rpms/container-selinux
6
0
Fork 0
Code Issues Pull Requests Releases Activity
165 Commits 27 Branches 141 Tags 669 KiB
5e7899d66a
Commit Graph

165 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lokesh Mandvekar (Bot)
5e7899d66a container-selinux-2:2.115.0-0.1.dev.gitfddfbbb 
- bump to 2.115.0
- autobuilt fddfbbb

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-08-21 14:30:06 +00:00
Lokesh Mandvekar (Bot)
c42be5bbaa container-selinux-2:2.114.0-0.1.dev.git028ab00 
- bump to 2.114.0
- autobuilt 028ab00

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-08-19 12:25:19 +00:00
Daniel J Walsh
3125beb1b1
Allow containers to name_bind to rawip_sockets. 2019-08-09 15:10:42 -04:00
Daniel J Walsh
7390ff8b05
Allow containers to use fusefs_t entrypoint 
Dontaudit attempts to setattr on devicenodes.
 2019-08-08 17:22:59 -04:00
Fedora Release Engineering
1164ea7a24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-07-24 20:57:33 +00:00
Lokesh Mandvekar (Bot)
20e3511f2b container-selinux-2:2.111.0-2.1.dev.git9a75deb 
- bump to 2.111.0
- autobuilt 9a75deb

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-07-18 03:24:01 +00:00
Lokesh Mandvekar
9db5509450 container-selinux-2.110.0-1.1.dev.git544d71f 
- bump to v2.110.0
- hook up to autobuild

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2019-07-11 00:16:25 +05:30
Daniel J Walsh
ff9d4132e3
Allow containers to accept connections on all socket types 
Allow containers to connect to gssproxy stream sockets if added to container
 2019-07-08 13:40:06 -04:00
Daniel J Walsh
e642c7930b
Allow containers to manipulate Onload files. 2019-06-14 09:49:20 -04:00
Daniel J Walsh
535b77ce65
Allow all unconfined domains to manage unlabeled keyrings 
Add labeling for kubernetes pods
 2019-06-11 15:04:40 -04:00
Daniel J Walsh
5a72894caf
Set proper labeling for container volumes in SilverBlue 2019-06-03 06:51:52 +02:00
Daniel J Walsh
c4b1cdf7e5
Set proper labeling for container volumes 2019-05-17 16:35:24 -04:00
Daniel J Walsh
bd1fb39d87
Set proper labeling for container volumes 2019-05-17 16:34:53 -04:00
Daniel J Walsh
0ced217ba7
Allow all container domains to be entered from container_file_t 2019-05-12 06:50:58 -04:00
Daniel J Walsh
5c4855c313
Allow containers to read rpm cache and rpm databse 2019-05-03 15:32:13 -04:00
Daniel J Walsh
3cdf9de46f
Allow containers running as spc_t to create unlabeled_t kernel keyrings 2019-04-23 11:44:55 -04:00
Daniel J Walsh
bd9b0f5853
Allow containers running as spc_t to create unlabeled_t kernel keyrings 2019-04-23 11:44:39 -04:00
Daniel J Walsh
86a68856db
Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/container-selinux 2019-04-23 11:44:12 -04:00
Daniel J Walsh
920a724abf
Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2019-04-23 11:43:50 -04:00
Daniel J Walsh
e49a8125a0
Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. 2019-04-22 16:51:58 -04:00
Daniel J Walsh
dfec1aa725
Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable. 2019-04-22 16:51:35 -04:00
Daniel J Walsh
e2b52d2d49
Allow iptables to append to container_file_t 2019-04-15 09:14:34 -04:00
Daniel J Walsh
7bfa450762
Allow containers to read/write sysctl_kernel_ns_last_pid_t 
Allow containers to manage fusefs sockets and named pipes
 2019-04-12 12:48:55 -04:00
Daniel J Walsh
9a2cedceeb
Allow containers to create fusefs sockets and named pipes 2019-04-01 17:47:51 -04:00
Daniel J Walsh
83c147430e
Allow containers to create fusefs sockets and named pipes 2019-04-01 17:46:19 -04:00
Daniel J Walsh
e0dcd250c0
Allow init_t to manage container content 
Allow container domains to create fifo_files on fusefs file systems
Add boolean to allow containers to use ceph file systems
 2019-03-28 08:00:26 -04:00
Daniel J Walsh
81c6f71fc4
Allow container runtimes to create unlabeled keyrings 2019-03-26 08:15:18 -04:00
Daniel J Walsh
4b3e8ccdf7
Allow containers to mount and umount fuse file systems. This will allow us 
to use buidlah within a user namespace separated container.
 2019-03-20 15:41:00 -04:00
Daniel J Walsh
728707509f
Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/container-selinux 2019-03-09 08:40:53 -05:00
Daniel J Walsh
c650254748
Allow all container domains to have container file types entrypoint 
Add new release to fix issues with udica
Allow container_runtime_t to dyntransition to container domains
 2019-03-09 08:38:21 -05:00
Lokesh Mandvekar (Bot)
8285069315 container-selinux-2:2.89-5.git2521d0d 
- bump to 2.89
- autobuilt 2521d0d

