rpms/container-selinux
6
0
Fork 0
Code Issues Pull Requests Releases Activity
152 Commits 27 Branches 132 Tags 606 KiB
0ced217ba7
Commit Graph

138 Commits

Author SHA1 Message Date
Daniel J Walsh
0ced217ba7
Allow all container domains to be entered from container_file_t 2019-05-12 06:50:58 -04:00
Daniel J Walsh
5c4855c313
Allow containers to read rpm cache and rpm databse 2019-05-03 15:32:13 -04:00
Daniel J Walsh
920a724abf
Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2019-04-23 11:43:50 -04:00
Daniel J Walsh
dfec1aa725
Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. 2019-04-22 16:51:35 -04:00
Daniel J Walsh
e2b52d2d49
Allow iptables to append to container_file_t 2019-04-15 09:14:34 -04:00
Daniel J Walsh
7bfa450762
Allow containers to read/write sysctl_kernel_ns_last_pid_t 
Allow containers to manage fusefs sockets and named pipes
 2019-04-12 12:48:55 -04:00
Daniel J Walsh
83c147430e
Allow containers to create fusefs sockets and named pipes 2019-04-01 17:46:19 -04:00
Daniel J Walsh
e0dcd250c0
Allow init_t to manage container content 
Allow container domains to create fifo_files on fusefs file systems
Add boolean to allow containers to use ceph file systems
 2019-03-28 08:00:26 -04:00
Daniel J Walsh
81c6f71fc4
Allow container runtimes to create unlabeled keyrings 2019-03-26 08:15:18 -04:00
Daniel J Walsh
4b3e8ccdf7
Allow containers to mount and umount fuse file systems. This will allow us 
to use buidlah within a user namespace separated container.
 2019-03-20 15:41:00 -04:00
Daniel J Walsh
728707509f
Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/container-selinux 2019-03-09 08:40:53 -05:00
Daniel J Walsh
c650254748
Allow all container domains to have container file types entrypoint 
Add new release to fix issues with udica
Allow container_runtime_t to dyntransition to container domains
 2019-03-09 08:38:21 -05:00
Lokesh Mandvekar (Bot)
8285069315 container-selinux-2:2.89-5.git2521d0d 
- bump to 2.89
- autobuilt 2521d0d

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-03-09 05:21:39 +00:00
Lokesh Mandvekar (Bot)
8200ea022e container-selinux-2:2.88-4.git5c98b56 
- bump to 2.88
- autobuilt 5c98b56

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-03-07 05:22:18 +00:00
Lokesh Mandvekar (Bot)
bee8aaf051 container-selinux-2:2.87-3.git2c1a2ab 
- autobuilt 2c1a2ab

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-03-06 05:18:39 +00:00
Lokesh Mandvekar (Bot)
17ada63853 container-selinux-2:2.87-2.git891a85f 
- bump to 2.87
- autobuilt 891a85f

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-03-02 05:05:56 +00:00
Daniel J Walsh
7ef0bf8d6f
Allow unconfined user and services to dyntrans to container domains, needed for CRIU 
Allow containers exectue hugetlb files.
 2019-03-01 09:00:53 -05:00
Daniel J Walsh
cdbdbb8ff6
More allow rules to allow containers to run within containers 2019-02-28 14:51:59 -05:00
Daniel J Walsh
9481eed87d
More allow rules to allow containers to run within containers 2019-02-28 08:15:40 -05:00
Lokesh Mandvekar (Bot)
0a83311798 container-selinux-2:2.82-2.git5e1f62f 
- bump to 2.82
- autobuilt 5e1f62f

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-02-26 05:15:09 +00:00
Daniel J Walsh
a2d2cf7715
Allow containers to mounton cgroup and container_file_t 2019-02-25 10:08:25 -05:00
Daniel J Walsh
9c1bcaed9f
Allow confined users to use containers 2019-02-10 07:36:32 -07:00
Lokesh Mandvekar (Bot)
e791d82a98 container-selinux-2:2.80-3.git21c2be6 
- bump to 2.80
- autobuilt 21c2be6

