From a963b7e3746eef4a99c675766dfe3bafe088c181 Mon Sep 17 00:00:00 2001 From: Renbo Date: Wed, 17 Jul 2024 17:52:31 +0800 Subject: [PATCH 1/2] update to selinux-policy-3.14.3-139.src.rpm Signed-off-by: Renbo --- container-selinux.tgz | Bin 13699 -> 13832 bytes dist | 2 +- download | 4 +- selinux-policy.spec | 162 ++++++++++++++++++++++++++++++++++++++---- 4 files changed, 152 insertions(+), 16 deletions(-) diff --git a/container-selinux.tgz b/container-selinux.tgz index 27506aa4201f7a0f2c08117920a31741e61901c2..2d003ddaca6ec9dfe0934915a14d5f0b265cc8c2 100644 GIT binary patch delta 13638 zcmZviQ*b2=ux>N4ZQGpKw#^+IGqIB$+qP}nHYc`i`~LU5p3~J;UG+VF)eq}o1=@t! z0*NA_LH=jJu6%5qHYF1BdJ}p(e%AY&5d1cL$9`&INkV({jNul z5&A$f(5L6VpR220@YF$c5^lok#8JnlCMG=1%*@QqPG~slb8M)LMN#;Qjv6iGe=w4*2$oO4S^OG$wn?qsn^s&WwMcDIgrb{lb`wz>f@uq=PdZUH5(V04vXIx8AI>Iy1SKrrV zcrGS37eZjv(dsm|P_UPw;Y&&C-y{!C%Y9_mTD}1z%XxB8ruR|_phNcD8L0Vr7bKMJ zZI^UQ@EupAzO;$u@tbXYuGqyuq}W!hmRbGr!$BKKyj7ub|1mc!Q@yn|)KRla$s=vX z;^c=*Ibg3fmOF+518hF?dkty5-nTV?6a$wXe`a`l9KLXA|D$oyK%3Bmtwgew zX|ikC-%>i9?&Ie}T#dht5mV4H5MN1W3E?cSt~K@(r0=wEm4e|TD1kw3X641czBM;n zmIL`kQ@PNic%SJLi(56L+38Eh6JIHqI0NoYk*iN7)Z;cs<#V)%1#FqEZC1&j6O}^^ z3ypOR@r%b?H1{UGMSP&IW+`%W&z;6g6U4BJIofbVc-#lCj+6SFUdNAzLm2j(-$&*! zb_rgKBp}q9V8~#UCXg(dZYTZ1;VdNYt>}_=95Ux%186^@WWO*66n(+hV~~z@Hi0RT zNKKmd8R-{#QYHz!16`Idw`wHA>XII-3}K^r-v%ltMk%fNBz8*k2%I2Cb&WfehNCl| z1L1HL5tT%zX2>0QKTc676$Ca)5fv`@$GUb(0Cz0X1gz+cFEP|9B#yNczJA+RS@k$H z7n5-zaD_@st&L^$YoBubBf7z{#dyrq7(wFC%zIn?Jx}TLKpM4x97SOQ@{Dy$i|{P7jx_!)fOsm)P7Hzh=iX~LutsBA&}EfBE>hbPco%RL35v)NO~y#h|~9|VmZ z!@oNu(>MS5u{XF655;) z42-cfNZZh0)c%)+jvnu3UqEYWC&_t5YcacZ&x^ux?a}|TP$<*g{-aFQ` zDbqRN;z>kE3{50++&6{oYb3MDE|Ld|OAAr3;S1Ub@nzP1SW`rx?6?w+PrB*5a>noK z7P*pv0@tV1JyEJO)+aXP<UH47H~XtHxfrO2HB^O)ELfd}(&7zFGTbEmRM+=amWWt#W`K?oOUMV*~G-!7j0 zB9cf9Ndz=;UX744TTc$V@`%E|LY41d5TsgYE1RR8M}nlm!a0+gUh3N8W00BJ+GY*5 zBM6&UCyRIwXLEpB2hrnqfT#=@Qf1=~7iU4Kot!pP-eHh++jtc1<&(CB)=9F~e3W-_ zgK^XfW47}ydf#UI3r87b0i#u_@XllRVHaphHU*4{aATZL{~_Sn-I*X+yYgZ-G@{_? z{uQ$*Abc|^Ana*_2rPDKkks*oA`Cj6{V1roy#P;QclVOU;WA_Tb`L(c|8FTGx@j|I z?^Y-d(3XDguZPW?G@aGo>#l3vA!_vXt3RA%GMwt*&oqCZeUx+p;(o_v&d=%4Jsj&b z0B`)vOqB!FP($-Pl&=@$>utYqtR8zi$mu2C--*SLs3UDi;CUDoUfm5VmoQWY8X{|b zzrQnyfZvlyy`T3dxjj9ke`w_01}09IXpm+(Oj~+B&rARI{9K3j0(}A~M@wXVU!QBo zY2x?>MUk(l+~oE37_~TOvT9X~y(`rdf!5^e&?}PFh~?32{kY8@DW4XA$1MHW3VEFQ)yqAMz#Yo3IgB&J4erRjKq5SpKYbmDdWtbFNLD5BCLYO& z(vlA`V9U%4dnmXy#@{|=fs+n5F8(L2z_%~qslwLFlXN@9!J$u44ks@ zPEH3x!ZPNrwvX(aFM$LB*aWg7FZ!rm)g4L%q9Gz7za~_}#znlCUKo+mrBrjsCAhIr z2A4bsH=^UVz&^QJ0t1>Vpx*)6v05{qJ$D9Uik#8>bX=>)XGD_&?N#p=f${x3It{F?r~c3 zsaSzMhKL`FyPdTulxH4^tv zevn@jsnk9UfFL;+G$ZKA(Wa7p3Rtfp&~z0_R$8+$C_i@G{|)k1w)%43GtF1Z;lblb zMJrk?%@KptZ7aGZ`a9W3bVw=@362P^C7}gS&$y#=_)eC{4fmV;vdqWZd{!~FKnFs_>^d zgahKh?xHvmQEqc=F%PtKX8at0;FuN|VP?r>u}hwEN-ws>tX+o!;&jMwSgr8f z^m%4GYN{1u)58vyd~xOq@=h5Xm9Pc1gj zF{&Oj!Yzr56)(_PiQK_NT|K%SyBrkfJQZY!sI#gQT=m~u00aBW1pWdR+ zs`KrlPdx$i8K3ULEFH&d*;CnUN2LU!yF18A=Tn$awwTLpaHtpR436bT4Vha}G=yT2 zX^K7Wh!YPj0e^vuiIgmBFOvo!u-_`YZa4?4_%#=!P6w5#W_~kzbr&04IPj?G%Eic-a6gC%BhOE7m$Q)c0IXt*J;b==ox? z%KWqI!KcHci*l}%Ze$>eUsT3m0I~4C$ERJYZjjZkRbY`#CSJ;#!9R+wlK}H!$8`Ir*Ls%WlbNN$RL|P+49PqYg_|biP4znz z7n*@?ok3X{S~Nc3*W*(Vp`As^SVyR9T0bHQF)O;G3Y#aSi?vV|fr(2ot?EUv4$PZ~ zqH2G@$rG1S|JrfoLr*S!L>EAPgZkG=T``RW~??IKF0Eo1YlSjJ}CsDS^ zI438t>?kU8f5nYbJupKDzH~h`(^mH=ajiqbyPS|)dh7Ayw?X;mkzeoZq>;+>1to!J zlgCX&QRM_dfzDrlm)ARmbDhqTV;{+m3kPvyMWd$O6fSk4+0QNddB0I01V!F-V!UHE z*2N+a)BUu@6^Et5khh(lWy4Q}<^j?>#swq#Pc!PC2ifAli2`bx4u<$ZH4?