXq$J*nSU@JkDbl4^w%Uzmr4=-HX143zTL$FF}+hCjN@Db)t zion^4!r@lfpdB;Sm^uN0+kgmOJop=8XbWN_R9C)&F%UMUte&AeOfW&;fJM@He$r-C!sfnwloP zm13)Sw5^3BkS;qVK>=6U;X&AiLZFd85mq+5m@)noPQ<`WE#+R6W(zHJlziClbMkwq*C09VGFV!v${iD7m|RVj$}wIc*pMI!gfY@)9pu+ zqnV^D=hnFU8ufjASLm7~RupR#dJ>YW1|9T7QNfA1E_~vqp+ziIPo#yU_0CgI`1%@# zV^ek*602oV5)pe@T(i(lHss6G;z&|#ETL!6G=H?K*@t|0n`;eU)M;&r;p2M>2A|OO z7%#H%aRbEFBV>@OEg}s{D^g0S(n*j?oHU$L@YUYip`zxI$oV62-iV(sLZd%C>Z3+` zNV=}ksvVG!Ou+bp3wAe}E`C8;T!w+0ArM!=t)-N@_~yHYG!5SoE8<19+?X1P>FUT7 zBBCoxQvtt?hR9Mq$p=jdzqGWts}lpudkYt0aiK#MxjqgvI8?Pys6 zV`*D46ReRy6V@FAG1?YD;p1%q6d`W^P39tk61TyOfh7$S$2h-!{sCiztvXhREe4|v zHj4EZ4l%p zQ5z3sJM8k|m$<4ssjSh$_<%-f8BNF0)^LDQF6KN$uB4#?BeE6us+Rg?#5$nc*(otHq~+BhYy%`yp9$%x>4Bdid0n|?I$0Ud>3u}XgeWfha>BFAxTRMF$9{?>!}Sp5 zX*;0z`r^4141)pUJS7~k-dbF+*tP7T?WIIqzGIvow{mYcpi+FryFUdN9?V#zyIAwN$%`zIVZ}{!! zPw@6R&eN5^hWtA*P_*&b2EL-VM@F&2fWzh%jKad^laQFvSHZ$_pAYpZzTg?jnib6y zA&H6y|0%&joh1j)M~Vdb!)tu^^9;k1K6a%mRTNKa+Bmdmsh3YLTk3#zcQEjE2)cs# zH?W1cUY6a6JvBkRjH?DV<)M9?UTjiaRPqJCXw9w_0FWu~K3+Kj2scj=!o&ABS+ zNVr4q6`Vvy${>z*OICczqv4EIXN>grk8q^rrfSNCqz9^48|lcIoBFV4Qv+_ z+Ucqs+iv@@2G5$^&V98R>SFZL6|&dEZi^9ay0Y+$>rtKFzk88_A>1iwSBT=oa#SWl znB~A`tqsE(kPF%<(RxFPRZpQ6;~~cUjS*-}Ay2d|Cwpv*A#v~dD3*IKNdbI&YYZ+n z*qo;HQtYM0TVvOua|7&QwXYE!4amJYqviSbWiB**Q)xk!z>EdOvRM;IrDX-O zAXpDQq(W_4fThdW&MhWWF;7s^Ns-9W7$TvZn}k#}Pr($PPk3yFw^jh@Y@E`ro+UI) zG6lN;;>kD~M7QY8XpBTsT0>ZC0?vWSdlW$g0@*{?kkaeIC)`pgVA!q*=VzYl+`14rd$`f58qt0}1=J0ZHBvwwMJm+M@D3 zaPV*}KL?#S^^N+x_cZ&4+&PT)1tV-1(0>R3?eH>cFS{Bm1f}c2Abh05?i~GjE_1f<7BhX$OkH`Xm)qn9&nRZOBq^`uSQMX)v?l2EnZ$5X?kkQR9 zE-q!1pDL$9`eGuzRKt%q?4ZPPcoToPV6lf7`e=IEjFc7A^iXhFeS9ZQ(NsrEd@+e6 zwpe{ayt$0m$#smoncI}K15fTV7SoU|ni}Lty{p~g#015f6X=CR34%Th^VzV^i;5PF zZMCMhBjZWh4!PmoUktl4nV8>5bNb+INgzTjku-tS$Gj|YtwO>Q!yq^URN->fJO)dQ z5!$q|qb}j*X&J+3DzszRQyN5O39u2GagDQ$oFy+pJdp_(aI5G@*(kHV>&EUb09sXW zB~)=A0ON*fY>P(?3x9_Z@d*cmcRXr>X0h1Nv=tj>xP~vpkSS%jV3{rYrry<~V&#T} zr||c#ZW?O!#(xgvC#36=b7ZUsBBa3J84%-4n$<2wl*3kFY~wH{Hkx!xd^)aJHtdtJ zJryZEj{W6O9fI=?&W1RVJ#&GaMq=L9*S;9sWZ5mgM|3z0ILarPkGCvwh$s2SyVs%o zc#?CXdB70~#*Q(h^?qS*P(_ve_}wwnpt)bLt8ibpvM7eirF*$s-|(Y~YwYA?50Jh< zOCTXv8fzl1db;{I&L2SveaO*Pl@^J5?cM#(QBeQzX7y{;cQ$FIFZfaNrK&1WAU@G< zJ=;vNM3)-2Tq)>gUWeE~-%k>QD_*0D?rfjmeWm?!^{2C1j#ab+d472vwPL5Fpv zRx;rnDV3Z&2U00H@q8(iJcW5uC&ghoA`z#hO0qRc-TxAnpC_3ZUxj>WPNbDTA_;~J z?M?V00XkA&ND$7vDzaJql0KK>mWHshJs;vY+T5k3rNeiWWGmvu9*X_otlj_JKuxlxF*Z4Y7%Yg%otg2e*d3Y<9=7W3TC5RS z?}1*Ud4)3&Yt%dImN=cl<3Nt1amcRDqIrDH;VsTM0-9xQm7r~xtY~%u3s&@QgPFX9 zv5c9|-n|yrjtKWAtv9(G(s=f7CV{%r`tfJ7F4Ds;JVIxQ({1qJGP7!qlQb$_QSfRc zaJtAIX5S(G_FMcS`uY|z;l9fv2R<=3<>98i%}Qpd(h6iATqoaBg4}I|CODjCzsQSYWg4 zA{m{pnoUu{N4<>p*ELY3d#K{P@WX!ePp9p*9BP(^Mbs^iIZlTs=aQI%*TMU1^xcm= zPb8m0s2__xt}n{kC@te}vtkQoi&D*H17!$F&p6YuT;5=z%%LH`w)TAUR=Ehw?aBV z$;$b%qZmgpmMo_d4BLbGq1aiHAIg#5#ZsCNhHV<1Fz$RWfnymK%J+)8EYXr!P@Ko8 ztzgnU9F>VHg`vC&qsyXo3uaqceXDa60i?>6b-syOouddQs1KiAWRL=b?pvpE3}5q=7zIyuY;33Bq9rv)ODebn^K={hN?