RH Container Bot
|
a762720d65
|
container-selinux-2:2.127.0-2.dev.git6caf15d
- bump to 2.127.0
- autobuilt 6caf15d
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2020-03-27 15:07:51 +00:00 |
|
Daniel J Walsh
|
218d40242f
|
Install selinux contexts file into /usr/share/containers/selinux/contexts
|
2020-03-26 10:13:41 -04:00 |
|
RH Container Bot
|
3c31e55f4e
|
container-selinux-2:2.126.0-2.dev.git867a377
- bump to 2.126.0
- autobuilt 867a377
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2020-03-26 14:07:29 +00:00 |
|
Lokesh Mandvekar
|
f8d59d5712
|
container-selinux-2:2.125.2-2.dev.gitae0720d
- bump release tag
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2020-03-23 17:00:44 -04:00 |
|
Daniel J Walsh
|
230c717ecf
|
Install container_contexts file
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
2020-03-23 15:45:54 -04:00 |
|
RH Container Bot
|
be3fb2313c
|
container-selinux-2:2.125.0-3.1.dev.gitfde876b
- autobuilt fde876b
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2020-03-23 19:07:23 +00:00 |
|
Lokesh Mandvekar
|
e913b2a98d
|
container-selinux-2:2.125.0-2.1.dev.gitb321ea4
- bump release tag for smooth upgrade path
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2020-03-23 09:03:58 -04:00 |
|
RH Container Bot
|
5629e18d78
|
container-selinux-2:2.125.0-0.1.dev.gitb321ea4
- bump to 2.125.0
- autobuilt b321ea4
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2020-03-20 18:11:34 +00:00 |
|
Lokesh Mandvekar
|
ad6b6a78c6
|
keep functional upgrade path
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2020-02-11 10:21:59 -05:00 |
|
RH Container Bot
|
a7a27f3909
|
container-selinux-2:2.124.0-0.4.dev.git5624558
- autobuilt 5624558
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2020-02-11 04:12:21 +00:00 |
|
Fedora Release Engineering
|
66ff78ffab
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
2020-01-28 14:44:54 +00:00 |
|
Jindrich Novy
|
7ba0084bf5
|
container-selinux-2.124.0-0.2.dev.gitf958d0c.fc32
- use more current selinux policy version
Signed-off-by: Jindrich Novy <jnovy@redhat.com>
|
2020-01-03 16:17:26 +01:00 |
|
RH Container Bot
|
9f271533a0
|
container-selinux-2:2.124.0-0.1.dev.gitf958d0c
- bump to 2.124.0
- autobuilt f958d0c
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-12-11 18:13:36 +00:00 |
|
Lokesh Mandvekar
|
cf0837dcdd
|
container-selinux-2:2.123.0-0.4.dev.git0b25a4a
- run selinux_relabel_pre
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2019-12-09 11:27:54 -05:00 |
|
RH Container Bot
|
fda115ab94
|
container-selinux-2:2.123.0-0.3.dev.git0b25a4a
- autobuilt 0b25a4a
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-11-29 12:10:21 +00:00 |
|
Daniel J Walsh
|
c36566c4ae
|
Use selinux macros in post install scripts
|
2019-11-29 06:53:56 -05:00 |
|
RH Container Bot
|
c10fcb7be3
|
container-selinux-2:2.123.0-0.1.dev.git661a904
- bump to 2.123.0
- autobuilt 661a904
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-11-25 16:10:35 +00:00 |
|
RH Container Bot
|
7d86365609
|
container-selinux-2:2.122.0-0.1.dev.git4560dd4
- bump to 2.122.0
- autobuilt 4560dd4
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-11-22 21:10:14 +00:00 |
|
RH Container Bot
|
8afcfa88a8
|
container-selinux-2:2.120.1-0.2.dev.gita233788
- autobuilt a233788
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-11-19 14:15:26 +00:00 |
|
RH Container Bot
|
445a455adf
|
container-selinux-2:2.120.1-0.1.dev.git6fb6dcf
- bump to 2.120.1