_WR<>te$M zi#I6sby6P^X>l&TtPJX;wESB(+RoSo&V2>0I^)&cn=x;TrAaRK$ZPwYusvC4n8ACK zd}mCyR|@;Wr}^zgOQ%o7$B`P4Bj|5|CFMGUY>NoQHVN!2getmY)(mQ_7L9M5MX?)@h&Y%@pQ|BZQ;A!4TZb@@Q209k0WpnD z&Nz1O>4I0=Uyo?1fc?4vK8jbzKarR=CJ=UBT3iQY)7R3#pAw6O{YSPqQdN&{y!v2g zxqpSBLSjp%=m8BgM#!Q416GWJA&8`i>y)F=V(|(B(GN3Run9L}@cw|_{yVEv3wYc^ z5%X!LdlD$4KM=Ad7fqTJ+W_SG2e{kOF-IOG{4eaBvhJ3`47Fj6FSXw)T|BCm1$e zO*0?3WhC;nUuTn*Mo{`@??%zb_|j zgO^1zuN7dq4&0gVOLqN3Z_)Yqn&$E@BQ9gO7W&tKBE*G>C@iHcQhHhSQaHSCVSN{k z{i+#t-&WW?1-4Rg7x*pwR&brLNCpY~%cvx0qD}8i9lO(hf4e5@y7+iqI~W+HHl4Bc z0^F<29$MTDE8yRgqn%na_q>kc545_WuM~pn_Ey>7+BopFqK?7e%_VAC(P&uclBV}u zP$CwAo^_d*mLiqd_bF_eQ37T=o#89yVE*ee?&Q|9J;hnHPg7on$A{N@RI;b#R<-+O zI;aJTn7>%$*B651YI-t@%t;VxdC6$rV0#awkIK2j>n8ufCZL&lkEavYMeDbFbeje3 zHu>L>P9RLu>%ecfnq9{y@h<_v(Ga0-ZmkG_i{W>IKuO!Eir7EUqsv`VO}IkJ?IrsL zKB@)it1DEGf1qSe@uU&CC81altib_iKJLY#SghmvPoHz zG!A3vK2@2m&d zW)wDaUFH&sE@~0=5nB-X(Ub~=jwWV+qG>V$j}?zi_Fc0}JX)3eTxfDUEtMan>27I- z;7{X8sZEpbWcn5{*~9~hEf@a(EFNz_&KEygW4VgU^zv|}SC*gJsKuyE89PF0$gH!B z3tAj1u(3!H>7p~6ntuUjE$q&*LSeyDRllBi&!1$v@zhQrrW3E9)(eW*{oe31K zQKB#m$65;eYFJ=;Jd&!H?RW-?pFyzGArmVA>=FLw0q77(u%g+P;2UU3rI`Jo^(C=w zTF#LU1G`fph|^{_tvG`|+0_i-$J{z3`e-`ye5k2n?&+XkeM}-v5zb~JmnovvS@q!D7RY7{aVGbxDXuIdq(MP$fb%B3>fWnsA>C! zk!s*92>K*q&@h6Qi5wTJ=i-uFhb-L28b9rYh52evST6A)^qf}w(5MA4WrMX)7|yCkrPG^n`+6^V&xtQVJZ4 z7OiBKC=E3u&)a>sm_-LUiAJqtpIyE}vlR*CCq&Hc_=SI{t7;;&Asa<+^_C=V1Uzof z|6S~Ae<4XoW6!DE0*fH|WqETDB*Jb7LUH39?4K4N-*L2O=>iRe!(MVoN?H-4?DRd@ zkxKEQbTP+=)%;H3dDIG_tP6USR^ci_z*=LNu|^A@Z8@-cgp8L)$*(^XHX$?#3H*B_ zyn~B}X4)wyIS(y3i;8AeHE-NqAD&RMDmAv*_o!oF^D^v9eYVWPw0zcs8mtyN36azLT=@4iZOLpsClmyK-;AZn-+T78*XD-uaDq?9&|Hwnz!8(}pdWU7ctl86W+TK8A~6q-R842aCHC zW3S9Md>zr5|Ck*|RsKKXY#%rirZqu`kh?<+YYO(`lM@F*kQ}IVIU>%-cPGXobE_39 zLrAMXgSjTBCS2%4eUFEhQ& z{%RDQMu-a-k@e$e1>)P1`CBoKd$w(gjrJLd!J6-wi3C%eHG`Qk>-MT+QPl5blv<_O zn52SBi+jhJRAY_M1}Q_+J+GSr{Cys+IK%X^V?Ry|ipZnE|_h*{Mq@DAnOL z5ENXo!;v~*^V}V2TmhfiAKTk(1%(pHY4VqQVMGU!m#KvzaUvS27MPM7eT#Uo#OtZ~ zBNx-Pd;JsPCDn4BHrF5O>qDQ`*>6T+(zigmmX)d4K8IM5i;lllj%_~FhAyG(>A%jR zOm<&@L5mJ`6;|u^1t|C+gHqDhBD2&30|?{SNzD>#qU%CMgdyqUWow3v8fnQ>LU0`Z zIBA>dw1ml>GQkBR_NGxUNMB5`- zulIs&Iwh%>rm?FM)?J&XonJwmsKj?K!T0QebeClWtjlRUzx+4+p!K<4b&W0YhQrEg zyyc^yPjN;oKA4p%sKC|Gt7E$YDh*zy<6?-%MqGNm{OwovEX@3``LF7{cp*n6Pz%mZ zz(iSDO|aSUWrp6>9vuWDRIFg~QpIf;gP27G z2@S%!SdP3P1mkg9w0&J!_X$P>NC6lQsH61Y?+G-)1VHqkBTB8M^y-dHR z*WXas3<6M#;ITDgZ%k~w#e26B-*%F$LLa$~n)wO>uei^i*L7G|f=otVVI4gO|4but zoq!D?8kf7wo8v_;Z%ObltR+Wj8{(2mGSx7@8hUw%Pf&bP*(YzpN21U9h5Z^0(^j9L zX0pH-D{19`PcJ>2n0ag~WhzggQYBA40Rx>Oy&au-06VJXP=^UI0 zxSp8OXPnro(bTQ(NZjK6(+*v zUt2w@;p{B2`;?^BHjqX@JmU0RIVnl`mrtpY3mo=Ei*a|w+81SW28X{XXgPo`1|L$c zXHgQIn!r5i4Ug89=IQ1JJa}XS^1azd%R5VB&AQmD3-bMYpZ&+jgo6za<}JeZ#7Jk4 zM8}^MUOefxG=hy%W~^timYE26YXWSjg0Xs;DVZ54JfaFf*h(qzIiU({6%ki3%ETON zwYcE!J!Qw)H|V9>D5enHbqatA2C-pmw@c@VV}eWv@4h+XudIdciH_QsPpjpA{g5v( zn95D2-B?f_Zcwt{50t1=vXJhNk0TZ4xklZ2;2SI`j0K#9pbk5vb09M4oF6Strtsu# zb;9aFN$^*G@{R)K^e86(^yXyz1&pX41TEAfBs_LBn zvq*Q6!W5XyI_=b(P5aSnb|Y`ee|eE7B{Mq@qY|a^@VAi;59`gs6UoW?g|!&j-JtTv zJ{zrolbTX5;U}{)u?Vsy66DHRJ;tu}Tq{s*`uns;1fBud`RIt&05f#$|LeN0;Wo-f zDqFv$TFQlao5oTTdVk1~oI)h{2*kJ=VN{(At4X=wi4wUIRFrN+)Z-0{EH71r(8f#o zc^$KIZyR2P{)I9T)SEH^I*eo399yG?H)eA%om$~?lUs2?vR)d?Aey0ksKSoPw9LmP z5P%3Fe%}EU-?Ruu{X0vXL(yw1%hvoS(g8|k=`37;^U`(Y`T0%`us_9lVe-_n*J=gkb-0xc z4(=O+sCt0uPz(d11c9*rkduwA$PT7GECvx7ncx{X6=KO{p$DNMQ6zC=b`>;jV0*{y zM8_l-Ht{kK;3K+s6(F5hv1lh&;&#cSq6J6W$J5h3f$|abJgG`}5RL~`Tg*k@Btzk0 z?Yq{r3qQ3Kx&{z2%(m`1<)3w`!&QKr(@UiQ@`NTB=+YqiJ)=l4tQSe?0VA%cEa?#* zl&C<(2r>5%WSq%pX(@;YwhZfsuu&m*8;H1>k@2f@fY_jzY8@PLR#c&|v+7>dNEmrB zdr&jw?hsb@8;Th5uJ>h!l4tcx&<45L)Yt}!