>d$;#)J9k=ZF*cS%;aq$zY< zcj<&B3~9vj{SfS~zRPGL5d*i-gs3>Lp9vwx-8&N{F08Ah$Ol_^^#)BdzGtJYMANC3E8A5`HWKP3Rzj^Odj|&wzKmLm_*FvQob}|)CS^$B z<;G=7;o#;OJTrDF(aL@r;f+o5byxP>BdiZ3HKK%nJ~3%bY~*`JKHf6ogr)lAlL3e% z&7JafPAxv|6wBw@ZY#n(N^rWObHlsso)SjTZ=V-XZdV-vv-W4%*8m+heW^(K(jWb# zRe)(%13BS>+2{o*hGd7YanO`WJ-fVAye%?-G->LEZ7$5jtJ(}Q(U-Itm~qQwv;^o< z7R@k)k5=HY%^NK|`0pJUS*0b8>Plo?f^Tpx&eu05PlTqd_`hYUzg5vt5h)WyspI}< zZX}sC)n_e;lMb&k^%=g|VcvO?v*mrqO3vojPM72}i~s00V2i2xs42N&(8{driWTC} z$~rA3=GXjSj=R*L2ZOCVm>`~JKcen(Uu9ieR8tc<{I7q@c2&Qr24nEZ+@kN$rdp%| z`^6SIm3wmP-fdj$^FzoQUmWMIr`|r;ZWrA?1Uj~T2=tuxVHAR)u@dYB6EOdB9thiw zL-vKV1}LzaQc8~26qQZc3!|ZjXUj2Pui*>1oq{K#pb$NS=qUu=aY!m9aUaRqt*KlW zv8u&fD7;pYO?n?2F6YZ6nLz_!5Vy3@@>p^?+rU^RE?04^nQ3eC!pKj5&P+?C!&`KT50Pp_5xS?Rh?qg)CeU{Ih_3}h z6Cd^_uG=m6CBvV0PC1iq%{nhnr-FZlYE6X$JI-R8x2Ri;-I>_-^5i>2wqEvS|LNCm zL~Vpvu?&-fkl;cWw{Vx$fnVg}N-$3@jIqZBvvk(O8G&+u;L+%WkOyJ_$U(@pn>8VM zzY$K0YQee)#5{<$W3X)p2L~2BO&{SrG#rj;XL#T3KRJ|0iYsZk`N0>sBg#-t8y($; z-uYwoJ)d~%kLg-u>e<4;E^8Kd_q*&e`vI?BIFlx7lNK$3*zdQ`iW-R01`Y;!fP$n#F+z*q@-}AD#Tpri4Kh%4GO`F?5&oQ0*#4x{$i}TierjG zq%X2lXqQXTE~mjdB4Md4W{Nwj38+{a;qxvh(P%D(=uZ!+eFdF3@uQc8Zyqzc4NyuCm)?y6E;HYf-g2dpgcj#(Q6fn~?RY6*$G zGC{(==!}+SkN8WqJ9wo_A=D(`?47-%atv`IFSbP)$u(NBzevj=R)4NvXfanEQZa}E zLY2`;6RSHRn>~P&i46Pi5b+;wk)~P@N zAuh^6Vn%Co@kql~D78*#$DxrA-t92w)3F5W+FXZE(&}{#Xe>$QIQv82jY!4*D}MVk z8MY2_`VNI`@IrdU)loTc2T zpI-JwHatUW7@|Ns#J1jSi4e3hn%QMEMj7yE><eyf89so(67 zdKP3H{dkg+%hqcE9BE=j1LQ80tw~uuBk6Nn;sIpcWIt5jD?YfDfn!KLRIr>`SReQHPv@n9nV$8&q zP%)bHHKu+vJ#2h6=^o1nNmj|J@sVY9d)WBF&93MUwa{^wlKieK>-8g(cZPfH=FsD* zG+p}UCePml>PBmsc3?_+;0|63j%7Ns&QPHnhUb&^UOqg7e9GL4wq2#}h{PY;%y~4W z6>B_UZBtyv!@E1}vN&r)4wn4FaRw7>Bx$i@O{Zz>O^0Dy zu9_UJq}!D+H(_nZ-faP1@vYNuC#9#qdvaZneDtNO2Zm!eA&#%oY3UKBUVw$LlpPKV zz>NE)$0%uSkEw630NUX`p?k(>82lF6U6+dH!2V`p=|Ho?s-i zR^90=5(lkV`{GdKU3VM?>7MxH+w2~oJ?erqWZp+u{#fG#x8%GPsY@Oj8M{5$qG_tA zd!#yay#>Jx$b>@`>|Ef1Cbu#3U&PPf%1=0-8Ifc-U%2U4quxPonB*Z&ZkB02$N^7^ z9?iWT*GJtA=-pN`Dp0p~q82P#P}HWcaGGiAaRDI)fPfP|l7F#+I!JllBJNd_bX9U> zKotVZT%VCW4)@|%?)=14CKdxO!fc;Ue)~-O@J7E{7so2&8T$PG*urwf9)%f-X_L8JRcX;T4U*?O%x*f?RxYF+4+S!u4V3uhF~-vy#Uw`}tr8`Fj>z?r1q^?@ty@8HIg->w5Jgk7GHSJ7jvk@3MN3T& zAdB&~JjEk42!|^dA}jN|IB`Pu_E0zFT|FLyP4JnxfDsL_r5F9PHw?|zA#Zb&UalTIT0;lV{92pq{kqR ziv>F%A$P3#<`R=%e2QF*tTL@5pe2_eOm1l=v1@jYD2@wiFM{TRLx({9@Be%Ke||^o z@k`O}w^ehwKMdQ;<>(GaBP?k+mtd_NmJzZ-w;F1a?z`r&t0o8pd$+nqM%^v7 z#;XH(Il6>mSJdTVoYuGMo@R0BN+m2j?D)=XdHRBNYDT4hr|k+3aO6i1Q53mo#E~|0 zB+8RF2eAdPHE<^Rlj~|^o9r{B*`5FKNi?kjpM*0$1syuU%_k>>IG+}i*8*Ij`DG@R zHzZwfA`xz1r!9wmlb!(~l1xO=W3W?t8Kc!#n|c`g$3$u>Yn&R|fGkBQwSEplN>5*e z79w>`n)mNlReL|T0Vq)pHvs*s-~Iin={E6Q1zZMV2(#0zc*-ek1NC7k(%{CCI%513 zAtz3gr*`!ynm4nE3aZ8oIIYV*&3@ii+3C>c`(fLS!zo0>;WN<3tXqq7xe{ESvVVuE z@~`!n?GD2T9#U`&24`FsSw3Vnb{9WDcnkWKx7lI8N0@aFKOd^5!H+ZWse-3hw#pF2 z;hOW4SUH>gP2%MAt4byAXkVZVsUk74Y#CydQ=GJ8Q*w3t70k7#xSyWl`Q_@%AHV+Y+wcGO z)#(KeV)*`>zhq}X@;rkSpA}?QDyu6?t#G+$nqq}Pwf=ZMv7=aPCOV~BKdD+$t#GB( zI*}?#<5Q{9)9gRnroO8n95OSdCUw*uXl@4#_K&z1#6q-F)o332ColVikZPrvT3Rq^cml$4DF*51SQ;s}@)y}&--$$mecE=;I zenkkem-~F&UhezuzJ?3z((R+N z6uSMmJXNV{^^h!Yfo-&ih=F7DMfRlB_h+89Q?s*7G%?4}Jc>P!