- autobuilt 6fb6dcf
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-11-06 20:15:33 +00:00 |
|
RH Container Bot
|
244a2cbe3c
|
container-selinux-2:2.119.1-0.1.dev.git2ecb2a8
- bump to 2.119.1
- autobuilt 2ecb2a8
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-10-27 09:21:18 +00:00 |
|
RH Container Bot
|
c9e415f48d
|
container-selinux-2:2.119.0-0.1.dev.gitb383f07
- bump to 2.119.0
- autobuilt b383f07
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-10-24 16:26:13 +00:00 |
|
RH Container Bot
|
7605f73935
|
container-selinux-2:2.118.0-0.1.dev.git79bdcb5
- bump to 2.118.0
- autobuilt 79bdcb5
Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
|
2019-10-11 14:19:30 +00:00 |
|
Lokesh Mandvekar (Bot)
|
603bad3c42
|
container-selinux-2:2.117.0-0.1.dev.gitbfde70a
- bump to 2.117.0
- autobuilt bfde70a
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-09-20 08:27:36 +00:00 |
|
Lokesh Mandvekar (Bot)
|
121490dc1d
|
container-selinux-2:2.116.0-0.1.dev.gitc5ef5ac
- bump to 2.116.0
- autobuilt c5ef5ac
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-09-05 14:35:01 +00:00 |
|
Lokesh Mandvekar (Bot)
|
5e7899d66a
|
container-selinux-2:2.115.0-0.1.dev.gitfddfbbb
- bump to 2.115.0
- autobuilt fddfbbb
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-08-21 14:30:06 +00:00 |
|
Lokesh Mandvekar (Bot)
|
c42be5bbaa
|
container-selinux-2:2.114.0-0.1.dev.git028ab00
- bump to 2.114.0
- autobuilt 028ab00
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-08-19 12:25:19 +00:00 |
|
Daniel J Walsh
|
3125beb1b1
|
Allow containers to name_bind to rawip_sockets.
|
2019-08-09 15:10:42 -04:00 |
|
Daniel J Walsh
|
7390ff8b05
|
Allow containers to use fusefs_t entrypoint
Dontaudit attempts to setattr on devicenodes.
|
2019-08-08 17:22:59 -04:00 |
|
Fedora Release Engineering
|
1164ea7a24
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
2019-07-24 20:57:33 +00:00 |
|
Lokesh Mandvekar (Bot)
|
20e3511f2b
|
container-selinux-2:2.111.0-2.1.dev.git9a75deb
- bump to 2.111.0
- autobuilt 9a75deb
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-07-18 03:24:01 +00:00 |
|
Lokesh Mandvekar
|
9db5509450
|
container-selinux-2.110.0-1.1.dev.git544d71f
- bump to v2.110.0
- hook up to autobuild
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2019-07-11 00:16:25 +05:30 |
|
Daniel J Walsh
|
ff9d4132e3
|
Allow containers to accept connections on all socket types
Allow containers to connect to gssproxy stream sockets if added to container
|
2019-07-08 13:40:06 -04:00 |
|
Daniel J Walsh
|
e642c7930b
|
Allow containers to manipulate Onload files.
|
2019-06-14 09:49:20 -04:00 |
|
Daniel J Walsh
|
535b77ce65
|
Allow all unconfined domains to manage unlabeled keyrings
Add labeling for kubernetes pods
|
2019-06-11 15:04:40 -04:00 |
|
Daniel J Walsh
|
5a72894caf
|
Set proper labeling for container volumes in SilverBlue
|
2019-06-03 06:51:52 +02:00 |
|
Daniel J Walsh
|
bd1fb39d87
|
Set proper labeling for container volumes
|
2019-05-17 16:34:53 -04:00 |
|
Daniel J Walsh
|
0ced217ba7
|
Allow all container domains to be entered from container_file_t
|
2019-05-12 06:50:58 -04:00 |
|
Daniel J Walsh
|
5c4855c313
|
Allow containers to read rpm cache and rpm databse
|
2019-05-03 15:32:13 -04:00 |
|
Daniel J Walsh
|
920a724abf
|
Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
2019-04-23 11:43:50 -04:00 |
|
Daniel J Walsh
|
dfec1aa725
|
Fix labeling on /var/lib/containers/storage/overlay-layers,images to be sharable.
