rpms/container-selinux
6
0
Fork 0
Code Issues Pull Requests Releases Activity
41 Commits 27 Branches 132 Tags 606 KiB
be0a39a792
Commit Graph

28 Commits

Author SHA1 Message Date
Daniel J Walsh
be0a39a792 Make sure users creating content in /var/lib with right labels 2017-11-08 21:10:33 +00:00
Daniel J Walsh
31963a3bb5 Allow the container runtime to dbus chat with dnsmasq 
add dontaudit rules for container trying to write to /proc
 2017-10-26 11:38:02 +00:00
Daniel J Walsh
b99f18b8ce Add support for lxcd 
Add support for labeling of tmpfs storage created within a container.
 2017-10-10 16:17:55 +00:00
Daniel J Walsh
ecb1760cbb Allow a container to umount a container_file_t filesystem 2017-10-09 13:29:39 +00:00
Daniel J Walsh
5a61b6808a Allow container runtimes to work with the netfilter sockets 
Allow container_file_t to be an entrypoint for VM's
 Allow spc_t domains to transition to svirt_t
 2017-10-04 09:10:48 +00:00
Daniel J Walsh
c6e706af6d Make sure container_runtime_t has all access of container_t 2017-09-22 11:08:40 +00:00
Daniel J Walsh
652d659338 Allow container runtimes to create sockets in tmp dirs 2017-09-07 09:01:16 +00:00
Daniel J Walsh
1aad223080 Add additonal support for crio labeling. 2017-09-05 20:40:09 +00:00
Daniel J Walsh
bb6875d358 Allow containers to execmod on container_share_t files. 2017-07-11 17:36:41 +00:00
Daniel J Walsh
ef7772c664 Allow container processes to getsession 2017-06-30 15:53:25 +00:00
Daniel J Walsh
fbb3cfcf9a Allow containers to create tun sockets 2017-06-12 18:13:46 +00:00
Daniel J Walsh
f7112ead8f Fix labeling for CRI-O files in overlay subdirs 2017-06-06 19:46:53 +00:00
Daniel J Walsh
590defb1b5 Revert change to run the container_runtime as ranged 2017-06-05 20:10:25 +00:00
Daniel J Walsh
4868764a43 Add default labeling for cri-o in /etc/crio directories 2017-06-01 21:47:32 +00:00
Daniel J Walsh
379ddc4b04 Allow container types to read/write container_runtime fifo files 
Allow a container runtime to mount on top of its own /proc
 2017-05-31 12:28:03 +00:00
Dan Walsh
1b640cb851 Add labels for crio rename 
Break container_t rules out to use a separate container_domain
Allow containers to be able to set namespaced SYCTLS
Allow sandbox containers manage fuse files.
Fixes to make container_runtimes work on MLS machines
Bump version to allow handling of container_file_t filesystems
Allow containers to mount, remount and umount container_file_t file systems
Fixes to handle cap_userns
Give container_t access to XFRM sockets
Allow spc_t to dbus chat with init system
Allow spc_t to dbus chat with init system
Add rules to allow container runtimes to run with unconfined disabled
Add rules to support cgroup file systems mounted into container.
Fix typebounds entrypoint problems
Fix typebounds problems
Add typebounds statement for container_t from container_runtime_t
We should only label runc not runc*
 2017-05-19 07:21:02 -04:00
Daniel J Walsh
d6c9f15f16 Add rules to allow container runtimes to run with unconfined disabled 
Add rules to support cgroup file systems mounted into container.
 2017-02-28 13:47:46 -05:00
Daniel J Walsh
068028a20c Add rules to allow container_runtimes to run with unconfined disabled 2017-02-13 06:36:05 -08:00
Daniel J Walsh
4e04f9adef Add rules to allow container_runtimes to run with unconfined disabled 2017-02-13 05:33:06 -08:00
Daniel J Walsh
e6af9053a7 Allow container_file_t to be stored on cgroup_t file systems 2017-02-09 08:59:37 -05:00
Daniel J Walsh
afcdd30e26 Fix type in container interface file 2017-02-07 09:24:46 -05:00
Daniel J Walsh
761ca4f112 Fix typebounds entrypoint problems 2017-02-06 10:28:33 -05:00
Daniel J Walsh
3fcf74cdce Fix typebounds problems 2017-01-27 13:14:10 +01:00
Daniel J Walsh
c06c926b64 Add typebounds statement for container_t from container_runtime_t 
We should only label runc not runc*
 2017-01-19 12:00:49 -05:00
Daniel J Walsh
c8e82ceefa Fix labeling on /usr/bin/runc.* 
Add sandbox_net_domain access to container.te
Remove containers ability to look at /etc content
 2017-01-17 17:10:15 -05:00
Lokesh Mandvekar
98c88e3954 container-selinux-2:2.2-1 
- bump to v2.2
- additional labeling for ocid

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2017-01-06 16:29:04 -05:00
Lokesh Mandvekar
7fa12a4c94 container-selinux-2:2.0-1 
- Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a
standalone package)
- include projectatomic/RHEL-1.12 branch commit for building on centos/rhel

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2017-01-06 14:34:31 -05:00
Fedora Release Engineering
3dde170592 Initial setup of the repo 2017-01-06 15:04:16 +00:00