(UvAH$*ecqs%Iy^ zuyM~_$Wk^wR>I<@K1TQm7C(*jVuruAW)dKu8C@La$#s*rZPiStDW*t$V9OIl8eK!G z-Nsza(n#t<1W`2Dn?Otm(&TT36fwaG$4L%S(~j|6d@+D2+K-o>ZlGnqx4Yy)uLf4C z1R_L2w|VH!MT%vS@0^f4XFMx+drQ$=#hs-|Fhs(BID(L;8$i zr8Zq#K^2zHEEDF5;!Y#9nMTK$yu`uh6e@6BEi}3~LS~pWkowSZ7QcOd`~3F#?enpH N{s%XziueGK0RRH4S~dUx literal 12732 zcmV;tF+YnI_)Y8a%lE)KXdm?6HZfu9` z-7hL?UbIAua2oyC~P6 z9q98Cecrx#1K+Q{`29=y8{WLWdh_zLS8rZ_@%qgdZ{NQB;yZDPEi& z9X-pMuE=)zsxQ(m+pez5`sDLhr$^6NhE{DlpnStqdvc~X0|LQPGQCSafAwx%uA9}m ztcs*B29!wm{s?lkVBOQ?#%+MTAhjIc6rM#jg=e;=pe4{XRbhbt5k2PMX_ggz??VNo zENw5n%?*7=wKQl?S(WyEl3(w8RAF_#+VvaJh-~edG$zPb^7&N)@Vy0}w3W|anO?us zQiVhhF-V|1e6k}1^t6~d;{$=Sn`dc_DV^Q>bY92&u}E_)-?nR@6(?whMB;DO;~u$C zR}APa7Ga~Tu5k8Zy9btXi-t>5M$fQ0SEN7TYLw(xmDfp*vY8D{R~CIl<2{TZX*)yN z3K8UO+5xE$q+u}NH1AM36N-<1uG*s8^@tIslAa|@sc|D;cvkt;M2-9CV+z_bW^leG zh6`2PxN3iMLF2&zN{F*FN!->p`V51U*XE&vV?Bb*`)%44pOVyZhQj6E5ydh@?p4_j z(7LT7HiI%g45_#V~F z1x)BncF={;s0Kf&+6%5ZwYLUT&Uk`~RWR%b%T~yzWO|W?s>!wDP#hjhq@S8aOB$;} zMH@d{vc$dnO6xqQV zrFC7<JP_5x3?7$NVR0Ii?ZGXC2Q^?Y#tBZG&Xh+*AB1L2|m9< z|6ZeiZKau$rTUFXJkJF91eQg8=`xcgL~5%9@~)^FusI`1m8dM#k_Nr{s_|W{8rvP=+A=d_{8!;t!C&tXtVyzQbOr zy{ejx>9MSEXs@=-PC_yn?YtXe8o|x&Zk%AA4k=GdZfUe9Q}v1YeOZ(oAUR8p`MV3m zcYHb-CvUQw=^#DgUX5}DPp6=vMVpLso>e7kMAMN-*%rvjB-s#*>wQ_}H|2~{G}*Me z(aO*VVQPi&Jo9gxg+in({%>C$qrtK1lJCFyOL78`r??BEwcxJFi;D%z#xv(Cl<41T z(WDYd1;XV~i$h8y4X~rqJWu|kuF4x?U>FNgjMQg{0*$<49&loF`Zp}bvcQXZjS58dIi{_9%I&fhildGEnMRZj&8}ny2h`2GyxFbNd{@>aYj7;bwt{4NCrCoCU9^kY zm&(&68iQ%H99a#WT+QC@Jk}(GvmnhJe{nq55u~YW=Iy}ES|6VZL3>0N5i1QPgmHIaqTh^&Ueh+E>RAAEVAz? zHN2mG_(tTR|CC!_n+3N(pat7L`U>^Z;1z;--+=&Fazp?LO?7DIZ~8J8Q!a_i^4CC^0;_yB+7<{*5jK$%)b47d-sbFG=GE z@dp5qS^{pi^TPQzLF}~n(#W8C@VL082IP0uVNN%QZ0vF4N`)nG^o%(NuG*$5vj^Nk zm>&^!971YnJ+Ol+r_y_mpV5n@9m7`Xe%R7@4F!*UOA$#Ce><&xr0LvN*$S(Lex!wy5@TmDF{+ z5@YTn-ivAdU`UouBSbt%iA8f<_s}*-0z~%(oA;8Tw-%0$C9*p;;F3#cBy_|TSfoU1 zL&_F$j8LPy2r%}T2e=t?8UtrY+0kA*kcgo&Vjh zB!#4IjvO@fqYxIct49emq4SrHT&WK5Hf`6;D?5)$tn9HX)$w#+V7HT)C18&;O|H|v%+xuR1&3jB z4x35au2`4%2D$!#U*P1R_5_+;uBZdF;4fy0qlq4@7>QB75Noo$R+Va%-xWU7Wyvt{ zNshiG4kGEotL_Ybp@rnCW7UjVKYwMm8}ghfAhh0qNqU7*)mKa~=-CN8I^~c0{q;Xr zXh_PoX}!VI(+;m&H8Q}q(HuRy0i$?DTQHS5YfF3GUOZvI=RP zX`OL)PJtcwO(dY0HXV%lU3v#6Kv1hHay0n&Hw*+TmoN&}Xf0h1*_OQ!ridEn9;^(z zenVeBZuk1ly46Hvtj4fo6LEcZYF|BQAGLQxo~*qq!494194pv!E(YE}N7@NlVR6wA z{o-_HbW?K#gM_8>Ke<5}#ro+qD>96AFoF_WlF~k&?Xn)!A+Y`<_MAPo5BHu?l`TPF z5qQO{nry?EoRdZ)-jIAqx}r+2i)!69JN6qb-F9gU_G@eS2y!x*Z;$eyD9?CB5JB$< zG2!RZ4)XgM*x{!@E~6az0V>ouTlFv}P35|pQW$RWjbr2ISmu=J11=B}=f`B%pf(RC z0y8B}2{%d9dN3_&H{^R?lkbl<-YG2*c0_r|KeiatiuVC>PDT&DclvSJ^R6k;xKSDL zDY2w2A2qguV?lAZg1k6vN6KQ!MHdC#`?FCOc(+V_gK>*O`U! zx4s|efBJ{l&c#q1Dh=oTPp^J|b@l4)=>Dg-Z=UXddW;WobwM33-&e&6Zw+V3)y37z zmlrQl&(=nHGMf?ym!xZ&p}C2j4v(HE-xdg`!*@&d=m8$O@}kdZn2weP=qMoC14*LCsw(;Un;(+4=>{Ihqov~_L5IQ&`x?$tiqi7=CaoXNl66}3 z#i=bzU#nZUJ*10D$0$xk67S77@jki8{WG*cu`^vJ1} zw;i=FZMtUPCMVQi>6FeD0l8qSa17v+PDq7;w6dbzk|~vBC{ilGzP1S^Ix|JqJ+#A& z><|DsLm_(>-rbOs5yj~do?fdmHD1eFGAt%11rjv;|F8`P<>#H^&I zci8soBB+TnZhenqf4K-Gb;IUwK^;!?97|rJ`9m$oZ4^I0j!{QwYBC(PFE`n?