rpms/container-selinux
6
0
Fork 0
Code Issues Pull Requests Releases Activity
152 Commits 27 Branches 132 Tags 606 KiB
0ced217ba7
Commit Graph

152 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel J Walsh
4ed36528d0
dontaudit attempts to write to sysctl_kernel_t 2018-07-25 17:35:22 -04:00
Lokesh Mandvekar (Bot)
08b0e73601 container-selinux-2:2.68-2.gitc139a3d 
- autobuilt c139a3d

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-07-18 02:04:23 +00:00
Daniel J Walsh
be54b1d5ac
Add labels for /var/lib/origin directory 
Add container_file_t as a customizable_type

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2018-07-16 12:21:16 -04:00
Fedora Release Engineering
49aa687d4c - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-07-12 22:12:40 +00:00
Lokesh Mandvekar
aa27ac4a74 update release tag to reflect unreleased status 
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-07-09 12:07:01 -04:00
Lokesh Mandvekar (Bot)
814ce627ca container-selinux-2:2.67-2.git042f7cf 
- autobuilt 042f7cf

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-07-09 15:15:01 +00:00
Lokesh Mandvekar (Bot)
da11a8106d container-selinux-2:2.67-1.git0407867 
- bump to 2.67
- autobuilt 0407867

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-07-07 04:53:53 +00:00
Daniel J Walsh
37cbbf8e2c
Allow container runtimes to dbus chat with systemd-resolved 2018-06-30 07:25:56 -04:00
Daniel J Walsh
e3d623436f
Allow container runtimes to dbus chat with systemd-resolved 2018-06-30 07:25:12 -04:00
Lokesh Mandvekar (Bot)
ee88cda7eb container-selinux-2:2.64-1.gitdfaf8fd 
- bump to 2.64
- autobuilt dfaf8fd

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-06-12 04:41:04 +00:00
Daniel J Walsh
781a8d1c0d
Add new type to handle containers running with a non priv user in a userns 
allow containers to map all sockets
 2018-06-11 08:55:28 -04:00
Daniel J Walsh
3cc70f6448 Allow containers to create all socket classes 2018-06-03 06:14:48 -04:00
Daniel J Walsh
91cc6aa535 Allow containers to create all socket classes 2018-06-03 06:09:33 -04:00
Daniel J Walsh
71d8662692 Allow containers to create icmp packets 2018-05-30 11:10:00 -04:00
Lokesh Mandvekar (Bot)
c2346462ef container-selinux-2:2.62-1.git1ecf953 
- bump to 2.62
- autobuilt 1ecf953

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-05-25 18:35:07 +00:00
Daniel J Walsh
25c4cb361a Allow spc_t to load kernel modules from inside of container 2018-05-21 17:13:15 -04:00
Daniel J Walsh
59df2c8753 Allow containers to list cgroup directories 2018-05-21 13:19:17 -04:00
Daniel J Walsh
2be9204393 Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t. 2018-05-21 12:49:37 -04:00
Daniel J Walsh
cbb3d2bf04 Run restorecon /usr/bin/podman in postinstall 2018-05-21 11:03:42 -04:00
Daniel J Walsh
1f65dab452 Add labels to allow podman to be run from a systemd unit file 2018-05-18 11:53:51 -04:00
Lokesh Mandvekar (Bot)
cbb99afa99 container-selinux-2:2.55-12.gitd248f91 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-17 18:32:42 +00:00
Lokesh Mandvekar (Bot)
68364ba992 container-selinux-2:2.55-11.gitd248f91 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-17 17:53:26 +00:00
Lokesh Mandvekar
e87f128825 correct Source0 if centos 
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-04-16 15:59:39 -04:00
Lokesh Mandvekar (Bot)
654515c525 container-selinux-2:2.55-10.gitd248f91 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-16 19:10:54 +00:00
Lokesh Mandvekar (Bot)
6d73abcf30 container-selinux-2:2.55-9.gitd248f91 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-16 14:49:04 +00:00
Lokesh Mandvekar
7506926843 add shortcommit0 in release string 
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-04-15 23:42:42 -04:00
Lokesh Mandvekar (Bot)
95b2b1d800 container-selinux-2:2.55-8 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-16 03:31:26 +00:00
Lokesh Mandvekar (Bot)
357bc56e2f container-selinux-2:2.55-7 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-16 03:21:09 +00:00
Lokesh Mandvekar (Bot)
03bdc46668 container-selinux-2:2.55-6 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-16 02:57:50 +00:00
Lokesh Mandvekar (Bot)
e49a7cae6a container-selinux-2:2.55-5 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-09 19:29:53 +00:00
Lokesh Mandvekar (Bot)
af36061d14 container-selinux-2:2.55-4 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-09 15:30:25 +00:00
Lokesh Mandvekar
7c61638200 container-selinux-2:2.55-3 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-04-09 07:56:05 -04:00
Lokesh Mandvekar
c9ddfc8c4a change case cause it messes up my autobuilder script :D 
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-04-09 07:55:39 -04:00
Lokesh Mandvekar
802379f601 container-selinux- 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-04-09 07:50:15 -04:00
Lokesh Mandvekar
4c7ed6951b packaging changes for centos v/s fedora 
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-04-09 07:47:49 -04:00
Daniel J Walsh
c46266a878 Dontaudit attempts by containers to write to /proc/self 2018-03-15 07:14:36 -04:00
Daniel J Walsh
37b78d28ce Add rules for container domains to make writing custom policy easier 
Allow shell_exec_t as a container_runtime_t entrypoint
 2018-03-14 09:39:06 -04:00
Daniel J Walsh
69afd19c0a Add rules for container domains to make writing custom policy easier 2018-03-08 14:33:17 +00:00
Daniel J Walsh
b658aee2f1 Allow shell_exec_t as a container_runtime_t entrypoint 2018-03-08 07:54:07 +00:00
Daniel J Walsh
5a5bf66b86 Allow bin_t as a container_runtime_t entrypoint 
Add rules for running container runtimes on mls
 2018-03-07 05:59:10 +00:00
Daniel J Walsh
9a7a65d0b5 Allow container domains to map container_file_t directories 2018-02-15 12:55:50 -05:00
Daniel J Walsh
f8193b5e32 Change default label of /exports to container_var_lib_t 2018-02-10 07:18:48 -05:00
Igor Gnatenko
a7071bc06f
Escape macros in %changelog 
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-09 09:04:17 +01:00
Fedora Release Engineering
07b6801caf - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-02-07 05:40:38 +00:00
Daniel J Walsh
3b45b2783a Add support for nosuid_transition flags for container_runtime and unconfined domains 2018-02-03 06:17:13 -05:00
Daniel J Walsh
1b20654010 Allow containers to sendto their own stream sockets 2018-02-02 13:40:54 -05:00
Daniel J Walsh
5b2867045c Allow container domains to read kernel ipc info 2018-01-29 06:58:52 +01:00
Daniel J Walsh
a7ce3135c2 Allow containers to memory map the fifo_files leaked into container from 
container runtimes.
 2018-01-22 09:40:35 -05:00
Daniel J Walsh
a4c374a14d Allow unconfined domains to transition to container types, when no-new-privs is set. 2018-01-16 13:56:33 -05:00
Daniel J Walsh
15578313e4 Add support to nnp_transition for container domains 
Eliminates need for typebounds.
 2018-01-09 11:47:20 -05:00