|
2019-04-22 16:51:35 -04:00 |
|
Daniel J Walsh
|
e2b52d2d49
|
Allow iptables to append to container_file_t
|
2019-04-15 09:14:34 -04:00 |
|
Daniel J Walsh
|
7bfa450762
|
Allow containers to read/write sysctl_kernel_ns_last_pid_t
Allow containers to manage fusefs sockets and named pipes
|
2019-04-12 12:48:55 -04:00 |
|
Daniel J Walsh
|
83c147430e
|
Allow containers to create fusefs sockets and named pipes
|
2019-04-01 17:46:19 -04:00 |
|
Daniel J Walsh
|
e0dcd250c0
|
Allow init_t to manage container content
Allow container domains to create fifo_files on fusefs file systems
Add boolean to allow containers to use ceph file systems
|
2019-03-28 08:00:26 -04:00 |
|
Daniel J Walsh
|
81c6f71fc4
|
Allow container runtimes to create unlabeled keyrings
|
2019-03-26 08:15:18 -04:00 |
|
Daniel J Walsh
|
4b3e8ccdf7
|
Allow containers to mount and umount fuse file systems. This will allow us
to use buidlah within a user namespace separated container.
|
2019-03-20 15:41:00 -04:00 |
|
Daniel J Walsh
|
728707509f
|
Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/container-selinux
|
2019-03-09 08:40:53 -05:00 |
|
Daniel J Walsh
|
c650254748
|
Allow all container domains to have container file types entrypoint
Add new release to fix issues with udica
Allow container_runtime_t to dyntransition to container domains
|
2019-03-09 08:38:21 -05:00 |
|
Lokesh Mandvekar (Bot)
|
8285069315
|
container-selinux-2:2.89-5.git2521d0d
- bump to 2.89
- autobuilt 2521d0d
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-03-09 05:21:39 +00:00 |
|
Lokesh Mandvekar (Bot)
|
8200ea022e
|
container-selinux-2:2.88-4.git5c98b56
- bump to 2.88
- autobuilt 5c98b56
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-03-07 05:22:18 +00:00 |
|
Lokesh Mandvekar (Bot)
|
bee8aaf051
|
container-selinux-2:2.87-3.git2c1a2ab
- autobuilt 2c1a2ab
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-03-06 05:18:39 +00:00 |
|
Lokesh Mandvekar (Bot)
|
17ada63853
|
container-selinux-2:2.87-2.git891a85f
- bump to 2.87
- autobuilt 891a85f
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-03-02 05:05:56 +00:00 |
|
Daniel J Walsh
|
7ef0bf8d6f
|
Allow unconfined user and services to dyntrans to container domains, needed for CRIU
Allow containers exectue hugetlb files.