$|q;* z3gt`n4N2;z- z!m;p7?5r3b74bvhLyh=E=O5$Jf@#PZcb6X*f6O~ZC7$0ZCiB@Rh!rzppXgjBv{44B zpT8c_=R{)~V@XGEMpGU<;x)5tbwq{Li3}#}5jHvO#L=mN+l)_cYcaJd++4@4%G|~c ztYcK&MN&`HNhNiO$lD#~dO<`vH$o){6v@GRn;iY)@>k>Gd3!^xP1f{m1; zM$PUA=^b%`8(1>z&yP$(k~zWvXs8FY?ifiQKLc&AD?p`zzfW`)?3d*jECa5PMH;r0^6RXdbj0fi&Di-WyYCs;e;zSVU#XB8alLsM+uNX%_iiy z?Rm5|6{`d^oTXJl*2w6UM-AzVYW*%t+w{7u%HaW;+P1l?lbaH)OV{WZ*zWpbDDz}@ zQ#W}6?ExQ6!N0D{nn$t454!XY?%G`=NSNGL5a$A4%xus-O<6&U6?Po%1C8uR|E9;C z#MWIPB2!fU8)XY=hNwjkfsCrTAcSR|!{RKA7Pb=k9%v9a-V0_Nfh^Lt+i0^b4nf+Y zj{(^A8+^VAeaEmt99&lYA{K5C=T>lTqc~9(e_^cfJBHVEoRelkei#EeWbIN=`+Niy zjUfh!tK=H%O#QxxD7z7BLNas6C4+4SJc@+(0qPZidS{cBs4Stq85el26z1}y@v&U2 zTG4=8mGupn9gtuKPzPpak0IXBs}A&hS3VxZOG`D%my z?8RJ=#G3zhET&HITxeR)6GUdKJ$x|cjLp;Bddekg5YC^ zvn9Y|O^P?g1Jg#(Pu9=vZfcL3N6usPLNhy|!J1*$o-( ziu*9R^ma(ico<%E1}S-te&i9pXOw-T=W|}YdjO~PNE@g*9(n|##SJ%j?8GoJPQui< zraDrFWY`#ghL!>ll~Dfw?3?-my*&07<%1~+qy6yXcxP#Ht5Xco))zBcVPpamXZpxg zrnUXhM3$%w@Ad0TR7hwdv&9u&n$anS1En-R%WIn2@xy!5mLE2STaHt6BmmdG$rX?kb|d#!v#MVR3bs;9kPaaGH zfv1hHf#B1|*Ff-zx@{o(v_aMf9z4i$o(XF()2&94nYSz-XSMRqal7uURvrXANfQo4 zpV1Nn(5JUV7r5#x6xT>7uBnl5Q9yH1{k0C0MucU2bnB+pkM8(jNc|{KUjqkZ{qaZY zuSB=fRJSF2sf0rl<^~6I*mD^m7LkW#rPbSIPyT?2$3&IvgMq(g2ArQTmf3y~ieCcbE!R^y=cKARq`G)# zxhQOhp^Zt5@ny|!*H*>-3J(E+0E+uYlzfex5#BBHoJOX)(}W~O)hs;t(pi%n`*bl$ zJefE_;O7w2kuqpQY|m+|Vad|n{|F8mf*^GcMUoWuJw)}~fvZ$7I0?2NUTzwc2bV(l zpu6jqRT4g?=`TAaC-&Nq@`OsNS8L6eiMv%(R}DlV#ExdpGSU$8dh6)7Y2Mtq7>Oe~ zkK*Yd#gss_cjbgqHEjTrbGX7p%)ml-_VK|na1`{aD@q(hB9mReakA{nK9d?V_HQqL zO)V-ZV-s9L`XrtRQfv#f$jS<5F-`nz&9p{O5KM}Ie8Yp5dCVD3zP$r|%hxBc&c%9> zCqK`VF^jL#V*Rs-k|ysK9g(piXK`vAwcQu{p``1yyjZ9EY9J=cd#B)JHqt7ci9Gb! z{f`EHwEb%KX|#=1J6&-8CA*nyL?JN*08&CF*!kYqZDJ<}eWJPNO0twuK^X!D*hH zFjGiKHxrMnJrkJ+P*Ne(`ZU)*sJa{5*HUDcSIhF`tJ|;EECZ@L(d(_=OqxpF3nc3k=4PKy6^`% zL=_H(9SiGza%Qe10DESlj#Pa}kUoP?dhsvl)$rYJ$~vah}M09u5?#@WXJ1V@e+!$54`tT}c;GYpRi( z@9+elax?Ldoid`f+U29|bp5EPbAguH4KV=UmMxn7>va=iXZ~ehpwSht6ZA+$HYQre z)edzoxI8wTgGc6#;s~~BC9QK260U0WXI#Vt>^-h(;BcrFGu0*YIC8SS!+OO#0d;0ES2 zz$0?pqR_nV>Z_b?A4*u=Vohe~8eeu%d&4>PlT}UAhJ!}r05Xge*3NG&W3nxK2(N>b zy)YXVUDMCy3NvAi*n;g-BTnw+5zoqfID(9HgfTEFI?Mt~FmVkFLqaZI(>*y5zRe4^+oj-k{dNv_rw$w!GR5z3mZ5i z4VTg;JNLgmkj*uqv{Gf9#b=m zTNpL#9QztH<}Aha<<9#N=$Jz(Sw>bj=#j?=h6COZ(=l#AJkE{N)F$}4Va5L|tWt25 z-r1mn#*x7BBXZmbA1{2p-{0$ldb>}$w%)33E|5rfIP5aJ{z4bOfEFQ|aW#0Hwz;K| zqKjXytES@kEsp3;R>Q4WftquR98)NH41Xp0sP*y%HVh(XV{!A-$jK*ROT zW|p<=pTksF-Si+cfGt&Uu$8uM++`e=UF@{QzCXAc{QiiHoZVa-u(Y)8p0~pAfPTAo zE-V;$^-bMS@It&Q-FcxLMc+e+^e`3@8J4Z{y_Ce1Al%5n4&mx}&kW^yHo?4LV%nj) zDr={efm{b=%0piFyR`o$tmsyhHJVcIQ0L8qaV&KW+Y9+*PZ{$qe^g*Zw&HTET)${e zC$xJuCB`%Ur-s{X@g$`Kn+VCMIHt6ebkBEKoPJAza>9}A_jLwNVyGdp%eTkRY1DgV ze3UMUl}O1m^TwM@*TKm$)AqE}u?*)-4*#!Y(pqgSc>jB=?lLL?@jVj$OCJm#Ozcih z-wIO#moJ#4yOo^ZoQJX3B6n($zxaoScsgZohxi(fmjQIAqIhu7AYdhDVm(?JFM zT8nbo*Km};wWh`7VqwcMrI%t2E8dP)Z0@ASI#1nTTY^9&k6Y9+vO+oc%_yEHKW|Gk z0&Sapl_xmF`X13e!1cMH*tYaGWs>RzFu+OF{@vx}rX05W>x-<}U9O9~>C*GQsLFbO ze@Va33Dae}ud2&`d-;~lXQX~<&$@2c33!3GG|mJ5i8n*x2iXHf&3J=*2l<5>B|Fq@ zkP4n=#YnK~<$0G41Z)64wNJ}TLdtvZ3YPaIb3P){*N2NBQu%fr#{mZn#20t6HamDVPn(RN(NSmY&7^9mLP&DH;mQ>2IDq?l&ER4 zGt{cd(mxqxyyp-PMUDrCfcS#l5vbri`QT7{V;=X;QURs4a&og45>YYH2xb9{~BNYsNXy1dgl!Swh+8CSl2>nxHeelCP8s6fxAM`{V}yPOHIsjEv7JMqn3Jl z#LipBEfV8I7#8G+w|XsB!