rpms/container-selinux
6
0
Fork 0
Code Issues Pull Requests Releases Activity
233 Commits 27 Branches 132 Tags 606 KiB
75547d8ddf
Commit Graph

233 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel J Walsh
1f65dab452 Add labels to allow podman to be run from a systemd unit file 2018-05-18 11:53:51 -04:00
Lokesh Mandvekar (Bot)
cbb99afa99 container-selinux-2:2.55-12.gitd248f91 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-17 18:32:42 +00:00
Lokesh Mandvekar (Bot)
68364ba992 container-selinux-2:2.55-11.gitd248f91 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-17 17:53:26 +00:00
Lokesh Mandvekar
e87f128825 correct Source0 if centos 
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-04-16 15:59:39 -04:00
Lokesh Mandvekar (Bot)
654515c525 container-selinux-2:2.55-10.gitd248f91 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-16 19:10:54 +00:00
Lokesh Mandvekar (Bot)
6d73abcf30 container-selinux-2:2.55-9.gitd248f91 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-16 14:49:04 +00:00
Lokesh Mandvekar
7506926843 add shortcommit0 in release string 
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-04-15 23:42:42 -04:00
Lokesh Mandvekar (Bot)
95b2b1d800 container-selinux-2:2.55-8 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-16 03:31:26 +00:00
Lokesh Mandvekar (Bot)
357bc56e2f container-selinux-2:2.55-7 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-16 03:21:09 +00:00
Lokesh Mandvekar (Bot)
03bdc46668 container-selinux-2:2.55-6 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-16 02:57:50 +00:00
Lokesh Mandvekar (Bot)
e49a7cae6a container-selinux-2:2.55-5 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-09 19:29:53 +00:00
Lokesh Mandvekar (Bot)
af36061d14 container-selinux-2:2.55-4 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
 2018-04-09 15:30:25 +00:00
Lokesh Mandvekar
7c61638200 container-selinux-2:2.55-3 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-04-09 07:56:05 -04:00
Lokesh Mandvekar
c9ddfc8c4a change case cause it messes up my autobuilder script :D 
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-04-09 07:55:39 -04:00
Lokesh Mandvekar
802379f601 container-selinux- 
- autobuilt commit d248f91

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-04-09 07:50:15 -04:00
Lokesh Mandvekar
4c7ed6951b packaging changes for centos v/s fedora 
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2018-04-09 07:47:49 -04:00
Daniel J Walsh
c46266a878 Dontaudit attempts by containers to write to /proc/self 2018-03-15 07:14:36 -04:00
Daniel J Walsh
37b78d28ce Add rules for container domains to make writing custom policy easier 
Allow shell_exec_t as a container_runtime_t entrypoint
 2018-03-14 09:39:06 -04:00
Daniel J Walsh
69afd19c0a Add rules for container domains to make writing custom policy easier 2018-03-08 14:33:17 +00:00
Daniel J Walsh
b658aee2f1 Allow shell_exec_t as a container_runtime_t entrypoint 2018-03-08 07:54:07 +00:00
Daniel J Walsh
5a5bf66b86 Allow bin_t as a container_runtime_t entrypoint 
Add rules for running container runtimes on mls
 2018-03-07 05:59:10 +00:00
Daniel J Walsh
9a7a65d0b5 Allow container domains to map container_file_t directories 2018-02-15 12:55:50 -05:00
Daniel J Walsh
f8193b5e32 Change default label of /exports to container_var_lib_t 2018-02-10 07:18:48 -05:00
Igor Gnatenko
a7071bc06f
Escape macros in %changelog 
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-09 09:04:17 +01:00
Fedora Release Engineering
07b6801caf - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-02-07 05:40:38 +00:00
Daniel J Walsh
3b45b2783a Add support for nosuid_transition flags for container_runtime and unconfined domains 2018-02-03 06:17:13 -05:00
Daniel J Walsh
1b20654010 Allow containers to sendto their own stream sockets 2018-02-02 13:40:54 -05:00
Daniel J Walsh
5b2867045c Allow container domains to read kernel ipc info 2018-01-29 06:58:52 +01:00
Daniel J Walsh
a7ce3135c2 Allow containers to memory map the fifo_files leaked into container from 
container runtimes.
 2018-01-22 09:40:35 -05:00
Daniel J Walsh
a4c374a14d Allow unconfined domains to transition to container types, when no-new-privs is set. 2018-01-16 13:56:33 -05:00
Daniel J Walsh
15578313e4 Add support to nnp_transition for container domains 
Eliminates need for typebounds.
 2018-01-09 11:47:20 -05:00
Daniel J Walsh
a8518096d5 Allow container_runtime_t to use user ttys 
Fixes bounds check for container_t
 2018-01-09 09:30:05 -05:00
Daniel J Walsh
64fe9d8cb1 Allow container runtimes to use interited terminals. This helps 
satisfy the bounds check of container_t versus container_runtime_t.
 2018-01-08 08:41:05 -05:00
Daniel J Walsh
98e715e396 Allow container runtimes to mmap container_file_t devices 
Add labeling for rhel push plugin
 2018-01-06 07:34:20 -05:00
Daniel J Walsh
aaa91fd2cc Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/container-selinux 2017-12-12 13:11:36 +00:00
Daniel J Walsh
e0502dafa3 Allow containers to use inherited ttys 
Allow ostree to handle labels under /var/lib/containers/ostree
 2017-12-12 13:11:14 +00:00
Lokesh Mandvekar
0ce8700159
remove git from builddep 
can't find git in the module ecosystem and git isn't critical for
package build.

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2017-12-03 21:38:21 -05:00
Daniel J Walsh
7f79cfab64 Allow containers to relabelto/from all file types to container_file_t 2017-11-27 14:57:52 +00:00
Daniel J Walsh
751a4e3fee Allow container to map chr_files labeled container_file_t 2017-11-27 14:43:49 +00:00
Daniel J Walsh
8ed545a6c5 Allow container to map chr_files labeled container_file_t 2017-11-27 13:21:48 +00:00
Daniel J Walsh
4e9b7c333a Dontaudit container processes getattr on kernel file systems 2017-11-22 15:35:20 +00:00
Daniel J Walsh
cc32bab0b3 Allow containers to read /etc/resolv.conf and /etc/hosts if volume 
mounted into container.
 2017-11-19 11:41:27 +00:00
Daniel J Walsh
be0a39a792 Make sure users creating content in /var/lib with right labels 2017-11-08 21:10:33 +00:00
Daniel J Walsh
31963a3bb5 Allow the container runtime to dbus chat with dnsmasq 
add dontaudit rules for container trying to write to /proc
 2017-10-26 11:38:02 +00:00
Daniel J Walsh
b99f18b8ce Add support for lxcd 
Add support for labeling of tmpfs storage created within a container.
 2017-10-10 16:17:55 +00:00
Daniel J Walsh
ecb1760cbb Allow a container to umount a container_file_t filesystem 2017-10-09 13:29:39 +00:00
Daniel J Walsh
5a61b6808a Allow container runtimes to work with the netfilter sockets 
Allow container_file_t to be an entrypoint for VM's
 Allow spc_t domains to transition to svirt_t
 2017-10-04 09:10:48 +00:00
Daniel J Walsh
c6e706af6d Make sure container_runtime_t has all access of container_t 2017-09-22 11:08:40 +00:00
Daniel J Walsh
652d659338 Allow container runtimes to create sockets in tmp dirs 2017-09-07 09:01:16 +00:00
Daniel J Walsh
b74f4a298b Allow container runtimes to create sockets in tmp dirs 2017-09-07 08:43:48 +00:00