Daniel J Walsh
|
b66e01696f
|
Allow containers to sendto dgram socket of container runtimes
Needed to run container runtimes in notify socket unit files.
|
2018-11-12 15:48:19 -05:00 |
|
Daniel J Walsh
|
20e37ffd79
|
Allow containers to use fuse file systems by default
|
2018-10-30 08:34:06 -04:00 |
|
Daniel J Walsh
|
5df1d6fc43
|
Allow containers to setexec themselves
|
2018-10-19 17:45:33 -04:00 |
|
Daniel J Walsh
|
2efd385d7d
|
Remove requires for policycoreutils-python-utils we don't need it.
|
2018-09-22 06:39:25 -04:00 |
|
Daniel J Walsh
|
88328244ed
|
Define spc_t as a container_domain, so that container_runtime will transition
to spc_t even when setup with nosuid.
|
2018-09-13 09:33:50 -04:00 |
|
Daniel J Walsh
|
90d38a296a
|
Allow container_runtimes to setattr on callers fifo_files
|
2018-09-12 07:45:24 -04:00 |
|
Daniel J Walsh
|
5c39536b9a
|
Fix restorecon to not error on missing directory
|
2018-08-27 09:17:30 -04:00 |
|
Daniel J Walsh
|
1c6b7ec5b2
|
Allow unconfined_r to transition to system_r over container_runtime_exec_t
|
2018-08-22 18:20:47 -07:00 |
|
Daniel J Walsh
|
e6bf4b2eb8
|
Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t
|
2018-08-22 07:30:54 -07:00 |
|
Lokesh Mandvekar
|
efac8b1c4b
|
remove unnecessary distro conditionals
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-08-12 01:45:38 -04:00 |
|
Daniel J Walsh
|
4ed36528d0
|
dontaudit attempts to write to sysctl_kernel_t
|
2018-07-25 17:35:22 -04:00 |
|
Lokesh Mandvekar (Bot)
|
08b0e73601
|
container-selinux-2:2.68-2.gitc139a3d
- autobuilt c139a3d
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-07-18 02:04:23 +00:00 |
|
Daniel J Walsh
|
be54b1d5ac
|
Add labels for /var/lib/origin directory
Add container_file_t as a customizable_type
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
2018-07-16 12:21:16 -04:00 |
|
Fedora Release Engineering
|
49aa687d4c
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
2018-07-12 22:12:40 +00:00 |
|
Lokesh Mandvekar
|
aa27ac4a74
|
update release tag to reflect unreleased status
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-07-09 12:07:01 -04:00 |
|
Lokesh Mandvekar (Bot)
|
814ce627ca
|
container-selinux-2:2.67-2.git042f7cf
- autobuilt 042f7cf
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-07-09 15:15:01 +00:00 |
|
Lokesh Mandvekar (Bot)
|
da11a8106d
|
container-selinux-2:2.67-1.git0407867
- bump to 2.67
- autobuilt 0407867
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-07-07 04:53:53 +00:00 |
|
Daniel J Walsh
|
e3d623436f
|
Allow container runtimes to dbus chat with systemd-resolved
|
2018-06-30 07:25:12 -04:00 |
|
Lokesh Mandvekar (Bot)
|
ee88cda7eb
|
container-selinux-2:2.64-1.gitdfaf8fd
- bump to 2.64
- autobuilt dfaf8fd
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-06-12 04:41:04 +00:00 |
|
Daniel J Walsh
|
781a8d1c0d
|
Add new type to handle containers running with a non priv user in a userns
allow containers to map all sockets
|
2018-06-11 08:55:28 -04:00 |
|
Daniel J Walsh
|
91cc6aa535
|
Allow containers to create all socket classes
|
2018-06-03 06:09:33 -04:00 |
|
Daniel J Walsh
|
71d8662692
|
Allow containers to create icmp packets
|
2018-05-30 11:10:00 -04:00 |
|
Lokesh Mandvekar (Bot)
|
c2346462ef
|
container-selinux-2:2.62-1.git1ecf953
- bump to 2.62
- autobuilt 1ecf953
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-05-25 18:35:07 +00:00 |
|
Daniel J Walsh
|
25c4cb361a
|
Allow spc_t to load kernel modules from inside of container
|
2018-05-21 17:13:15 -04:00 |
|
Daniel J Walsh
|
59df2c8753
|
Allow containers to list cgroup directories
|
2018-05-21 13:19:17 -04:00 |
|
Daniel J Walsh
|
2be9204393
|
Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.