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-03-09 05:21:39 +00:00
Lokesh Mandvekar (Bot)
8200ea022e container-selinux-2:2.88-4.git5c98b56 
- bump to 2.88
- autobuilt 5c98b56

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-03-07 05:22:18 +00:00
Lokesh Mandvekar (Bot)
bee8aaf051 container-selinux-2:2.87-3.git2c1a2ab 
- autobuilt 2c1a2ab

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-03-06 05:18:39 +00:00
Lokesh Mandvekar (Bot)
17ada63853 container-selinux-2:2.87-2.git891a85f 
- bump to 2.87
- autobuilt 891a85f

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-03-02 05:05:56 +00:00
Daniel J Walsh
7ef0bf8d6f
Allow unconfined user and services to dyntrans to container domains, needed for CRIU 
Allow containers exectue hugetlb files.
 2019-03-01 09:00:53 -05:00
Daniel J Walsh
cdbdbb8ff6
More allow rules to allow containers to run within containers 2019-02-28 14:51:59 -05:00
Daniel J Walsh
9481eed87d
More allow rules to allow containers to run within containers 2019-02-28 08:15:40 -05:00
Lokesh Mandvekar (Bot)
0a83311798 container-selinux-2:2.82-2.git5e1f62f 
- bump to 2.82
- autobuilt 5e1f62f

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-02-26 05:15:09 +00:00
Daniel J Walsh
a2d2cf7715
Allow containers to mounton cgroup and container_file_t 2019-02-25 10:08:25 -05:00
Daniel J Walsh
9c1bcaed9f
Allow confined users to use containers 2019-02-10 07:36:32 -07:00
Lokesh Mandvekar (Bot)
e791d82a98 container-selinux-2:2.80-3.git21c2be6 
- bump to 2.80
- autobuilt 21c2be6

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-02-08 05:02:18 +00:00
Daniel J Walsh
2ae0570400
Add new labels for paths for containerd 2019-02-07 10:02:09 -07:00
Fedora Release Engineering
6355b5e774 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-01-31 16:13:35 +00:00
Daniel J Walsh
ff7f910564
Don't allow containers to talk to contianer runtime sockets 2019-01-22 15:05:39 +01:00
Daniel J Walsh
f7bd24fd60
Don't allow containers to talk to contianer runtime sockets 2019-01-22 15:04:58 +01:00
Daniel J Walsh
a562ce586f
Don't allow containers to talk to contianer runtime sockets 2019-01-22 14:54:38 +01:00
Daniel J Walsh
d4eda46462
Fix labeling on /var/lib/registries 2019-01-11 11:05:46 -05:00
Lokesh Mandvekar (Bot)
3899d72021 container-selinux-2:2.77-2.git2c57a17 
- bump to 2.77
- autobuilt 2c57a17

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2019-01-11 04:55:44 +00:00
Daniel J Walsh
5e8d437aba
Fix labeling for images in docker daemon user namespace 2019-01-10 15:17:44 -05:00
Daniel J Walsh
22b5b2899f
Allow container-runtime to setattr on fifo_file handed into container runtime. 2018-12-17 15:47:41 -05:00