|
2019-03-01 09:00:53 -05:00 |
|
Daniel J Walsh
|
cdbdbb8ff6
|
More allow rules to allow containers to run within containers
|
2019-02-28 14:51:59 -05:00 |
|
Daniel J Walsh
|
9481eed87d
|
More allow rules to allow containers to run within containers
|
2019-02-28 08:15:40 -05:00 |
|
Lokesh Mandvekar (Bot)
|
0a83311798
|
container-selinux-2:2.82-2.git5e1f62f
- bump to 2.82
- autobuilt 5e1f62f
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-02-26 05:15:09 +00:00 |
|
Daniel J Walsh
|
a2d2cf7715
|
Allow containers to mounton cgroup and container_file_t
|
2019-02-25 10:08:25 -05:00 |
|
Daniel J Walsh
|
9c1bcaed9f
|
Allow confined users to use containers
|
2019-02-10 07:36:32 -07:00 |
|
Lokesh Mandvekar (Bot)
|
e791d82a98
|
container-selinux-2:2.80-3.git21c2be6
- bump to 2.80
- autobuilt 21c2be6
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-02-08 05:02:18 +00:00 |
|
Daniel J Walsh
|
2ae0570400
|
Add new labels for paths for containerd
|
2019-02-07 10:02:09 -07:00 |
|
Fedora Release Engineering
|
6355b5e774
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
2019-01-31 16:13:35 +00:00 |
|
Daniel J Walsh
|
f7bd24fd60
|
Don't allow containers to talk to contianer runtime sockets
|
2019-01-22 15:04:58 +01:00 |
|
Daniel J Walsh
|
a562ce586f
|
Don't allow containers to talk to contianer runtime sockets
|
2019-01-22 14:54:38 +01:00 |
|
Daniel J Walsh
|
d4eda46462
|
Fix labeling on /var/lib/registries
|
2019-01-11 11:05:46 -05:00 |
|
Lokesh Mandvekar (Bot)
|
3899d72021
|
container-selinux-2:2.77-2.git2c57a17
- bump to 2.77
- autobuilt 2c57a17
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2019-01-11 04:55:44 +00:00 |
|
Daniel J Walsh
|
5e8d437aba
|
Fix labeling for images in docker daemon user namespace
|
2019-01-10 15:17:44 -05:00 |
|
Daniel J Walsh
|
22b5b2899f
|
Allow container-runtime to setattr on fifo_file handed into container runtime.
|
2018-12-17 15:47:41 -05:00 |
|
Daniel J Walsh
|
6065af86d3
|
Allow container-runtime to setattr on fifo_file handed into container runtime.
|
2018-12-17 14:23:41 -05:00 |
|
Lokesh Mandvekar (Bot)
|
fbbda7e411
|
container-selinux-2:2.752.75-1.dev.git99e2cfd1
- bump to 2.75
- autobuilt 99e2cfd
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-11-13 04:05:43 +00:00 |
|
Daniel J Walsh
|
b66e01696f
|
Allow containers to sendto dgram socket of container runtimes
Needed to run container runtimes in notify socket unit files.
|
2018-11-12 15:48:19 -05:00 |
|
Daniel J Walsh
|
20e37ffd79
|
Allow containers to use fuse file systems by default
|
2018-10-30 08:34:06 -04:00 |
|
Daniel J Walsh
|
5df1d6fc43
|
Allow containers to setexec themselves
|
2018-10-19 17:45:33 -04:00 |
|
Daniel J Walsh
|
2efd385d7d
|
Remove requires for policycoreutils-python-utils we don't need it.
|
2018-09-22 06:39:25 -04:00 |
|
Daniel J Walsh
|
88328244ed
|
Define spc_t as a container_domain, so that container_runtime will transition
to spc_t even when setup with nosuid.
