container-selinux

Author	SHA1	Message	Date
Daniel J Walsh	cbb3d2bf04	Run restorecon /usr/bin/podman in postinstall	2018-05-21 11:03:42 -04:00
Daniel J Walsh	1f65dab452	Add labels to allow podman to be run from a systemd unit file	2018-05-18 11:53:51 -04:00
Lokesh Mandvekar (Bot)	cbb99afa99	container-selinux-2:2.55-12.gitd248f91 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>	2018-04-17 18:32:42 +00:00
Lokesh Mandvekar (Bot)	68364ba992	container-selinux-2:2.55-11.gitd248f91 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>	2018-04-17 17:53:26 +00:00
Lokesh Mandvekar	e87f128825	correct Source0 if centos Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>	2018-04-16 15:59:39 -04:00
Lokesh Mandvekar (Bot)	654515c525	container-selinux-2:2.55-10.gitd248f91 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>	2018-04-16 19:10:54 +00:00
Lokesh Mandvekar (Bot)	6d73abcf30	container-selinux-2:2.55-9.gitd248f91 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>	2018-04-16 14:49:04 +00:00
Lokesh Mandvekar	7506926843	add shortcommit0 in release string Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>	2018-04-15 23:42:42 -04:00
Lokesh Mandvekar (Bot)	95b2b1d800	container-selinux-2:2.55-8 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>	2018-04-16 03:31:26 +00:00
Lokesh Mandvekar (Bot)	357bc56e2f	container-selinux-2:2.55-7 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>	2018-04-16 03:21:09 +00:00
Lokesh Mandvekar (Bot)	03bdc46668	container-selinux-2:2.55-6 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>	2018-04-16 02:57:50 +00:00
Lokesh Mandvekar (Bot)	e49a7cae6a	container-selinux-2:2.55-5 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>	2018-04-09 19:29:53 +00:00
Lokesh Mandvekar (Bot)	af36061d14	container-selinux-2:2.55-4 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>	2018-04-09 15:30:25 +00:00
Lokesh Mandvekar	7c61638200	container-selinux-2:2.55-3 - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>	2018-04-09 07:56:05 -04:00
Lokesh Mandvekar	c9ddfc8c4a	change case cause it messes up my autobuilder script :D Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>	2018-04-09 07:55:39 -04:00
Lokesh Mandvekar	802379f601	container-selinux- - autobuilt commit d248f91 Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>	2018-04-09 07:50:15 -04:00
Lokesh Mandvekar	4c7ed6951b	packaging changes for centos v/s fedora Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>	2018-04-09 07:47:49 -04:00
Daniel J Walsh	c46266a878	Dontaudit attempts by containers to write to /proc/self	2018-03-15 07:14:36 -04:00
Daniel J Walsh	37b78d28ce	Add rules for container domains to make writing custom policy easier Allow shell_exec_t as a container_runtime_t entrypoint	2018-03-14 09:39:06 -04:00
Daniel J Walsh	69afd19c0a	Add rules for container domains to make writing custom policy easier	2018-03-08 14:33:17 +00:00
Daniel J Walsh	b658aee2f1	Allow shell_exec_t as a container_runtime_t entrypoint	2018-03-08 07:54:07 +00:00
Daniel J Walsh	5a5bf66b86	Allow bin_t as a container_runtime_t entrypoint Add rules for running container runtimes on mls	2018-03-07 05:59:10 +00:00
Daniel J Walsh	9a7a65d0b5	Allow container domains to map container_file_t directories	2018-02-15 12:55:50 -05:00
Daniel J Walsh	f8193b5e32	Change default label of /exports to container_var_lib_t	2018-02-10 07:18:48 -05:00
Igor Gnatenko	a7071bc06f	Escape macros in %changelog Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/ Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>	2018-02-09 09:04:17 +01:00
Fedora Release Engineering	07b6801caf	- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2018-02-07 05:40:38 +00:00
Daniel J Walsh	3b45b2783a	Add support for nosuid_transition flags for container_runtime and unconfined domains	2018-02-03 06:17:13 -05:00
Daniel J Walsh	1b20654010	Allow containers to sendto their own stream sockets	2018-02-02 13:40:54 -05:00
Daniel J Walsh	5b2867045c	Allow container domains to read kernel ipc info	2018-01-29 06:58:52 +01:00
Daniel J Walsh	a7ce3135c2	Allow containers to memory map the fifo_files leaked into container from container runtimes.	2018-01-22 09:40:35 -05:00
Daniel J Walsh	a4c374a14d	Allow unconfined domains to transition to container types, when no-new-privs is set.	2018-01-16 13:56:33 -05:00
Daniel J Walsh	15578313e4	Add support to nnp_transition for container domains Eliminates need for typebounds.	2018-01-09 11:47:20 -05:00
Daniel J Walsh	a8518096d5	Allow container_runtime_t to use user ttys Fixes bounds check for container_t	2018-01-09 09:30:05 -05:00
Daniel J Walsh	64fe9d8cb1	Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t.	2018-01-08 08:41:05 -05:00
Daniel J Walsh	98e715e396	Allow container runtimes to mmap container_file_t devices Add labeling for rhel push plugin	2018-01-06 07:34:20 -05:00
Daniel J Walsh	aaa91fd2cc	Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/container-selinux	2017-12-12 13:11:36 +00:00
Daniel J Walsh	e0502dafa3	Allow containers to use inherited ttys Allow ostree to handle labels under /var/lib/containers/ostree	2017-12-12 13:11:14 +00:00
Lokesh Mandvekar	0ce8700159	remove git from builddep can't find git in the module ecosystem and git isn't critical for package build. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>	2017-12-03 21:38:21 -05:00
Daniel J Walsh	7f79cfab64	Allow containers to relabelto/from all file types to container_file_t	2017-11-27 14:57:52 +00:00
Daniel J Walsh	751a4e3fee	Allow container to map chr_files labeled container_file_t	2017-11-27 14:43:49 +00:00
Daniel J Walsh	8ed545a6c5	Allow container to map chr_files labeled container_file_t	2017-11-27 13:21:48 +00:00
Daniel J Walsh	4e9b7c333a	Dontaudit container processes getattr on kernel file systems	2017-11-22 15:35:20 +00:00
Daniel J Walsh	cc32bab0b3	Allow containers to read /etc/resolv.conf and /etc/hosts if volume mounted into container.	2017-11-19 11:41:27 +00:00
Daniel J Walsh	be0a39a792	Make sure users creating content in /var/lib with right labels	2017-11-08 21:10:33 +00:00
Daniel J Walsh	31963a3bb5	Allow the container runtime to dbus chat with dnsmasq add dontaudit rules for container trying to write to /proc	2017-10-26 11:38:02 +00:00
Daniel J Walsh	b99f18b8ce	Add support for lxcd Add support for labeling of tmpfs storage created within a container.	2017-10-10 16:17:55 +00:00
Daniel J Walsh	ecb1760cbb	Allow a container to umount a container_file_t filesystem	2017-10-09 13:29:39 +00:00
Daniel J Walsh	5a61b6808a	Allow container runtimes to work with the netfilter sockets Allow container_file_t to be an entrypoint for VM's Allow spc_t domains to transition to svirt_t	2017-10-04 09:10:48 +00:00
Daniel J Walsh	c6e706af6d	Make sure container_runtime_t has all access of container_t	2017-09-22 11:08:40 +00:00
Daniel J Walsh	652d659338	Allow container runtimes to create sockets in tmp dirs	2017-09-07 09:01:16 +00:00

1 2 3

134 Commits