RH Container Bot
|
a260f6569b
|
container-selinux-2:2.130.0-2.dev.gitfd55ae0
- bump to 2.130.0
- autobuilt fd55ae0
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2020-04-06 19:08:06 +00:00 |
|
RH Container Bot
|
55657d1adf
|
container-selinux-2:2.129.0-2.dev.gitf00d1f4
- bump to 2.129.0
- autobuilt f00d1f4
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2020-03-29 12:09:29 +00:00 |
|
RH Container Bot
|
c060c61582
|
container-selinux-2:2.128.0-2.dev.git363646f
- bump to 2.128.0
- autobuilt 363646f
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2020-03-29 11:09:26 +00:00 |
|
RH Container Bot
|
a762720d65
|
container-selinux-2:2.127.0-2.dev.git6caf15d
- bump to 2.127.0
- autobuilt 6caf15d
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2020-03-27 15:07:51 +00:00 |
|
RH Container Bot
|
3c31e55f4e
|
container-selinux-2:2.126.0-2.dev.git867a377
- bump to 2.126.0
- autobuilt 867a377
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2020-03-26 14:07:29 +00:00 |
|
Daniel J Walsh
|
230c717ecf
|
Install container_contexts file
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
2020-03-23 15:45:54 -04:00 |
|
RH Container Bot
|
be3fb2313c
|
container-selinux-2:2.125.0-3.1.dev.gitfde876b
- autobuilt fde876b
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2020-03-23 19:07:23 +00:00 |
|
RH Container Bot
|
5629e18d78
|
container-selinux-2:2.125.0-0.1.dev.gitb321ea4
- bump to 2.125.0
- autobuilt b321ea4
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2020-03-20 18:11:34 +00:00 |
|
RH Container Bot
|
a7a27f3909
|
container-selinux-2:2.124.0-0.4.dev.git5624558
- autobuilt 5624558
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2020-02-11 04:12:21 +00:00 |
|
RH Container Bot
|
9f271533a0
|
container-selinux-2:2.124.0-0.1.dev.gitf958d0c
- bump to 2.124.0
- autobuilt f958d0c
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-12-11 18:13:36 +00:00 |
|
RH Container Bot
|
fda115ab94
|
container-selinux-2:2.123.0-0.3.dev.git0b25a4a
- autobuilt 0b25a4a
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-11-29 12:10:21 +00:00 |
|
RH Container Bot
|
c10fcb7be3
|
container-selinux-2:2.123.0-0.1.dev.git661a904
- bump to 2.123.0
- autobuilt 661a904
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-11-25 16:10:35 +00:00 |
|
RH Container Bot
|
7d86365609
|
container-selinux-2:2.122.0-0.1.dev.git4560dd4
- bump to 2.122.0
- autobuilt 4560dd4
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-11-22 21:10:14 +00:00 |
|
RH Container Bot
|
8afcfa88a8
|
container-selinux-2:2.120.1-0.2.dev.gita233788
- autobuilt a233788
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-11-19 14:15:26 +00:00 |
|
RH Container Bot
|
445a455adf
|
container-selinux-2:2.120.1-0.1.dev.git6fb6dcf
- bump to 2.120.1
- autobuilt 6fb6dcf
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-11-06 20:15:33 +00:00 |
|
RH Container Bot
|
244a2cbe3c
|
container-selinux-2:2.119.1-0.1.dev.git2ecb2a8
- bump to 2.119.1
- autobuilt 2ecb2a8
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-10-27 09:21:18 +00:00 |
|
RH Container Bot
|
c9e415f48d
|
container-selinux-2:2.119.0-0.1.dev.gitb383f07
- bump to 2.119.0
- autobuilt b383f07
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-10-24 16:26:13 +00:00 |
|
RH Container Bot
|
7605f73935
|
container-selinux-2:2.118.0-0.1.dev.git79bdcb5
- bump to 2.118.0
- autobuilt 79bdcb5
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-10-11 14:19:30 +00:00 |
|
Lokesh Mandvekar (Bot)
|
603bad3c42
|
container-selinux-2:2.117.0-0.1.dev.gitbfde70a
- bump to 2.117.0
- autobuilt bfde70a