|
2018-09-13 09:33:50 -04:00 |
|
Daniel J Walsh
|
90d38a296a
|
Allow container_runtimes to setattr on callers fifo_files
|
2018-09-12 07:45:24 -04:00 |
|
Daniel J Walsh
|
5c39536b9a
|
Fix restorecon to not error on missing directory
|
2018-08-27 09:17:30 -04:00 |
|
Daniel J Walsh
|
1c6b7ec5b2
|
Allow unconfined_r to transition to system_r over container_runtime_exec_t
|
2018-08-22 18:20:47 -07:00 |
|
Daniel J Walsh
|
e6bf4b2eb8
|
Allow unconfined_t to transition to container_runtime_t over container_runtime_exec_t
|
2018-08-22 07:30:54 -07:00 |
|
Lokesh Mandvekar
|
efac8b1c4b
|
remove unnecessary distro conditionals
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-08-12 01:45:38 -04:00 |
|
Daniel J Walsh
|
4ed36528d0
|
dontaudit attempts to write to sysctl_kernel_t
|
2018-07-25 17:35:22 -04:00 |
|
Lokesh Mandvekar (Bot)
|
08b0e73601
|
container-selinux-2:2.68-2.gitc139a3d
- autobuilt c139a3d
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-07-18 02:04:23 +00:00 |
|
Daniel J Walsh
|
be54b1d5ac
|
Add labels for /var/lib/origin directory
Add container_file_t as a customizable_type
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
2018-07-16 12:21:16 -04:00 |
|
Fedora Release Engineering
|
49aa687d4c
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
2018-07-12 22:12:40 +00:00 |
|
Lokesh Mandvekar
|
aa27ac4a74
|
update release tag to reflect unreleased status
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-07-09 12:07:01 -04:00 |
|
Lokesh Mandvekar (Bot)
|
814ce627ca
|
container-selinux-2:2.67-2.git042f7cf
- autobuilt 042f7cf
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-07-09 15:15:01 +00:00 |
|
Lokesh Mandvekar (Bot)
|
da11a8106d
|
container-selinux-2:2.67-1.git0407867
- bump to 2.67
- autobuilt 0407867
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-07-07 04:53:53 +00:00 |
|
Daniel J Walsh
|
e3d623436f
|
Allow container runtimes to dbus chat with systemd-resolved
|
2018-06-30 07:25:12 -04:00 |
|
Lokesh Mandvekar (Bot)
|
ee88cda7eb
|
container-selinux-2:2.64-1.gitdfaf8fd
- bump to 2.64
- autobuilt dfaf8fd
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-06-12 04:41:04 +00:00 |
|
Daniel J Walsh
|
781a8d1c0d
|
Add new type to handle containers running with a non priv user in a userns
allow containers to map all sockets
|
2018-06-11 08:55:28 -04:00 |
|
Daniel J Walsh
|
91cc6aa535
|
Allow containers to create all socket classes
|
2018-06-03 06:09:33 -04:00 |
|
Daniel J Walsh
|
71d8662692
|
Allow containers to create icmp packets
|
2018-05-30 11:10:00 -04:00 |
|
Lokesh Mandvekar (Bot)
|
c2346462ef
|
container-selinux-2:2.62-1.git1ecf953
- bump to 2.62
- autobuilt 1ecf953
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-05-25 18:35:07 +00:00 |
|
Daniel J Walsh
|
25c4cb361a
|
Allow spc_t to load kernel modules from inside of container
|
2018-05-21 17:13:15 -04:00 |
|
Daniel J Walsh
|
59df2c8753
|
Allow containers to list cgroup directories
|
2018-05-21 13:19:17 -04:00 |
|
Daniel J Walsh
|
2be9204393
|
Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.
|
2018-05-21 12:49:37 -04:00 |
|
Daniel J Walsh
|
cbb3d2bf04
|
Run restorecon /usr/bin/podman in postinstall
|
2018-05-21 11:03:42 -04:00 |
|
Daniel J Walsh
|
1f65dab452
|
Add labels to allow podman to be run from a systemd unit file
|
2018-05-18 11:53:51 -04:00 |
|
Lokesh Mandvekar (Bot)
|
cbb99afa99
|
container-selinux-2:2.55-12.gitd248f91
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-17 18:32:42 +00:00 |
|
Lokesh Mandvekar (Bot)
|
68364ba992
|
container-selinux-2:2.55-11.gitd248f91
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-17 17:53:26 +00:00 |
|
Lokesh Mandvekar
|
e87f128825
|
correct Source0 if centos
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-04-16 15:59:39 -04:00 |
|
Lokesh Mandvekar (Bot)
|
654515c525
|