-OBjnVbLwOFTok!n+`*%c(4-AG^eFL zQ_YUuY!V_-iB_t6eEFZwFb@N#TLyDAKq(q_X#+1 zJxDgUja@qi>bC^EQ%QG~t0}4(s^M+bQ@Lhl()vs7HXk=X&B(~8n6yJXD*tXw>Z3Lo z#CZum;y{b;YrPlW*T%pka3emYV$H+YHYMG|T4PudNFkIK1gbkFZPL{~bu{k+->I{a z)C8t@Er*$z$bgS~D796%wLb(tYz$;u;172N&&H$d=#g&>z>JRWE5Ri{khVr{FW54G z?|evGeUfr|-?h`mAJHQ9_%2Iy&pFVEhLMF2oJYxnO})4z(K3#jD?uP|!F~3LSRS~8 zjox8pFnNVfafSB+4eZMT;SgbEv}=iPG!=%X`n}g-he1$I@3Fu>J+~R-hY5tx14-VB z_H%gP5?Cck%L zr>*|)IR*u*5^Y0?h&1>IOY-59qtVfTHK{6sRk{Ci_NJuO*PH# zYG&*+H-nF3fL>|)^+jK_rnH_=2)z1xI#K@}Dn`k@@|^t?8558B<>X-We)nu2?%}oe z6PM7F2oSvzR}MZ)Ea2$bfIbEhiwP6$sp~DAhTrNM3!1HB+{cygSmsB@^>&|=oN3v9 zxj%j4wiF>1!c=0fbl|^5xb_CxHCX#Cf&9S^714D2m?R~I97z>n?mKUqJicHL6~SO5 zZezyMV$TM4>9sE&MnT2jY&AaBV2giQ!Ku1rm0&^PUY4C)l7E(fFP($f*6Ow~a;|-XF+)w5nowxg*3&Z74UY?VVcI5E zoG$R=F$B~2UZ7$F$ye}b#m0-N5d(qe8CEEftmgoTheC=Me{+P5m~3c%c3Yn%dl3O{ zzgi-3;e{7&ATmD0DU z{Sn0sM_ipW?*9?x6FKg^8sP`w)5z#Nx(0E zOA-qBp^VA^X?!YSkJIo;7{sO(Z8m@!SJ&`=`b8uB1ZvaO0NHeeML+B|H)~)Mvl;8b zb0_CMEb-nz*%M*vBF*g3EV&Y`ovgP{u>O|+FoVz!;^Ja`^u&}suiQGpsZ6bACnOT+ z^Y1spE8tSkAW=ZA3aSbB=Qci`Lh82UL6pR1TUut&Vb}cVunwEZF^o=vLsUJffI{Q@ z#cPTvLT0;fQWV!t+EB<-9W!lYn*vI-s6Oi|5_(FwBmg#|h<7#2d5WBjsK-|Yb@ zP8M&DyfSGF1=904r&2NR-T2Z}d?Owg8xR^H(h`+$u>nz051tw7Z<|{>f7A*$ zI~V5mDEUUfJbmh4eyu`IOAO-B)?p#}Nw51th)7muzf$%L%-{K{ocd#p3|jPwTMQW; zXwsgqMVw?ae9OegJ(9BjHbU>v=w~6AmM3+wa}E|Tj~ekW<6X>b!k_K86&6ntJ&>f@ zNPw#LP(!rkZcln{`Ws;|rz)5NgE{3j^gLvx()2_3>`$)+nUJ?a(Cf%Y zYq=xkbcLEsTRQ)fDrm2uF3qPO3UBG+?|>tTm4l3A&8jWe303+4)zh|XRNPc%ay{7% z-=@xY#se5J{PtjrsECL6Y?h%qFSmf9V9iWyZKI&u4&_@MZJRPiV*Q2YM6ru@fdpsb zs)LU~QoE*PYVjo36bt0*)kO|11H1X$+luCTZ*JPZN(W|H5okpKU&s!h`>KN zd#qrAsN&b9EH!cx1}|ocn1k;^YGg967HEy1LFVLAV+Rama$43^U^sqK3w*1>C;w3C zgzCLXz*$@OvJ_=f=_UX>Je+*S`BIqRYaPU<%$GG+8+l zrZUcRI3m!HYJWfB^n4rVqX+Mq}sH_Ab zmyuM2`F++hG~7C>Y8>W+QNR$w9EMQm?hu193_?CQ=-^XqF-el!7O@51@pzYsnv^40 zGT_Z}nwg7s#1~fCc2-)*TZC2)cnd;^`;3W+26UeEf_^VRRds|OhJT7DFSk?$PD#3v zkM8m>881z0BSKWMvJ=K=MtTb+Q`G0#Y>;*N9n@nJ7O/Rago4H)33qM`HiuW)jDb}L@Y({m( z`A5tyNUOf81sKsbb;YsC)N<0g)pq}ssOxemyhfks4wT8mCw6D!AvyHt0zD)?T))qV z>)L_NrD-+cjX)5XoTB~cl#_#hza;Pd+wSFzYaZ#7B?91sfx8~}Wfb7TCi~gF*fx;o zaRta{4~O9EMdT-5xf_s4p~WiB=!1OHuIz(<)Ae z_wV3EvG&2+7m@;ML%tqKK`A^U+1yv!5re24dja$*RGeT5jZyf!AIGavBwZUE-NnqX zZmo=X3^@r7z`^WlbSOh)A{EeTYCdsl7;T26N+nxn&f<9|2=I4mFS|7O1Tl8A#t?cA z%NmJ~NV|Egan7G7yMfOG#_kbmneo5rYW`_1OK@U=ov=ryIRSAFeG{NmVa+VaTGpgh zDRCf7Xr`M#$@2}DC_n~RuUcoCAY8%mo;6_MsbfCMP43RB^s52#{YVdsSW{(!xHLB}V+Zf<2u3 zmF)n-2o(Bq7OzeQo*Own&+>P%k63^M2j{Q+6`gWVk*6mJdUvCp32H?HT{0iTLVkaU z7X7|&!x~dtEq+Xc{SeJZ?Q_?pomxB_CLAC-tls6EUd+cdNn23@?Y=vz$>+jVHXtbo z`G*nYHCVq7w!I7USs;;(ir7D?pN>{M4G=L*0Dd^G7N`_4`9rmX3tA=|UalSwa*l3~ z`|Z73fI>|0T6hpY!N~ri@GT*Un>o;Jw*0U=*O2k0KAFA*mC3xnG+J=A_c?Y#MF<`& z^*G`IPkPh;US$VU+4%|S{T3Oi%XZrFXoNiCzQT+f8EbMjE7%INiof}j)n=SQ^;{^~ z0-X26^1I|ldpcN6#iBwK+;4J_q-V8P6o;rsX<-GwjwRWYQ{Wyjy2d^@tbPfR4o-B^ zX@{N4rnA!>LQpWL+G-Snm!rK*XV?fgJ(%dbyW%7(Lw4bI_#o+O?^9MfgEjmM z#&9gzNi7gQcPkkp{D*VmnB)9)uMBN6=yGVwR9CZEsVA~qT)*d3ywMxPc zyGOgP;k|-=?A9eOU-F3T&ZhrIrqC7y(;}iR6uaY26U69m0&R=3`i-WO#Ap2`{y^`k z&4}lr_G^j}gALniwq|S_J|kH5Ea3NO>-PFr)N;rrLwf6AmG<&Tru>X;-5R;}i9sCs zMjeyXg0X3q!s6=L%NK`%I*pEWE1ePC(0WYw258s*YncJGTZYA z3{!f=*;|9YUvOPgF%oQ_XSlhHm=1{IU*$ZCyeW4_xKO&5vC#he2_a0^JfKg-A_sgb z<18Szak!A8*iOw=r_NBP^7`=*CQw7J-iW#Zfeb#-S@AN(&=qNp&_x*ccj$k83NP7= z1U;S59946fvl;mnQlcrudm0whx7h5R`j-%OicUx^Y9miE%W{bh_K*`=Iu`T%L=O3C zy*WTs!%OTmd(I3O8ran10Ao6#E-j+J*}e~w;1h#7klO}E0nSt1XO<(vSjX-a0}}o0 zGmXTkF3au9)KH&1p@!E_W7_AHqJNJvmHiufFq#eT+6p)T{tvsVZWPe_zreF#Qa&R& zk-L*TSav0(t(b&oHp&LfwIk6QppF=oCJ6*QCx(ps#I@dwdoEAJfnP#5_F^_)me{0t z@8F_s$oslj)yS3<--l;!UxHnNdNqxr$#?kt23?