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-09-20 08:27:36 +00:00 |
|
Lokesh Mandvekar (Bot)
|
121490dc1d
|
container-selinux-2:2.116.0-0.1.dev.gitc5ef5ac
- bump to 2.116.0
- autobuilt c5ef5ac
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-09-05 14:35:01 +00:00 |
|
Lokesh Mandvekar (Bot)
|
5e7899d66a
|
container-selinux-2:2.115.0-0.1.dev.gitfddfbbb
- bump to 2.115.0
- autobuilt fddfbbb
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-08-21 14:30:06 +00:00 |
|
Lokesh Mandvekar (Bot)
|
c42be5bbaa
|
container-selinux-2:2.114.0-0.1.dev.git028ab00
- bump to 2.114.0
- autobuilt 028ab00
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-08-19 12:25:19 +00:00 |
|
Daniel J Walsh
|
3125beb1b1
|
Allow containers to name_bind to rawip_sockets.
|
2019-08-09 15:10:42 -04:00 |
|
Daniel J Walsh
|
7390ff8b05
|
Allow containers to use fusefs_t entrypoint
Dontaudit attempts to setattr on devicenodes.
|
2019-08-08 17:22:59 -04:00 |
|
Lokesh Mandvekar (Bot)
|
20e3511f2b
|
container-selinux-2:2.111.0-2.1.dev.git9a75deb
- bump to 2.111.0
- autobuilt 9a75deb
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-07-18 03:24:01 +00:00 |
|
Lokesh Mandvekar
|
9db5509450
|
container-selinux-2.110.0-1.1.dev.git544d71f
- bump to v2.110.0
- hook up to autobuild
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2019-07-11 00:16:25 +05:30 |
|
Daniel J Walsh
|
ff9d4132e3
|
Allow containers to accept connections on all socket types
Allow containers to connect to gssproxy stream sockets if added to container
|
2019-07-08 13:40:06 -04:00 |
|
Daniel J Walsh
|
e642c7930b
|
Allow containers to manipulate Onload files.
|
2019-06-14 09:49:20 -04:00 |
|
Daniel J Walsh
|
535b77ce65
|
Allow all unconfined domains to manage unlabeled keyrings
Add labeling for kubernetes pods
|
2019-06-11 15:04:40 -04:00 |
|
Daniel J Walsh
|
5a72894caf
|
Set proper labeling for container volumes in SilverBlue
|
2019-06-03 06:51:52 +02:00 |
|
Daniel J Walsh
|
c4b1cdf7e5
|
Set proper labeling for container volumes
|
2019-05-17 16:35:24 -04:00 |
|
Daniel J Walsh
|
0ced217ba7
|
Allow all container domains to be entered from container_file_t
|
2019-05-12 06:50:58 -04:00 |
|
Daniel J Walsh
|
5c4855c313
|
Allow containers to read rpm cache and rpm databse
|
2019-05-03 15:32:13 -04:00 |
|
Daniel J Walsh
|
3cdf9de46f
|
Allow containers running as spc_t to create unlabeled_t kernel keyrings
|
2019-04-23 11:44:55 -04:00 |
|
Daniel J Walsh
|
bd9b0f5853
|
Allow containers running as spc_t to create unlabeled_t kernel keyrings
|
2019-04-23 11:44:39 -04:00 |
|
Daniel J Walsh
|
920a724abf
|
Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
2019-04-23 11:43:50 -04:00 |
|
Daniel J Walsh
|
e2b52d2d49
|
Allow iptables to append to container_file_t
|
2019-04-15 09:14:34 -04:00 |
|
Daniel J Walsh
|
7bfa450762
|
Allow containers to read/write sysctl_kernel_ns_last_pid_t
Allow containers to manage fusefs sockets and named pipes
|
2019-04-12 12:48:55 -04:00 |
|
Daniel J Walsh
|
9a2cedceeb
|
Allow containers to create fusefs sockets and named pipes
|
2019-04-01 17:47:51 -04:00 |
|
Daniel J Walsh
|
e0dcd250c0
|
Allow init_t to manage container content
Allow container domains to create fifo_files on fusefs file systems
Add boolean to allow containers to use ceph file systems
|
2019-03-28 08:00:26 -04:00 |
|
Daniel J Walsh
|
81c6f71fc4
|
Allow container runtimes to create unlabeled keyrings
|
2019-03-26 08:15:18 -04:00 |
|
Daniel J Walsh
|
4b3e8ccdf7
|
Allow containers to mount and umount fuse file systems. This will allow us
to use buidlah within a user namespace separated container.