container-selinux-2:2.55-10.gitd248f91
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-16 19:10:54 +00:00 |
|
Lokesh Mandvekar (Bot)
|
6d73abcf30
|
container-selinux-2:2.55-9.gitd248f91
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-16 14:49:04 +00:00 |
|
Lokesh Mandvekar
|
7506926843
|
add shortcommit0 in release string
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-04-15 23:42:42 -04:00 |
|
Lokesh Mandvekar (Bot)
|
95b2b1d800
|
container-selinux-2:2.55-8
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-16 03:31:26 +00:00 |
|
Lokesh Mandvekar (Bot)
|
357bc56e2f
|
container-selinux-2:2.55-7
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-16 03:21:09 +00:00 |
|
Lokesh Mandvekar (Bot)
|
03bdc46668
|
container-selinux-2:2.55-6
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-16 02:57:50 +00:00 |
|
Lokesh Mandvekar (Bot)
|
e49a7cae6a
|
container-selinux-2:2.55-5
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-09 19:29:53 +00:00 |
|
Lokesh Mandvekar (Bot)
|
af36061d14
|
container-selinux-2:2.55-4
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar (Bot) <lsm5+bot@fedoraproject.org>
|
2018-04-09 15:30:25 +00:00 |
|
Lokesh Mandvekar
|
7c61638200
|
container-selinux-2:2.55-3
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-04-09 07:56:05 -04:00 |
|
Lokesh Mandvekar
|
c9ddfc8c4a
|
change case cause it messes up my autobuilder script :D
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-04-09 07:55:39 -04:00 |
|
Lokesh Mandvekar
|
802379f601
|
container-selinux-
- autobuilt commit d248f91
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-04-09 07:50:15 -04:00 |
|
Lokesh Mandvekar
|
4c7ed6951b
|
packaging changes for centos v/s fedora
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2018-04-09 07:47:49 -04:00 |
|
Daniel J Walsh
|
c46266a878
|
Dontaudit attempts by containers to write to /proc/self
|
2018-03-15 07:14:36 -04:00 |
|
Daniel J Walsh
|
37b78d28ce
|
Add rules for container domains to make writing custom policy easier
Allow shell_exec_t as a container_runtime_t entrypoint
|
2018-03-14 09:39:06 -04:00 |
|
Daniel J Walsh
|
69afd19c0a
|
Add rules for container domains to make writing custom policy easier
|
2018-03-08 14:33:17 +00:00 |
|
Daniel J Walsh
|
b658aee2f1
|
Allow shell_exec_t as a container_runtime_t entrypoint
|
2018-03-08 07:54:07 +00:00 |
|
Daniel J Walsh
|
5a5bf66b86
|
Allow bin_t as a container_runtime_t entrypoint
Add rules for running container runtimes on mls
|
2018-03-07 05:59:10 +00:00 |
|
Daniel J Walsh
|
9a7a65d0b5
|
Allow container domains to map container_file_t directories
|
2018-02-15 12:55:50 -05:00 |
|
Daniel J Walsh
|
f8193b5e32
|
Change default label of /exports to container_var_lib_t
|
2018-02-10 07:18:48 -05:00 |
|
Igor Gnatenko
|
a7071bc06f
|
Escape macros in %changelog
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
|
2018-02-09 09:04:17 +01:00 |
|
Fedora Release Engineering
|
07b6801caf
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
2018-02-07 05:40:38 +00:00 |
|
Daniel J Walsh
|
3b45b2783a
|
Add support for nosuid_transition flags for container_runtime and unconfined domains
|
2018-02-03 06:17:13 -05:00 |
|
Daniel J Walsh
|
1b20654010
|
Allow containers to sendto their own stream sockets
|
2018-02-02 13:40:54 -05:00 |
|
Daniel J Walsh
|
5b2867045c
|
Allow container domains to read kernel ipc info
|
2018-01-29 06:58:52 +01:00 |
|
Daniel J Walsh
|
a7ce3135c2
|
Allow containers to memory map the fifo_files leaked into container from
container runtimes.
|
2018-01-22 09:40:35 -05:00 |
|
Daniel J Walsh
|
a4c374a14d
|
Allow unconfined domains to transition to container types, when no-new-privs is set.
|
2018-01-16 13:56:33 -05:00 |
|
Daniel J Walsh
|
15578313e4
|
Add support to nnp_transition for container domains
Eliminates need for typebounds.