*If(G7iZ%%Jip87p)zTd-CO!_|G zM^9L}fGlLcBn$e1G7l$D}RvQ<~X;iJnR(ZKoy7#?IQN@o{vDBBR^1>60YsvA0tehX>ln=K_xD|o;kz#HT5ti;K==SPu0D1=kDAH`rpYt zUkg^G+1#*TQ=&cSvb?p$r*4ZdX z0I@hx_X2;QI+u^O>Fp>I_F%>0!O(}1VPLM}A&crHiMnSY&~!AnQ)D4D#fzqVi*1{v zKVs=JTyhzDO_Go?fm<5FK`e_BQJotYx3GwnA1nokKmHp1Purcg1CdD@d=mP(NBU{2 z%8+*lYX0IZL>{>OZ?SJG2a`y=ac>@8v4cS z6{acn|K(n&M5?y0Ji(jDih)|R+rgmL)RqZs#23yJri1j^M)y(S+>C}) znKS$_kc)VKZ(uNdf(q~gN}yoa9m#jx)g zLf}^ndX(-AhF|cjTdc((j_jD3Yvnb~wFDs#b7C-bAR|ZUP_~*Kwvj7~U|4ni=M{_( z6+K~K-bZo}v|!n-Y$n^Qn|ArArHCvdPO2t%Xh5wgVy#L)`5QHCV^SW5~ zZ9xDpv!4MW?q)MK$hqv*{%X84VrVTZN>WyYL;7QuvWW$z99eekO^F7p?x&2VGc^WZoc=1rnYtgT{d0FmVo#@kAeH=@-^zx(xyaDi*_y@{eNVC~<^VVdW2D3|ksXI$YLGRh zON^#<4dI-k)7m>SBy}>2n5RGxKjjx1=H!%~oOyWu@5B0krvEGS190d#ZKLK&!YvZymnV8=h+4W6?w|5_s*lT4oi9h#x6@wL{-sFevg*8^mMUh$YZmES;v-!M+3zcXD_x42|GRgSxQPuMhfRceCqER{gg8)7_Z#I zqp>vRoum4HogQ>w!OYCR1ie3xSH_rgft%Yg;NNstT&|$^&F+C#Tw-aMv9#agN4%TN z?Q!#?5lzKB9M0?K58qsVna;~6kp8NG&z-q0g@W#Uns5D89huBp6J5P4O%~sXwvbGu zSCHQ?U*CyoMa5ikL275K4)4yhKkyHO|-P8;g2&bYU01}Iu85i80cRG#j$A2 zth|ZN?T?Sja-lzH|IT(Q-Ddg5;a5&-f&9q%68;J$O+xxm<_ReI`&{KKy^dN;0k(Mt zRwbeZVd)g8D0%0I;N*7lSvL{gKgR1D2IDt(d<7j0KlO@vQytbgr=u_$M9FTrZCu2e zI55d2qr{fO7qHA7&ab;w?PpwNPI1$@jw0`I)}s^OD{iSq(6UyhUCn0Vj@!e~C@w6* zt8hg&ONjj8MRcejkni9Z*bDAwfPa6Rj@<-AgG-7npwukaM{s^=2y&|IvA&W*U8J+~ zY@*MF(Alpy5bIBSIQ!!pyHQ1~tw<4@?C#h5o^Ce?`j5ZatzzXR&a;Z$IA4VumA zoWmS%OyXrF)OAK%weY}e`2L6*O`MpTH)+>+R&N8J(-YA)MZwr2I@is^19C(uk6$ns zL?qP^+)~jnEq-TrmHuv{6`aX13Cnm(K0+Sdsay$~eJ;BTD6s-CMM##7hNArQV zLGtT9bh~Tdl;FJTwP|?tcLaq51^nA&@3ej`rZbx$IB+=l$3g#?8?P#o53^v zNLjcdMv%Uoa-L5>S_CCjz8GcC`@2DsBeqpIMuTM?Gu19$Y2=;CYk;7`UA zlun4nim!ulEH8#?()WZp0NaPLRgPghFox38KJEi&t(L7H^rAt7FRR8&olP%k}H~bn|MQ4{0Hy6|9dy(#lTJ9IDkAqRysrP&|JycYF8)CW*BEPYsE3YUg#VsphhY|c zeg{xTECLI7HALSBt>q#lw`ey_i|2+qrTV-*y6IH{zbkZRdfe?+6J7T}cLxSf0_iV++vTSCg=U5NhA4$ zeHm*@`FrGjp0Zk6v9kPY3_k49YVDjtma9nrI;jnc04{1j832iTlpZB*LSfUHYeewP zxXKpWBRI0ja0L%ebXMN3IZHBT+Ul%X{yr|UqRB~{X_d%%Qcd~}O$?Co*-8|%UC8!7 z@=Hd$;VJaY3Q^CtR8G^)pg_~&;GIZMEVSS7Gs=!{Y_f;g5rr51mBf5dv)YYq0B`Zy zh1Z0ND4p4-z#b59XX4h9@NH(;u$x2qxTUBiwN$ClpW$BEz#29p?QOV8IQ5=uXG}-U zr7+ClyEtpOXhuqmVF7;7ZMKSAe7Ya|1N330%~w7CAt}fA&^(H7kR8l#kSA5V?qJVJWvaTuA(Y>|6wREZeL)TZAW)J?{QZ2{g;h2k8QTq{RUdmO6p&KK^9sQ`ZF3Q zeQjNbSS@}|9hb~BR+Bw!#Rj9rS6P>CBBR3gl43Sh<5?~vKqo|Mf&`qZ3}N7*S*slP zK;45y@yyq0Vh!%e5e%u9@K1i6-u%7Y6DGQsnS#cDiYL5^@tn!in(SXZRQVUZu5R?Y@(Bg(2BFF8IZto+(l;maEKHv&k9Hw z!W8eIknXq0z_C0vm+)J1l^~nY{s;_AF&(7tk?<~27tTRG*ienC6ZtSdMjm=~u&L$y znx0Qv3A0M%)M*tG2J!E|1)-I$Z|#TCfqnDl?viN()FOU0S#k6G_(Px0xJ~?Pk~_>; zLAa9EVT~HsPDDevkWT!Ba$~54nEz>@oOU99GJP&<-XPr9K9;pXH{oukpdB>*ed#md zMv(@t!)=E2aMNBX?HD&x^DJpjo6c<(nNSEN33|nm&EaVf}aYv5AL3-VPSRY zV6B)KXd~M&`eDK9b8kZ4i=@32a5hqV$vT0_ld8p=;mUEvV;DnDL|m{#H|VY^!(zai z)*%ju|8xIb_0*&5{XS>A;49hNAWPy&*gxbB{GNPqE{Gd;&==~P;Q$&qMZSSOIdJk(uKfZpH{Z*N>ihjo@ujJeV*wBaGye63QG-lAL%_ImzI9FVd)YI_qp z055L!>L0p#7=Gb&X7t~JqSlrIHHK*}C*Iv!CwC<|W11&^%d^>Np<#HR&k+ZU-S4q7 z9YJWxBa#)jyJlzR{DG_2lY6BAy}`DOt!q;0(Blza&^gu+QskgNj&i6fT!xxh3t51l!x%2hoBPewrJEF5=!hU zrwy?+5;)Wi9NSH~KUX?DeW`}-*0WT3lhWJaKWb?r8bbTAovM}D`(cgGIh7JkjCGP6 zq|Yt$1d=O7I`EmDk}DIU0~0?p)NYe@10*$NuNV3f@nT5JvqHT?zbo#bg79PW;c|d` zF2@qS8Bl}%kLq)Ox`Mi;PSuHnelxIJmD;NX-z-l>yIa?NMfFhGBwIpa@0HNDAyc}( z&~V`-R0Lv#=ENrbTBa?X{a1`6J_I%joNIzr>1w{kaomS`3pWtykvysB8d7|*QhLQ} z1RQk7k07n1q<92efI7~hhvwHzu7XD&Q8rpaS6?i?7mC!T#{8%vIwa@cN>LpP9Sg!7 zF~cK(0G8&D0*s4a+NKyL+^L2{EY;U%Dq7Dd<#-_Hs$7~_lNoU^ZQRu#!