|
2019-03-20 15:41:00 -04:00 |
|
Daniel J Walsh
|
c650254748
|
Allow all container domains to have container file types entrypoint
Add new release to fix issues with udica
Allow container_runtime_t to dyntransition to container domains
|
2019-03-09 08:38:21 -05:00 |
|
Daniel J Walsh
|
7ef0bf8d6f
|
Allow unconfined user and services to dyntrans to container domains, needed for CRIU
Allow containers exectue hugetlb files.
|
2019-03-01 09:00:53 -05:00 |
|
Daniel J Walsh
|
cdbdbb8ff6
|
More allow rules to allow containers to run within containers
|
2019-02-28 14:51:59 -05:00 |
|
Daniel J Walsh
|
9481eed87d
|
More allow rules to allow containers to run within containers
|
2019-02-28 08:15:40 -05:00 |
|
Lokesh Mandvekar (Bot)
|
0a83311798
|
container-selinux-2:2.82-2.git5e1f62f
- bump to 2.82
- autobuilt 5e1f62f
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-02-26 05:15:09 +00:00 |
|
Daniel J Walsh
|
a2d2cf7715
|
Allow containers to mounton cgroup and container_file_t
|
2019-02-25 10:08:25 -05:00 |
|
Daniel J Walsh
|
9c1bcaed9f
|
Allow confined users to use containers
|
2019-02-10 07:36:32 -07:00 |
|
Lokesh Mandvekar (Bot)
|
e791d82a98
|
container-selinux-2:2.80-3.git21c2be6
- bump to 2.80
- autobuilt 21c2be6
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-02-08 05:02:18 +00:00 |
|
Daniel J Walsh
|
2ae0570400
|
Add new labels for paths for containerd
|
2019-02-07 10:02:09 -07:00 |
|
Daniel J Walsh
|
ff7f910564
|
Don't allow containers to talk to contianer runtime sockets
|
2019-01-22 15:05:39 +01:00 |
|
Daniel J Walsh
|
d4eda46462
|
Fix labeling on /var/lib/registries
|
2019-01-11 11:05:46 -05:00 |
|
Lokesh Mandvekar (Bot)
|
3899d72021
|
container-selinux-2:2.77-2.git2c57a17
- bump to 2.77
- autobuilt 2c57a17
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-01-11 04:55:44 +00:00 |
|
Daniel J Walsh
|
5e8d437aba
|
Fix labeling for images in docker daemon user namespace
|
2019-01-10 15:17:44 -05:00 |
|
Daniel J Walsh
|
22b5b2899f
|
Allow container-runtime to setattr on fifo_file handed into container runtime.
|
2018-12-17 15:47:41 -05:00 |
|
Daniel J Walsh
|
6065af86d3
|
Allow container-runtime to setattr on fifo_file handed into container runtime.