&c&H3J<6KEiiCsl$y_DK?iuk>iMs?C{8YVOTbn$jm+B$Z z4YT)K_8`IyM+RHLNdJtFg%C4CjyLFS77^FRNigbQIAu!ClNu}{zP#B?u+e1S34r#l&T zGal?&vFdcun?eEjvP5FPQE%xy$EETKOLPNo4^V~6Rq+rm(MM?2hW5IM3kGElmr>2k zVLsR%cvjp5G~>2D6P)36d^pI2dlpr8=cTI(X;HwX1lg^Jj2msSdlRZy`0fXkPuSkN z;r{FZ>{eLn+Pyi*L|X<*pnQdoTo~gl~L>F0l{euRZw_Vlc^(64pHt zlBe^8U5Ki11YLwW9v&2Up`IB(#Ezgm1rx~cffzSw)mo!Hw?72eSVISpdoQrA2g zTqWv7tVwh}KCti+jt~$Kc-tNHjM*HG?gV2pd08Id`6!+Qcs(lmqRrJ%vI>N_8AiDn z#<>^9QFHfLTjH*^W6=JTyIoSdQsHJ5x24GE`r)Ly7Art5G*&lUQbFzQ=5}X&dB6I# z=o*s<;-~5$p;09h5Qt;1T|*v+$f1)2n`o3hLwTBE^A4S3=!{~UbG+JC#Le9@W5A8w zk3BJk-puVC?m|P|#7zmKVN@GG7gBiQb<^b(MC)>GnIo3HIB6+D?(kSAhJNk|Orw!G z0@7%ddb|`{m>5$6wovpstu5Bgn9dU8#+qkOY#S?|E2fPjF-I($FfPmSwrR0zOjS~L zzxd_ni0;Iv6<4SQX?_j}u^>}BLn}yxmXHb(g*B9dtUUNaC`hze*9xKxikj@D_eseZ zp@Y{>;6)Og-ghva5%P2Mclz;nvgK}6!I=5I6IUm!hO|SamFNe1+qo z2uY&B&{K)r+ux~y8UilK?`_)pAVt|huSv@4d+GF=>9sZDm7F{o5*-A_P*`IG8%0p$ zb*t9REb3J37S#oJTlI<=R*Cv0!3GlJQEJvK@frPxp6mqU^QC$g$2-TI-rxr#s96|I ziQ06Dg|=ija0M?PnDt56t(Yb2<9l(fgK$jKT9eIPi$_;x5-1C;9lwxukq*|%0Xj>V zZi745ILzTNNu$yg1*b*=8++_w@*PrGzr`(44K1`UFI3}74dSKiBIP@STIetIWLSbW=_h6ac3YZl&p@3`XMhF=!k`3;L&*| znD9r*&frBIqgeoSx2nWML%J_<9_e&=hGHj7ClSjBKnrY zz^2oaJwlv=_udOa^yQB^L?9nSs1J$xq*##sP@2a-B-ysPgZr?gNZM=k1WhVr=acgkaGG02u%D$;;z8;Wo186XOlWI?QK2}-D{_UwwzBj^?6A@~ zx{WtNhbON~7S0u;W3&Te2)-%Nu*H>|if!e%sVqT845_(j*lN&9V~;w*C@cdLI|cTR zx&_gcSS$~R`B~wli!&+{TfjScbw%ep1Fns$Q#BlLn7X9!3Y+}2{$Tc{PWQh^5B>ndzMV^-?OEI>DuhCSQqNx&GY(3M%+pQ&j38NJTnnHVTb9G(&5ySo^DuB4NgAZEoW9NC5(m}!@ppOzF5c{rGmAAs7jRhPbbC~xk7WadTctWn|=?Y zn-XaxAs=TNVZu`V+(`#SlID)?dQJ^~;*`tfE^bOztFdgH zk(XkPV1lp18gYhAlfe?8Q(16^DSfa4hmF~2;=$iHU_F(lII1g=c?o{OhBu$zta&1s zvf}@Nss2VqLuI6yAW9u~|FSd5SyNrcygc#rYNlS`djRHb6j^KDwO?eder?-G-i-L) z%?4~NMHe(ASBzR2m2Ky7IJGiQi-Gw)-*MxQ)k80-~|8c z-;!O?ZHj)>dF0%p-%zL8X#n;Yo9NWslkN0oW6M6@T`chxUG{S7^@Htk!SzF^L+gi7 z3V;5}|C(Vj5@^BUwyz9Mbg~evrEi-m^sp zrRW$%M=9`%LsBV;Ur5UCr<9Ini&xHwdn5ZKF?k7Y6Akfw#&*9D!Z9S*S@|=_HzS-%ZQ;tvH6i9Rvn=Xye?q7% zB)B(PDddjmA+iA3R;6P~-fo0fp_;HR0x_PUWfd&H!2{vF{G4f3c)jf2$&(<&rJdYt z;5yVI(olB)EX{@9>|*rpo_M#**w<&Q9}B~{tP$MY?vnH52R!TGSc#|(YBY5vH|dZH z#6C!2Kwv?t0;01h3D(v1k!F$r2p%)wy%u)i#6m~HGuWcj;ausl?MCqm6u`6OgBG6w z^?{G>WQ_4_Ly|(!XUQ?t%eknRV{hD#QL!{wtE@a4*nC`SnmYuzGmOYwaF=2@8QUE= z#0TpQ8ggKGeE`yXxPtfY1Me!**()D}cI00jIn5DE!{X=QgbWrVdj=#YDftv9JwT?o zTHkJ)-jEojyIq%!cE*h5hCA6Q{`eq1r1TkCfFs-G?2uuhT-#uxxh_X7S5Tmrva`-O zgCuT9*{mU`2pX&VWY`vck$nB1-z3a0^1^9Uq)2XyqDsVes+~miWK*HIT2KZA6R4sz+Ny! z82f8fgpqTDXc9uP04>L?Sx~>2`RGz zoa+@zmz%v#=yV8j6YKS<=GNcRxd`+jR048pq!S&yS-Spvnuu=i+&ed_|EN!