|@Ty zk9NV;noMcDzpM=R#_Q=he3~eHk{b{SIA`Bw9Yv|3hu|l(fv5m?p$has)lWS*x}-+o zD0DF{W4%CeB;LFX>4jVdQlpahuJx-*;}2Ia;*1NvbjyelnF~o!B}^3@G90Sc3prM^lDw?yM*Cea(w#kHFig1NoLA9(cOaV3?Pf8iGGPPpJ# zBj#v>v(C`L0Gf8T21TkyEWhTNeqfsgea;T$6Rl3ba94}jun{=p+n-ET345mRVS^A> zhx7MD)l}%WZ>CH631E*H!H-N8 zcVPZqr6IK_M6|`8hWE`UHofPM5b=W&-mtEBS@~(b0kn%Ub<;p8*HJHBVY8H^C@95B zz+DT%KMnTO7VQWF(Ya;2Ymz5HSth(IZB!zE)}pFg?&XV_R_JdVH?2@wT!xFm6^%t| z_8a=EYAIpzKDAGK4;_(rFKG-ph`XmpAo5QPXGaS9`?R=Nxw4ClN9?ZW_cW#askS=G z($&p$;GCO>5v^(Yt`PGJBcFv@GHal(uZYX2P=Kp3t8zYkXo)a8gryI{05a3qJ&ncc zZ7yex_lM(+L|O&R}CEBU^<)AX3cGaE0Kk?lu=5UEmI+ZvPD<>l;o< zs3z;%H6bD_lX7Wuu#4vGt(A_FUqiM`@05s6oz#I$1PsF7_^YJFXAfy;eGjg$Ms$?Q zAa9?MHi#J_YFx5wGvA`Jm{&N@X6i)CX88+E#nOqBVS-egigl5COcPv?kO+SN5X@v} z@n^U#%q_hKnUsVb(?uPVKbVi5WKyZ7Q#GahL9!~?r(meuu=lQwux#7*X*lN(1C(Bi zbdIjgIACr47OJo*=%0CRpS|U@%0=v7+||0SSC$tyS-YQ|B{c6ms&I4Wom3&Bz!<7_ zF{aQ|bvt4!Amvle#4EFL|Hfue{(j)!H8p0WI&nrtjA(&974( z(4RwJskU<`i9jWzhV4`yHQ}j`4Tc&2zCiTpLtsX_bu#KyAG3G+%Z^ENua0vNiQ%$ zh9~l3Y*sQV@`G&9|2)Rdb#e*=PfHM?eS^3n2=?a7TelSR^m0wkG+IEJ9iy8=jAc|B z8*3Vr_OF|KW78rNg~i8EjhK{|WglGgFyi!r! zo8qhFI~+h>{h_$GFCoe z&z1!ryj$g+{0!O?Y*9zR?*SiC_JiKn)G6BSZ;Y-ZX5V0Di`DGLCa_Z?JHA!f0H?iB zTGl;fdLEpvZ{K6{rJL*t4xC~!sFjL8pfkni=tx7+?`iX=?SoFO0}P6B8~hLgjw!uACIpfCXYUqL{M4&@b+DmF>YBuF-5EzFB@zJ_(>rhvYWbM z|Ba1Uc)kh(>4J(rfyB7<8$(qqS$0$$)sl0qV1W5qMWsW}YXBs>KQw!ifaFc;uhd%R zOA=RC+Pbo(eY3Wi-s`8)G zduNlN4ie%?(je!&raLl|IkWDl6-2a*(VHF9UnF`ly#(M|0eRU7N%dEJ3 z#2NPP><|f6nedqq0@GU<1VyLC1bwxftmswH%IcTp&stmaTE}}Wwwd8mG{vv%M*fRIBX!A796v6Az~WH2 zAy!kq$1FE8Ca>h+_VQH?WGJLuMBL9%*Kk43Q<3_s`Ld`yJI&W*8)6+DxWNwF7~oeASV##I7eO-JQc%|1x~u@5O??#Qe? zNT0I5xv2cj>rlmoCbxV9U=qI+`mC;IUx z%{&+qS!q)5Z51I?XB;7Q5zXXT=MPN9X)#UINl`xZN7#PEibXIUicjvU<3OzQNx7W2 z5*SRq2g6ThKEW)6i+pUT)|2ye;b8ynh66pA+k`DW^X}vXq@!LDwO8emgnGmnT7d*@RtbACP}4F zI>{qvv|xSM2sx$5r>VjdZTeem=OJx7DF{=&*I)LI^e2<|^87YC*gzeGkrR|=IGly7 zLtCaynw8NHkd)cSdh{C34Ms2_I6Rh&kB@n)0KkqvpYj%L#@!qH!M!L9Mui5|u!X&O zsO(>m7tS&muSSqhswj=^C=fax;{OsMmT~b==0VD~?ks@iqFAnT9*N?fDz@u}yUH5E z+FrSGv0C8)>b;Ys03Z12lI&BJPVV#bs5M;icWw-Av_1TF^aPH%G{&x2q9YsHF76QkKg?9YM06VBq)wvKgizXEzC** zcHx_?T=pj>e?O<11(lsmwV9u=3fTx;1R#-!exEX9r02g1}@pp z<6D*Z7X?@b<+7j+&dlD-intS5WOy%pscd8ugFULMsBHbH>lWLHRb*FzLry%kiQ01g zw%!vFCKIGc`5WZ$h7f;#c?l@eJwUbH8F{9Ab3`hfuwtexu$b-*95gDo@|%&&9<|SX zzdGodCw=%3U02#Um^$`;ITgJ*R|jG(BabMDYDWCd^nr^!jY`{Zt>jQa621A3B z>(9^F0dYt-tERxYt?F@vcNn9(DVLHB!A?JDd(#bCNqJT%&1dHRuqF z*wO(m!0#wRRe{aTz)AjZ1j=Zwr7L6y(w1v9;Xyo=H~tJ#Y2lZIP8N56cnsr(S%iXFnE8UnbE#sf{}iKv+#Cm0d09inPLjh4>8Hel1O#a)%nf1?^??G$6S=t;+VUdZB&Hk#wFN1BdmyNbGPH?gF#L4%sXyF5mql}9C_q(!w6M_9 zcOOgdqs<|d!=Hp;>EjZrS3fK-MWXGgq3_ZTHa3Prd~OOR)ZBcK$C4}eiPQ4qXJppM z)EnIKh!|}~kY@9-Mt4#*J`RA}|89=LX9$n~`RBfZ01-+|ZLYXk)fOwRsnHQ~)~u9* zW}EIuJ1j^UmSdK>cQh1-eK4;#0yn+9WIbv&TBOEF^m-ly#Luv*8iKKTbh`YR;OQk% zYVLbBHP44D$80uU4r~xp<+3~zt%k`b$3sWhtjp@H$wBMnxDa;cNCI3B*74o73OnN* z*z}Y7BaLH39YmcM@`G||=y+I{LX_4y8p1ZRjYRDo%M8$pPzFBd#D=(2BU0!*1?<}VDXA& zqojjoBa>&fPom>xvjL85)$4`LwSvOKgy9#H{dP1VgJ4O(V_queG2T_bNaF_yX@>s| z6wdh}m;QTTLkl7Vw-`xvpspP4@0+Zv#CfOZSZy@siUYwVX?ZQFKd5N>KQrN<^?Aip zPh|uxWuJ>m2K1|jFQFoAq@V@PH|`Lw9i5h*{sL&rb8PMkYtR@ zOG_y{y{iwOWpmEije00K;Hv)Nar&Kxk*oj7=u5`)=t7HE9n_+*mH=7;O_s3XBBHv} z?5IBccligZ15oU6DR*yk4)4KI_SQUE1eja%VqAe_XQ&l#0+|-V?^(kvIFEX5laYwl zM7S`8!+n7^ZOEvm({16p% zBp1wDx7NMjFpVaz>=B zU!*({(a8*^{CIpL2zqjwlJ5t-sJHtR?dhA#y6gwgOT46BLB<4Bw8O1@GS-HmsA)y5 z17O*$HjYzq@jUKQcYL}|?n;X^OZdD1cPD`!VX6gg;pBKN(iUMyQ3NE4Nu8?3idMxi z#A0KIs~Mv=Eg7*mCS3`SScMx$b!ZTsZVc~PcpX|91;%U{f#Uh%%y( z;BUQ|NEttQpydyC)BW-H>`Z~z_K92TXFcc_j^|uSny*UA!{-I(ho?