|
2018-12-17 14:23:41 -05:00 |
|
Lokesh Mandvekar (Bot)
|
fbbda7e411
|
container-selinux-2:2.752.75-1.dev.git99e2cfd1
- bump to 2.75
- autobuilt 99e2cfd
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-11-13 04:05:43 +00:00 |
|
Daniel J Walsh
|
60e901fa33
|
Allow containers to sendto dgram socket of container runtimes
Needed to run container runtimes in notify socket unit files.
|
2018-11-12 15:48:53 -05:00 |
|
Daniel J Walsh
|
20e37ffd79
|
Allow containers to use fuse file systems by default
|
2018-10-30 08:34:06 -04:00 |
|
Daniel J Walsh
|
5df1d6fc43
|
Allow containers to setexec themselves
|
2018-10-19 17:45:33 -04:00 |
|
Daniel J Walsh
|
88328244ed
|
Define spc_t as a container_domain, so that container_runtime will transition
to spc_t even when setup with nosuid.
|
2018-09-13 09:33:50 -04:00 |
|
Daniel J Walsh
|
1c6b7ec5b2
|
Allow unconfined_r to transition to system_r over container_runtime_exec_t
|
2018-08-22 18:20:47 -07:00 |
|
Daniel J Walsh
|
e6bf4b2eb8
|
Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t
|
2018-08-22 07:30:54 -07:00 |
|
Daniel J Walsh
|
4ed36528d0
|
dontaudit attempts to write to sysctl_kernel_t
|
2018-07-25 17:35:22 -04:00 |
|
Lokesh Mandvekar (Bot)
|
08b0e73601
|
container-selinux-2:2.68-2.gitc139a3d
- autobuilt c139a3d
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-07-18 02:04:23 +00:00 |
|
Daniel J Walsh
|
be54b1d5ac
|
Add labels for /var/lib/origin directory
Add container_file_t as a customizable_type
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
2018-07-16 12:21:16 -04:00 |
|
Lokesh Mandvekar (Bot)
|
814ce627ca
|
container-selinux-2:2.67-2.git042f7cf
- autobuilt 042f7cf
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-07-09 15:15:01 +00:00 |
|
Lokesh Mandvekar (Bot)
|
da11a8106d
|
container-selinux-2:2.67-1.git0407867
- bump to 2.67
- autobuilt 0407867
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-07-07 04:53:53 +00:00 |
|
Daniel J Walsh
|
37cbbf8e2c
|
Allow container runtimes to dbus chat with systemd-resolved
|
2018-06-30 07:25:56 -04:00 |
|
Lokesh Mandvekar (Bot)
|
ee88cda7eb
|
container-selinux-2:2.64-1.gitdfaf8fd
- bump to 2.64
- autobuilt dfaf8fd
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-06-12 04:41:04 +00:00 |
|
Daniel J Walsh
|
781a8d1c0d
|
Add new type to handle containers running with a non priv user in a userns
allow containers to map all sockets
|
2018-06-11 08:55:28 -04:00 |
|
Daniel J Walsh
|
3cc70f6448
|
Allow containers to create all socket classes
|
2018-06-03 06:14:48 -04:00 |
|
Daniel J Walsh
|
71d8662692
|
Allow containers to create icmp packets
|
2018-05-30 11:10:00 -04:00 |
|
Lokesh Mandvekar (Bot)
|
c2346462ef
|
container-selinux-2:2.62-1.git1ecf953
- bump to 2.62
- autobuilt 1ecf953
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-05-25 18:35:07 +00:00 |
|
Daniel J Walsh
|
25c4cb361a
|
Allow spc_t to load kernel modules from inside of container
|
2018-05-21 17:13:15 -04:00 |
|
Daniel J Walsh
|
59df2c8753
|
Allow containers to list cgroup directories
|
2018-05-21 13:19:17 -04:00 |
|
Daniel J Walsh
|
2be9204393
|
Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.