}-@a9# z%+GFR27dNCYO~*M&!ufU#+s|K1Rep9>rZh!p}r$z4y-FUXbXE$4|sJU_=_5~9M}{s zdu0faRu&1NN$$#Fi&Bx^1a9mR{-7~|XUEk2-@E%I<8^mRh056@9h7=^6r`gH;w6%L zm(Z!K)Rw&l7rouj%DPpl6p{GkdQ0fi7tB;pS+JW^u0u#eA(`{$4_z}Lb@8wG?a!p! znse^jmy~J{uVW#gcm*d2OcqwYp)B^vPdLM2?r-7n#yeZ2#K~@yTmqblGRE#QGVJ5AtOF||Dp*>8 z$yhI+p7vSNzeG9=LZIzoTW+>Q2wED|>@=!T8t`c7_B|;6#LrJ@24rjwO9Vy^C9u6l zsRy@@-HsUTJ~%cTY>iVkAhYb*4E3fPgB*o-J0GdklE)F*-TY}l^K#lrnrd>lEwgP> z7e$U1Jq^S>$88j8v*<5W*d(nVs6G%hg%MI^3L7aI1$8e9Ra0i?9R1AkWWL*>1vgyb zj^}75u84xs7@r~KqtQUai%AzQqhqitoNQ!f)opj{*Ljx`<*v!g^#c=Nf}7xG-{CPc zUYz5lkXxoy16)+FOab@YI%?oCj624m$akmed}!x&t25wZ22r%6%5|p~{@7%KqS1?3 zAWhgPAbSI_5$9j9sW(@B_Vjt=53h-fb#|yUUZT(2H*etk)fc~iDSxBS)faDHzxnLd zo7Z2we)GlKw=ci=?B%Q1uYdpQv*hKWG9-WYa9?JUeD-VmFram#mCpD6U-WYchR4gl zU*xcW?(nbxO`^CT*!K4R9X;C7y%XJb+h7g3e~Ctk%YENnR^>HlEtdr6^5S>T&d-C< zRF4jfNL^vQ_rLj#t2=i(ds6ZW!TGN^= zT+Cf0$92G;6Vyl*686^6xOb{k0sD-M$}S3llbxz@yLnwW9>0+r^k4Fx%l$OufO~D`@em4e1^RVzyIbh$q7K7CJ^tbfMfP~ zabYMGP8SVREHNn7A5SMX6l2Lmqg2Z$6-z1=E|gj(QY5K=Dn)vp{6}4tHwF0ECu1p! zPJTvi`V^f$Z;C#t8@`K-5srn_1trQO#E?MBp+SOD`7VApOMFLv{{C-&T7CPMA1`61 z!wWDtJt$8oG?bh+Y)|Zp(aBvsa(YPdeL#;NyOh68vghRv2h4u#!ai=YbeyN7DOzmJ z8tO#?%MA8Xh8I$O-B7y=2_@8JHte?Xb9#(>{$$3wGT0~)@-Ym8Gd2o zmOYWBY+Njb#Z6rd_y86!4SF%dS6wm*kk5=J4nxnnO6$6)relgxNAKA3KoN&Kl4`RV ztMze^dKW>6qwGxp6M`J)Z-x{x;Djv@3)Hl&CtJR_ZDYdh@5Iv$lAF1pjJp8sls zGi-rY+5Y{aE%T^NLJu4q7DjmeGI-}%RYDM{C7aVF*^`cL?(}$wuCesp?TkL8j~GU@ z>Dme^u(W3vF-~MR8qj7M&S>xw8-G(!V2f2~bYVc_b36d`Tb~Vh`aFG}K2M*g&(r7W z^YnT8Jbj)%PoJmH)92~)^m+O`eV#r~pQq2$=jrqGdHOtko<9FtpZ^C==^%dqkO2Vn C52wZe diff --git a/download b/download index a8e353f..f139fa6 100644 --- a/download +++ b/download @@ -1,2 +1,2 @@ -a95b9cdd9d4cf5c9605e6e54569621d0 selinux-policy-426c028.tar.gz -052be1dd5d2a549215ec6537ba03c163 selinux-policy-contrib-c6da44c.tar.gz +3c32e29535aa61da755c63ccb8df336c selinux-policy-b5586ba.tar.gz +07e4903feac23a48b0eaa3f6b5cd9d1a selinux-policy-contrib-267743a.tar.gz diff --git a/selinux-policy.spec b/selinux-policy.spec index a17cef0..9fa2a42 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,12 +1,11 @@ -%define anolis_release .0.1 # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 426c028e3d055a6ae74f8bf7cc92107f3e43a5ea +%global commit0 b5586baa73b14fb8ca458fa4bbe70522b1ec264b %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # github repo with selinux-policy contrib sources %global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 c6da44cc670eb76341a756f7d338e60cfa7cd8ac +%global commit1 267743aa7d7e85fe2bf3ccd199927d6c00bb4439 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %define distro redhat @@ -30,7 +29,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 117%{anolis_release}%{?dist} +Release: 128%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -166,6 +165,7 @@ SELinux policy documentation package %files doc %{_mandir}/man*/* %{_mandir}/ru/*/* +%exclude %{_mandir}/man8/container_selinux.8.gz %doc %{_usr}/share/doc/%{name} %define makeCmds() \ @@ -459,7 +459,7 @@ echo " # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. -SELINUX=disabled +SELINUX=enforcing # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. @@ -718,8 +718,143 @@ exit 0 %endif %changelog -* Tue May 30 2023 Weitao Zhou - 3.14.3-117.0.1 -- Disable selinux by default +* Fri Aug 25 2023 Zdenek Pytela - 3.14.3-128 +- Allow