+@^_s7S{@2njZ4l_t3VchAI;Gl^JB@!oJB3R6zL% zaiV)P7&rXyuSKTi_de`6m*(4^;4&YS%ifpx#yi$RAK%o-Zz=UCUf<+cNIOMRe!ERC zNnQD9I1AFK`dc3*?FLbZ9zidER4}3uAq{uf6dk;9*)nnXHd~3LbVoxC)J0)Px0*rK zk!VkG7mM2I_?L_=$I?)#v7*QgCIMt3g{pp+>~O zI!KYZY>W(lbI9f%S8cL>vHqu+$ivy9ZaLZ(ZGlAU)aU}6nu-Ry2oQdvSVeQSPd|R; znt<2g;M&c!j*q4;7uipB2UyQnO^wsYCr*NzDFb0^#Z{qHh3@!=8sXvO5QDa1l|#mU zKjJd5N?Ohh#JF3r1 zbLb%L1ux_-~8Jw)|oE!aHDHs!%U%)t9rha)Kylx9V+KzCrUoy!)k~oe& z73s~?R!K@0#S!@L>)mb-Vkc8Hozf#IO-OI1ZeoU>O4j93lC!wuH|^wACQLq;2)84=U^OFR)Wc z;{&bGZ(T}y4105GF}lMs14_CN*s5wnS2U?=XE{KYt-EwBEWWv{Qy)Z(lP#-l>`exj z8z|5orpxdlnn;tq=Ml1X>oTmp_1}pbn%;!CCS&g8Fk1?gvyzozZnheJaW48u3f!os z|JfiS(PGNvXs}Cht@ACRw826DT}jm~=An!hR@g!KXLf4t=pu#Lla01tE~LHB!F@?; zf;!L{-cQcfz&#QPc`VIMCc@*gBF)l+$&Svjm{~+p#8wWoBc@tMWxi8|;pu=DhH_wM z=+9r(-;qlc$YZFj!Qh5F7x6<|Q*5dapZql~#s}B=PX%Ll=J7VBc% zikQhpCN%iQww3xL$Qk&p^n5cLE`ZoZuG)MUs2JLZzn$k_#S7)>WcR_=QX9YTuWij9OwGs7ctDG#VRBT%;I}ntoRQ=6728O3`+Ls@x!M4_jYupU z8dSFjfXxnPS6P^Yp)lM7QG<`4mvn%z9eMLl(G|k^Px=>3QGL5})`-c7!P@99xjIJM zV;A12cl-_!8+hJFI%w<1)g)p@?LL2SewkSgZ#aF}8l8B%p3KB^`x()AX}~UEYM5BUX+jd8+QndoiVI;9TOd;#ARv&N)PM`M1KyR- z)yGf{q`6FJCt&&>Z4`0cfyaz)75FGFABmh&OBn|HDU(YLmXq(Xqx~t$Dx1MGW;1P2 z^;MOf3%rqFst31h8{$=yDv(lTD0v1H@tr}J`evY@Gkcb;ebZrdweCbj13oUcz`XP2 zWyLN@IqS$&^=s|Ja?xj~f#uNNW^<;yziLgFiIvEzYR4`1k8pChKw@Tz9r1Z}=U*o> zGzjiwHkG-?J;TYp4h3ajtj`7YK@pi*tYD{o!2 zKM5Nrj8h+Ww#|Q70{xl^!4KRh(O7JNNdRfuNHHxk`5(#b6bV$in@R!(Q#yfxzp=C% z10IY*#=Ogh+`w8Oj&xFNhu~xg@9i#6ko5GOtaXj->4XYmyNRvre|XPf$xy)KmnD~B6m44>ZL9J0XyrM)#qRVdA0yS_(z{{okF0#0 zjw=3il3WTQpy<+Bi$Wm>OU*^${U0FbCecjmWpX{dUbt1D(3lSQh@*R~emUalTJKal zg+eOl6O#kV^?EY|>ASw69xp$VPP?pzslZBJ$=2Y=cfY6I37a|*)-j)Q2?s1Bt2#IQ zDLYT^V8QqDXd;|_!1p6{H@nuu!z?sGB?{^Ofh(iM zGK^~w+L*6qwzJ%p3T>5^%`K!~+M2*i&`+pNVhUBrou<;UB1VezJ4k7iT5OZMV+!P>QmNrCa( zqD#Y$7L&OK^n0@IO4a{r!|kJEu(uQpcGP(ZW34Pawl0Ktlcgg81n1V59vo4MQDsE}qK&XkVbh1vTo0Ip z6CKmjmELY98|-Fx&_3G>+`nHu2sGA7_>2J~c6`Nw#>6EaB*rRqFo7;K1e5x&5$3C4 z==>>tHjD&=84$6i6OLwT{dy;@xG@~)@I6ucIjLL_F%eIn#+9C_CXu4W%!z82X>v0F zQ)!PYgJdH|o#Ia@j@B2~@`x+c{*D#>L-Z%w^dzgdyVl@gXqQ&P^mak;6LP(Rr&A(g zI^!-viULY)WeY`brp=ZH$rh5RgOLgU{Upkv@lHWjlfBC(1qa&b-i@j;$tVodb;mrx z0oL#RVadYu@JhilyIcqdZm0y~3Rd@k9(aJ@=%ff$5JisMN+szMLgwF@Ph;JCiQ5an zH;sjRoc^CvqUx!Cef5;dddE)%+Q zln`0SJ^gYPrBWPkORr?|z%34?uvOf?_E2=Zds26#fw1s4a5T>1Y7$AjSS;deXr*l& z&eLSaPW{KxY#O^u^lwS)X?@r!WWEvnMU>AfNfZ`CT*RG^Qn;*oU-Ce{u;&p2O0l3( zdH!OC1UTvUDG_5y8|*&*KuMmA?i^@kEDtu#m@be}+LgE5QXqeqX_d5@{m*=58@Xg-qu(2;gcxJ0 zz?~ekpI2gjBRk0>t3p=ECovHy7&bRljlG zEODKYOl3GOvMA2p5fV*x$Dw3&#*OE! z@V)0cw+{c(Nzk9TQC4bcuhqKi`fKSu+(+r07&*%UOwx%;v#t-_*BI3OHwPk|0%!{e zHK?hH1tQ?u%rnsj(g@pDV(<-+$#_cmyVnTVo|4+3*u&LG4O6bGq2&_?Hm5Eq9u^}u zd~_1D%j=aI?ytH1BJ_iOJeZzKL}4Or)PmC7AQ;QIHWH)^ceGIPMV=l;UI&TOoiNG4 zYN$DYYhuJTOg-#RJxTgaj-zCdFBbpwzOnTu4je(vErueYBn6&guzlM}8BQeuwjV4g z%j^WjxqGf#%H>}eoaz;nSJqNAeDXt885DvbX5$Hbwon$Iqj3K>lI`rceS^yUN7ZkQ z;aU3>`YGAM$|2osOVp-ueL143KVol^BL@6|sG9SU2Qy0MQy8x&0v)+PRxMj>3f$gu z_^n0r5MlO@qP_a@zO{Yp9HNTo(&Lxg1G(py^S{iwqe3%xyC-SPxq@Dgw^2t1?eDkr z_g6)wQ@`3hZU&0>PYQ4o^907b{~xfudZ+UBl~{`x_x(rZlSmp3u!%e_=KK{YiRJ#U zAB^fLM(pQ{z9X0pk)RooNDQ;@HS+CM zXd}5XzlBi7x-`77JcF-sm02oIdA0DN8X|tcLpQXr%wl89JwK?wQM&Tpv?2;sK=|K| zU`oLw7ZQR5XB$udrHP*hBdS;YC zRf@r1ardCw5uP-jMh5p_pGA1#iF1C0fKjsNvm~B~VZ_HZm|7t2^`A|yTLXda9G2<8 z#QHK&Iy^8;H^=u)#~H47Kh+%lt-myUwO?PXewh` z^X=-;i?s(>dJ{uk;M_L+@JQ)h*_|m5ZiCMbtIHoj#(}~$y0tc@$rGwJ?R@@eMRGJ; zKQovItvrkD+p*KC)q8vUVjYOnN}07wp)ForR;vwB!iw%&WD=qz39Z;+3i&-MAB4flxt*|#;-{G$S3=d1ulDv3%7uj0Ft1v`^N_}Z z?JfwON2?#z{K)?%d8h_y{;fnhsBdf;ZLbt|B)r1aRx7UX#RpqOWFZ~A^!LjD7Q%pp z?8o1$k89?~N~D-*dDub}6FS*`2it_H??2>I{tqk*b4?ipA;u#GlAaZ$tu^`hz8g7h zV3l*;0}DHed_475SaE#@**>*>ky6Db?