|
2018-05-21 12:49:37 -04:00 |
|
Daniel J Walsh
|
1f65dab452
|
Add labels to allow podman to be run from a systemd unit file
|
2018-05-18 11:53:51 -04:00 |
|
Daniel J Walsh
|
c46266a878
|
Dontaudit attempts by containers to write to /proc/self
|
2018-03-15 07:14:36 -04:00 |
|
Daniel J Walsh
|
37b78d28ce
|
Add rules for container domains to make writing custom policy easier
Allow shell_exec_t as a container_runtime_t entrypoint
|
2018-03-14 09:39:06 -04:00 |
|
Daniel J Walsh
|
69afd19c0a
|
Add rules for container domains to make writing custom policy easier
|
2018-03-08 14:33:17 +00:00 |
|
Daniel J Walsh
|
b658aee2f1
|
Allow shell_exec_t as a container_runtime_t entrypoint
|
2018-03-08 07:54:07 +00:00 |
|
Daniel J Walsh
|
5a5bf66b86
|
Allow bin_t as a container_runtime_t entrypoint
Add rules for running container runtimes on mls
|
2018-03-07 05:59:10 +00:00 |
|
Daniel J Walsh
|
9a7a65d0b5
|
Allow container domains to map container_file_t directories
|
2018-02-15 12:55:50 -05:00 |
|
Daniel J Walsh
|
f8193b5e32
|
Change default label of /exports to container_var_lib_t
|
2018-02-10 07:18:48 -05:00 |
|
Daniel J Walsh
|
3b45b2783a
|
Add support for nosuid_transition flags for container_runtime and unconfined domains
|
2018-02-03 06:17:13 -05:00 |
|
Daniel J Walsh
|
5b2867045c
|
Allow container domains to read kernel ipc info
|
2018-01-29 06:58:52 +01:00 |
|
Daniel J Walsh
|
a7ce3135c2
|
Allow containers to memory map the fifo_files leaked into container from
container runtimes.
|
2018-01-22 09:40:35 -05:00 |
|
Daniel J Walsh
|
a4c374a14d
|
Allow unconfined domains to transition to container types, when no-new-privs is set.
|
2018-01-16 13:56:33 -05:00 |
|
Daniel J Walsh
|
15578313e4
|
Add support to nnp_transition for container domains
Eliminates need for typebounds.
|
2018-01-09 11:47:20 -05:00 |
|
Daniel J Walsh
|
a8518096d5
|
Allow container_runtime_t to use user ttys
Fixes bounds check for container_t
|
2018-01-09 09:30:05 -05:00 |
|
Daniel J Walsh
|
64fe9d8cb1
|
Allow container runtimes to use interited terminals. This helps
satisfy the bounds check of container_t versus container_runtime_t.
|
2018-01-08 08:41:05 -05:00 |
|
Daniel J Walsh
|
98e715e396
|
Allow container runtimes to mmap container_file_t devices
Add labeling for rhel push plugin
|
2018-01-06 07:34:20 -05:00 |
|
Daniel J Walsh
|
e0502dafa3
|
Allow containers to use inherited ttys
Allow ostree to handle labels under /var/lib/containers/ostree
|
2017-12-12 13:11:14 +00:00 |
|
Daniel J Walsh
|
7f79cfab64
|
Allow containers to relabelto/from all file types to container_file_t
|
2017-11-27 14:57:52 +00:00 |
|
Daniel J Walsh
|
751a4e3fee
|
Allow container to map chr_files labeled container_file_t
|
2017-11-27 14:43:49 +00:00 |
|
Daniel J Walsh
|
8ed545a6c5
|
Allow container to map chr_files labeled container_file_t
|
2017-11-27 13:21:48 +00:00 |
|
Daniel J Walsh
|
4e9b7c333a
|
Dontaudit container processes getattr on kernel file systems
|
2017-11-22 15:35:20 +00:00 |
|
Daniel J Walsh
|
cc32bab0b3
|
Allow containers to read /etc/resolv.conf and /etc/hosts if volume
mounted into container.
|
2017-11-19 11:41:27 +00:00 |
|