ssh_agent_type manage generic cache home files +Resolves: rhbz#2177704 +- Add chromium_sandbox_t setcap capability +Resolves: rhbz#2221573 + +* Thu Aug 17 2023 Zdenek Pytela - 3.14.3-127 +- Allow cloud_init create dhclient var files and init_t manage net_conf_t 3 +Resolves: rhbz#2229726 + +* Fri Aug 11 2023 Zdenek Pytela - 3.14.3-126 +- Allow cloud_init create dhclient var files and init_t manage net_conf_t 1/2 +Resolves: rhbz#2229726 +- Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t +Resolves: rhbz#2177704 +- Allow cloud_init create dhclient var files and init_t manage net_conf_t 2/2 +Resolves: rhbz#2229726 +- Make insights_client_t an unconfined domain +Resolves: rhbz#2225527 +- Allow insights-client create all rpm logs with a correct label +Resolves: rhbz#2229559 +- Allow insights-client manage generic logs +Resolves: rhbz#2229559 + +* Fri Aug 04 2023 Zdenek Pytela - 3.14.3-125 +- Allow user_u and staff_u get attributes of non-security dirs +Resolves: rhbz#2216151 +- Allow unconfined user filetrans chrome_sandbox_home_t 1/2 +Resolves: rhbz#2221573 +- Allow unconfined user filetrans chrome_sandbox_home_t 2/2 +Resolves: rhbz#2221573 +- Allow insights-client execmem +Resolves: rhbz#2225233 +- Allow svnserve execute postdrop with a transition +Resolves: rhbz#2004843 +- Do not make postfix_postdrop_t type an MTA executable file +Resolves: rhbz#2004843 +- Allow samba-dcerpc service manage samba tmp files +Resolves: rhbz#2210771 +- Update samba-dcerpc policy for printing +Resolves: rhbz#2210771 + +* Thu Jul 20 2023 Zdenek Pytela - 3.14.3-124 +- Add the files_getattr_non_auth_dirs() interface +Resolves: rhbz#2076937 +- Update policy for the sblim-sfcb service +Resolves: rhbz#2076937 +- Dontaudit sfcbd sys_ptrace cap_userns +Resolves: rhbz#2076937 +- Label /usr/sbin/sos with sosreport_exec_t +Resolves: rhbz#2167731 +- Allow sa-update manage spamc home files +Resolves: rhbz#2222200 +- Allow sa-update connect to systemlog services +Resolves: rhbz#2222200 +- Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t +Resolves: rhbz#2222200 + +* Thu Jun 29 2023 Zdenek Pytela - 3.14.3-123 +- Label only /usr/sbin/ripd and ripngd with zebra_exec_t +Resolves: rhbz#2213606 +- Allow httpd tcp connect to redis port conditionally +Resolves: rhbz#2213965 +- Exclude container-selinux manpage from selinux-policy-doc +Resolves: rhbz#2218362 + +* Thu Jun 15 2023 Nikola Knazekova - 3.14.3-122 +- Update cyrus_stream_connect() to use sockets in /run +Resolves: rhbz#2165752 +- Allow insights-client map generic log files +Resolves: rhbz#2214572 +- Allow insights-client work with pipe and socket tmp files +Resolves: rhbz#2207819 +- Allow insights-client getsession process permission +Resolves: rhbz#2207819 +- Allow keepalived to manage its tmp files +Resolves: rhbz#2179335 + +* Thu May 25 2023 Zdenek Pytela - 3.14.3-121 +- Update pkcsslotd policy for sandboxing 2/2 +Resolves: rhbz#2208162 +- Update pkcsslotd policy for sandboxing 1/2 +Resolves: rhbz#2208162 +- Allow