$mPl9$lHO@JZ$5tf(DLd1+~okI2i%T5F1D zoUB&(Ie{8TQd#B9PR%1}*Lvs$BxYyM8{q&i56nV7Z*$DR%gscV(AWC}CoiRao7y7x z+kON6>z_7IVCy61)0`TAm!9v(U9*tS*WOkaZ%6mecOk#0rF}%{Tx7LZQane-oy`y}+Q^XqJCsb+R( zg3yxlHc)hq%VzGezksK$<%qb2zgS!-e~Gv)mAG_y%sK3;=4CqNqh?^%Gk5Zjk(~|5C!B=mOs2B zekPR)kQlM$S+lmJ?y9+&)*n{o64&hA{Ua{<42CTcb8j3v&}NEGG8N5)e0SX@d)8L= zXAV=1B`1LUu$L>gVlxX(!b&zvUVeUM-$62jwFiz`4q0_h@m|k|)t@#pJ}uY&uNmOr zUNlsSA5($N)5ma{d?8f5%0~SA5uZeAv3kr8!1GG`sUeEIN(q|d - 3.14.3-128.0.1.1 -- Disable selinux by default - -* Thu Nov 16 2023 Zdenek Pytela - 3.14.3-128.1 +* Fri Mar 08 2024 Zdenek Pytela - 3.14.3-139 +- Allow wdmd read hardware state information +Resolves: RHEL-27507 + +* Fri Mar 08 2024 Zdenek Pytela - 3.14.3-138 +- Allow wdmd list the contents of the sysfs directories +Resolves: RHEL-27507 +- Allow linuxptp configure phc2sys and chronyd over a unix domain socket +Resolves: RHEL-27394 + +* Thu Feb 22 2024 Zdenek Pytela - 3.14.3-137 +- Differentiate between staff and sysadm when executing crontab with sudo +Resolves: RHEL-1388 +- Allow su domains write login records +Resolves: RHEL-2606 +- Revert "Allow su domains write login records" +Resolves: RHEL-2606 +- Add crontab_admin_domtrans interface +Resolves: RHEL-1388 +- Allow gpg manage rpm cache +Resolves: RHEL-11249 + +* Thu Feb 15 2024 Zdenek Pytela - 3.14.3-136 +- Transition from sudodomains to crontab_t when executing crontab_exec_t +Resolves: RHEL-1388 +- Fix label of pseudoterminals created from sudodomain +Resolves: RHEL-1388 +- Allow login_userdomain to manage session_dbusd_tmp_t dirs/files +Resolves: RHEL-22500 +- Label /dev/ngXnY and /dev/nvme-subsysX with nvme_device_t +Resolves: RHEL-23442 +- Allow admin user read/write on fixed_disk_device_t +Resolves: RHEL-23434 +- Only allow confined user domains to login locally without unconfined_login +Resolves: RHEL-1628 +- Add userdom_spec_domtrans_confined_admin_users interface +Resolves: RHEL-1628 +- Only allow admindomain to execute shell via ssh with ssh_sysadm_login +Resolves: RHEL-1628 +- Add userdom_spec_domtrans_admin_users interface +Resolves: RHEL-1628 +- Move ssh dyntrans to unconfined inside unconfined_login tunable policy +Resolves: RHEL-1628 +- Allow utempter_t use ptmx +Resolves: RHEL-25002 +- Dontaudit subscription manager setfscreate and read file contexts +Resolves: RHEL-21639 +- Don't audit crontab_domain write attempts to user home +Resolves: RHEL-1388 +- Add crontab_domtrans interface +Resolves: RHEL-1388 +- Add dbus_manage_session_tmp_files interface +Resolves: RHEL-22500 +- Allow httpd read network sysctls +Resolves: RHEL-22748 +- Allow keepalived_unconfined_script_t dbus chat with init +Resolves: RHEL-22843 + +* Fri Jan 26 2024 Zdenek Pytela - 3.14.3-135 +- Label /tmp/libdnf.* with user_tmp_t +Resolves: RHEL-11249 +- Allow su domains write login records +Resolves: RHEL-2606 +- Allow gpg read rpm cache +Resolves: RHEL-11249 +- Allow unix dgram sendto between exim processes +Resolves: RHEL-21903 +- Allow hypervkvp_t write access to NetworkManager_etc_rw_t +Resolves: RHEL-17687 +- Add interface for write-only access to NetworkManager rw conf +Resolves: RHEL-17687 +- Allow conntrackd_t to use sys_admin capability +Resolves: RHEL-22276 + +* Fri Jan 12 2024 Zdenek Pytela - 3.14.3-134 +- Allow syslog to run unconfined scripts conditionally +Resolves: RHEL-10087 +- Allow syslogd_t nnp_transition to syslogd_unconfined_script_t +Resolves: RHEL-10087 +- Allow collectd connect to statsd port +Resolves: RHEL-19482 +- Allow