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-02-08 05:02:18 +00:00
Daniel J Walsh
2ae0570400
Add new labels for paths for containerd 2019-02-07 10:02:09 -07:00
Fedora Release Engineering
6355b5e774 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-01-31 16:13:35 +00:00
Daniel J Walsh
f7bd24fd60
Don't allow containers to talk to contianer runtime sockets 2019-01-22 15:04:58 +01:00
Daniel J Walsh
a562ce586f
Don't allow containers to talk to contianer runtime sockets 2019-01-22 14:54:38 +01:00
Daniel J Walsh
d4eda46462
Fix labeling on /var/lib/registries 2019-01-11 11:05:46 -05:00
Lokesh Mandvekar (Bot)
3899d72021 container-selinux-2:2.77-2.git2c57a17 
- bump to 2.77
- autobuilt 2c57a17

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-01-11 04:55:44 +00:00
Daniel J Walsh
5e8d437aba
Fix labeling for images in docker daemon user namespace 2019-01-10 15:17:44 -05:00
Daniel J Walsh
22b5b2899f
Allow container-runtime to setattr on fifo_file handed into container runtime. 2018-12-17 15:47:41 -05:00
Daniel J Walsh
6065af86d3
Allow container-runtime to setattr on fifo_file handed into container runtime. 2018-12-17 14:23:41 -05:00
Lokesh Mandvekar (Bot)
fbbda7e411 container-selinux-2:2.752.75-1.dev.git99e2cfd1 
- bump to 2.75
- autobuilt 99e2cfd

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-11-13 04:05:43 +00:00
Daniel J Walsh
b66e01696f
Allow containers to sendto dgram socket of container runtimes 
Needed to run container runtimes in notify socket unit files.
 2018-11-12 15:48:19 -05:00
Daniel J Walsh
20e37ffd79
Allow containers to use fuse file systems by default 2018-10-30 08:34:06 -04:00
Daniel J Walsh
5df1d6fc43
Allow containers to setexec themselves 2018-10-19 17:45:33 -04:00
Daniel J Walsh
2efd385d7d
Remove requires for policycoreutils-python-utils we don't need it. 2018-09-22 06:39:25 -04:00
Daniel J Walsh
88328244ed
Define spc_t as a container_domain, so that container_runtime will transition 
to spc_t even when setup with nosuid.
 2018-09-13 09:33:50 -04:00
Daniel J Walsh
90d38a296a
Allow container_runtimes to setattr on callers fifo_files 2018-09-12 07:45:24 -04:00
Daniel J Walsh
5c39536b9a
Fix restorecon to not error on missing directory 2018-08-27 09:17:30 -04:00
Daniel J Walsh
1c6b7ec5b2
Allow unconfined_r to transition to system_r over container_runtime_exec_t 2018-08-22 18:20:47 -07:00
Daniel J Walsh
e6bf4b2eb8
Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t 2018-08-22 07:30:54 -07:00
Lokesh Mandvekar
efac8b1c4b remove unnecessary distro conditionals 
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-08-12 01:45:38 -04:00
Daniel J Walsh
4ed36528d0
dontaudit attempts to write to sysctl_kernel_t 2018-07-25 17:35:22 -04:00
Lokesh Mandvekar (Bot)
08b0e73601 container-selinux-2:2.68-2.gitc139a3d 
- autobuilt c139a3d

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-07-18 02:04:23 +00:00
Daniel J Walsh
be54b1d5ac
Add labels for /var/lib/origin directory 
Add container_file_t as a customizable_type

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2018-07-16 12:21:16 -04:00
Fedora Release Engineering
49aa687d4c - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-07-12 22:12:40 +00:00
Lokesh Mandvekar
aa27ac4a74 update release tag to reflect unreleased status 
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-07-09 12:07:01 -04:00
Lokesh Mandvekar (Bot)
814ce627ca container-selinux-2:2.67-2.git042f7cf 
- autobuilt 042f7cf

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-07-09 15:15:01 +00:00
Lokesh Mandvekar (Bot)
da11a8106d container-selinux-2:2.67-1.git0407867 
- bump to 2.67
- autobuilt 0407867

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-07-07 04:53:53 +00:00