abrt_t read kernel persistent storage files +Resolves: rhbz#2207914 +- Add allow rules for lttng-sessiond domain +Resolves: rhbz#2203509 +- Allow rpcd_lsad setcap and use generic ptys +Resolves: rhbz#2107106 +- Allow samba-dcerpcd connect to systemd_machined over a unix socket +Resolves: rhbz#2107106 +- Dontaudit targetd search httpd config dirs +Resolves: rhbz#2203720 + +* Thu May 11 2023 Zdenek Pytela - 3.14.3-120 +- Allow unconfined service inherit signal state from init +Resolves: rhbz#2177254 +- Allow systemd-pstore delete kernel persistent storage files +Resolves: rhbz#2181558 +- Add fs_delete_pstore_files() interface +Resolves: rhbz#2181558 +- Allow certmonger manage cluster library files +Resolves: rhbz#2177836 +- Allow samba-rpcd work with passwords +Resolves: rhbz#2107106 +- Allow snmpd read raw disk data +Resolves: rhbz#2160000 +- Allow cluster_t dbus chat with various services +Resolves: rhbz#2196524 + +* Fri Apr 21 2023 Zdenek Pytela - 3.14.3-119 +- Add unconfined_server_read_semaphores() interface +Resolves: rhbz#2183351 +- Allow systemd-pstore read kernel persistent storage files +Resolves: rhbz#2181558 +- Add fs_read_pstore_files() interface +Resolves: rhbz#2181558 +- Allow insights-client work with teamdctl +Resolves: rhbz#2185158 +- Allow insights-client read unconfined service semaphores +Resolves: rhbz#2183351 +- Allow insights-client get quotas of all filesystems +Resolves: rhbz#2183351 + +* Thu Apr 13 2023 Zdenek Pytela - 3.14.3-118 +- Allow login_pgm setcap permission +Resolves: rhbz#2172541 +- Label /run/fsck with fsadm_var_run_t +Resolves: rhbz#2184348 +- Add boolean qemu-ga to run unconfined script +Resolves: rhbz#2028762 +- Allow dovecot-deliver write to the main process runtime fifo files +Resolves: rhbz#2170495 +- Allow certmonger dbus chat with the cron system domain +Resolves: rhbz#2173289 +- Allow insights-client read all sysctls +Resolves: rhbz#2177607 * Thu Feb 16 2023 Zdenek Pytela - 3.14.3-117 - Fix opencryptoki file names in /dev/shm -- Gitee From ecf018c939ffd4c71cdfd454382d8dcd2fef1a97 Mon Sep 17 00:00:00 2001 From: songmingliang Date: Tue, 17 May 2022 22:23:03 +0800 Subject: [PATCH 2/2] spec: disable selinux by default --- selinux-policy.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 9fa2a42..0107b8c 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy %global commit0 b5586baa73b14fb8ca458fa4bbe70522b1ec264b @@ -29,7 +30,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 128%{?dist} +Release: 128%{anolis_release}%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -459,7 +460,7 @@ echo " # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. -SELINUX=enforcing +SELINUX=disabled # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. @@ -718,6 +719,9 @@ exit 0 %endif %changelog +* Mon Dec 11 2023 2023 Weitao Zhou - 3.14.3-128.0.1 +- Disable selinux by default + * Fri Aug 25 2023 Zdenek Pytela - 3.14.3-128 - Allow ssh_agent_type manage generic cache home files Resolves: rhbz#2177704 -- Gitee