collectd_t read network state symlinks +Resolves: RHEL-19482 +- Allow collectd_t domain to create netlink_generic_socket sockets +Resolves: RHEL-19482 +- Allow opafm search nfs directories +Resolves: RHEL-19426 +- Allow mdadm list stratisd data directories +Resolves: RHEL-21374 + +* Wed Dec 13 2023 Zdenek Pytela - 3.14.3-133 +- Label /dev/acpi_thermal_rel char device with acpi_device_t +Resolves: RHEL-18027 +- Allow sysadm execute traceroute in sysadm_t domain using sudo +Resolves: RHEL-9947 +- Allow sysadm execute tcpdump in sysadm_t domain using sudo +Resolves: RHEL-15398 +- Add support for syslogd unconfined scripts +Resolves: RHEL-10087 +- Label /dev/wmi/dell-smbios as acpi_device_t +Resolves: RHEL-18027 +- Make named_zone_t and named_var_run_t a part of the mountpoint attribute +Resolves: RHEL-1954 +- Dontaudit rhsmcertd write memory device +Resolves: RHEL-17721 + +* Tue Nov 28 2023 Zdenek Pytela - 3.14.3-132 +- Allow sudodomain read var auth files +Resolves: RHEL-16567 +- Update cifs interfaces to include fs_search_auto_mountpoints() +Resolves: RHEL-14072 +- Allow systemd-localed create Xserver config dirs +Resolves: RHEL-16715 +- Label /var/run/auditd.state as auditd_var_run_t +Resolves: RHEL-14376 +- Allow auditd read all domains process state +Resolves: RHEL-14471 +- Allow sudo userdomain to run rpm related commands +Resolves: RHEL-1679 +- Remove insights_client_watch_lib_dirs() interface +Resolves: RHEL-16185 + +* Wed Nov 08 2023 Zdenek Pytela - 3.14.3-131 - Additional permissions for ip-vrf -Resolves: RHEL-15427 +Resolves: RHEL-9981 - Allow ip an explicit domain transition to other domains -Resolves: RHEL-15427 +Resolves: RHEL-9981 - Allow winbind_rpcd_t processes access when samba_export_all_* is on -Resolves: RHEL-16274 +Resolves: RHEL-5845 +- Allow system_mail_t manage exim spool files and dirs +Resolves: RHEL-14186 + +* Wed Oct 04 2023 Lukas Vrabec - 3.14.3-130 +- Label msmtp and msmtpd with sendmail_exec_t +Resolves: RHEL-1678 +- Set default file context of HOME_DIR/tmp/.* to <> +Resolves: RHEL-1099 +- Improve default file context(None) of /var/lib/authselect/backups +Resolves: RHEL-3539 + +* Fri Sep 29 2023 Lukas Vrabec - 3.14.3-129 +- Set default file context of /var/lib/authselect/backups to <> +Resolves: RHEL-3539 +- Add file context specification for /usr/libexec/realmd +Resolves: RHEL-2147 +- Add numad the ipc_owner capability +Resolves: RHEL-2415 * Fri Aug 25 2023 Zdenek Pytela - 3.14.3-128 - Allow ssh_agent_type manage generic cache home files -- Gitee From 38b7c116e0024207c782b6d7aa5c38f7039873d1 Mon Sep 17 00:00:00 2001 From: songmingliang Date: Tue, 17 May 2022 22:23:03 +0800 Subject: [PATCH 2/2] spec: disable selinux by default --- selinux-policy.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index c5d5ca1..ca4f46d 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy %global commit0 552905cb94a7790fb51586b7778d303be21692a4 @@ -29,7 +30,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 139%{?dist} +Release: 139%{anolis_release}%{?dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz @@ -459,7 +460,7 @@ echo " # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. -SELINUX=enforcing +SELINUX=disabled # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. @@ -718,6 +719,9 @@ exit 0 %endif %changelog +* Wed Jul 17 2024 Weitao Zhou - 3.14.3-139.0.1 +- Disable selinux by default + * Fri Mar 08 2024 Zdenek Pytela - 3.14.3-139 - Allow wdmd read hardware state information Resolves: RHEL-27507 -- Gitee