|
2018-05-21 12:49:37 -04:00 |
|
Daniel J Walsh
|
cbb3d2bf04
|
Run restorecon /usr/bin/podman in postinstall
|
2018-05-21 11:03:42 -04:00 |
|
Daniel J Walsh
|
1f65dab452
|
Add labels to allow podman to be run from a systemd unit file
|
2018-05-18 11:53:51 -04:00 |
|
Lokesh Mandvekar (Bot)
|
cbb99afa99
|
container-selinux-2:2.55-12.gitd248f91
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-17 18:32:42 +00:00 |
|
Lokesh Mandvekar (Bot)
|
68364ba992
|
container-selinux-2:2.55-11.gitd248f91
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-17 17:53:26 +00:00 |
|
Lokesh Mandvekar
|
e87f128825
|
correct Source0 if centos
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-04-16 15:59:39 -04:00 |
|
Lokesh Mandvekar (Bot)
|
654515c525
|
container-selinux-2:2.55-10.gitd248f91
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-16 19:10:54 +00:00 |
|
Lokesh Mandvekar (Bot)
|
6d73abcf30
|
container-selinux-2:2.55-9.gitd248f91
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-16 14:49:04 +00:00 |
|
Lokesh Mandvekar
|
7506926843
|
add shortcommit0 in release string
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-04-15 23:42:42 -04:00 |
|
Lokesh Mandvekar (Bot)
|
95b2b1d800
|
container-selinux-2:2.55-8
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-16 03:31:26 +00:00 |
|
Lokesh Mandvekar (Bot)
|
357bc56e2f
|
container-selinux-2:2.55-7
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-16 03:21:09 +00:00 |
|
Lokesh Mandvekar (Bot)
|
03bdc46668
|
container-selinux-2:2.55-6
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-16 02:57:50 +00:00 |
|
Lokesh Mandvekar (Bot)
|
e49a7cae6a
|
container-selinux-2:2.55-5
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-09 19:29:53 +00:00 |
|
Lokesh Mandvekar (Bot)
|
af36061d14
|
container-selinux-2:2.55-4
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-09 15:30:25 +00:00 |
|
Lokesh Mandvekar
|
7c61638200
|
container-selinux-2:2.55-3
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-04-09 07:56:05 -04:00 |
|
Lokesh Mandvekar
|
c9ddfc8c4a
|
change case cause it messes up my autobuilder script :D
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-04-09 07:55:39 -04:00 |
|
Lokesh Mandvekar
|
802379f601
|
container-selinux-
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-04-09 07:50:15 -04:00 |
|
Lokesh Mandvekar
|
4c7ed6951b
|
packaging changes for centos v/s fedora
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-04-09 07:47:49 -04:00 |
|
Daniel J Walsh
|
c46266a878
|
Dontaudit attempts by containers to write to /proc/self
|
2018-03-15 07:14:36 -04:00 |
|
Daniel J Walsh
|
37b78d28ce
|
Add rules for container domains to make writing custom policy easier
Allow shell_exec_t as a container_runtime_t entrypoint
|
2018-03-14 09:39:06 -04:00 |
|
Daniel J Walsh
|
69afd19c0a
|
Add rules for container domains to make writing custom policy easier
|
2018-03-08 14:33:17 +00:00 |
|
Daniel J Walsh
|
b658aee2f1
|
Allow shell_exec_t as a container_runtime_t entrypoint
|
2018-03-08 07:54:07 +00:00 |
|
Daniel J Walsh
|
5a5bf66b86
|
Allow bin_t as a container_runtime_t entrypoint
Add rules for running container runtimes on mls
|
2018-03-07 05:59:10 +00:00 |
|
Daniel J Walsh
|
9a7a65d0b5
|
Allow container domains to map container_file_t directories
|
2018-02-15 12:55:50 -05:00 |
|
Daniel J Walsh
|
f8193b5e32
|
Change default label of /exports to container_var_lib_t
|
2018-02-10 07:18:48 -05:00 |
|