|
2018-01-09 11:47:20 -05:00 |
|
Daniel J Walsh
|
a8518096d5
|
Allow container_runtime_t to use user ttys
Fixes bounds check for container_t
|
2018-01-09 09:30:05 -05:00 |
|
Daniel J Walsh
|
64fe9d8cb1
|
Allow container runtimes to use interited terminals. This helps
satisfy the bounds check of container_t versus container_runtime_t.
|
2018-01-08 08:41:05 -05:00 |
|
Daniel J Walsh
|
98e715e396
|
Allow container runtimes to mmap container_file_t devices
Add labeling for rhel push plugin
|
2018-01-06 07:34:20 -05:00 |
|
Daniel J Walsh
|
aaa91fd2cc
|
Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/container-selinux
|
2017-12-12 13:11:36 +00:00 |
|
Daniel J Walsh
|
e0502dafa3
|
Allow containers to use inherited ttys
Allow ostree to handle labels under /var/lib/containers/ostree
|
2017-12-12 13:11:14 +00:00 |
|
Lokesh Mandvekar
|
0ce8700159
|
remove git from builddep
can't find git in the module ecosystem and git isn't critical for
package build.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
2017-12-03 21:38:21 -05:00 |
|
Daniel J Walsh
|
7f79cfab64
|
Allow containers to relabelto/from all file types to container_file_t
|
2017-11-27 14:57:52 +00:00 |
|
Daniel J Walsh
|
751a4e3fee
|
Allow container to map chr_files labeled container_file_t
|
2017-11-27 14:43:49 +00:00 |
|
Daniel J Walsh
|
8ed545a6c5
|
Allow container to map chr_files labeled container_file_t
|
2017-11-27 13:21:48 +00:00 |
|
Daniel J Walsh
|
4e9b7c333a
|
Dontaudit container processes getattr on kernel file systems
|
2017-11-22 15:35:20 +00:00 |
|
Daniel J Walsh
|
cc32bab0b3
|
Allow containers to read /etc/resolv.conf and /etc/hosts if volume
mounted into container.
|
2017-11-19 11:41:27 +00:00 |
|
Daniel J Walsh
|
be0a39a792
|
Make sure users creating content in /var/lib with right labels
|
2017-11-08 21:10:33 +00:00 |
|
Daniel J Walsh
|
31963a3bb5
|
Allow the container runtime to dbus chat with dnsmasq
add dontaudit rules for container trying to write to /proc
|
2017-10-26 11:38:02 +00:00 |
|
Daniel J Walsh
|
b99f18b8ce
|
Add support for lxcd
Add support for labeling of tmpfs storage created within a container.
|
2017-10-10 16:17:55 +00:00 |
|
Daniel J Walsh
|
ecb1760cbb
|
Allow a container to umount a container_file_t filesystem
|
2017-10-09 13:29:39 +00:00 |
|
Daniel J Walsh
|
5a61b6808a
|
Allow container runtimes to work with the netfilter sockets
Allow container_file_t to be an entrypoint for VM's
Allow spc_t domains to transition to svirt_t
|
2017-10-04 09:10:48 +00:00 |
|
Daniel J Walsh
|
c6e706af6d
|
Make sure container_runtime_t has all access of container_t
|
2017-09-22 11:08:40 +00:00 |
|
Daniel J Walsh
|
b74f4a298b
|
Allow container runtimes to create sockets in tmp dirs
|
2017-09-07 08:43:48 +00:00 |
|
Daniel J Walsh
|
1aad223080
|
Add additonal support for crio labeling.
|
2017-09-05 20:40:09 +00:00 |
|
Troy Dawson
|
9a3633bb6b
|
Fixup spec file conditionals
|
2017-08-14 13:16:08 -07:00 |
|
Fedora Release Engineering
|
5cb66e7ed3
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
2017-07-26 05:26:19 +00:00 |
|
Daniel J Walsh
|
bb6875d358
|
Allow containers to execmod on container_share_t files.
|
2017-07-11 17:36:41 +00:00 |
|