selinux-policy

rpms/selinux-policy

Fork 0

Commit Graph

Author	SHA1	Message	Date
Lukas Vrabec	66791f96f6	* Tue Oct 27 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-156 - Allow fail2ban-client to execute ldconfig. #1268715 - Add interface virt_sandbox_domain() - Use mmap_file_perms instead of exec_file_perms in setroubleshoot policy to shave off the execute_no_trans permission. Based on a github communication with Dominick Grift. -all userdom_dontaudit_user_getattr_tmp_sockets instead() of usedom_dontaudit_user_getattr_tmp_sockets(). - Rename usedom_dontaudit_user_getattr_tmp_sockets() to userdom_dontaudit_user_getattr_tmp_sockets(). - Remove auth_login_pgm_domain(init_t) which has been added by accident. - init_t needs to able to change SELinux identity because it is used as login_pgm domain because of systemd-user and PAM. It allows security_compute_user() returns a list of possible context and then a correct default label is returned by "selinux.get_default_context(sel_user,fromcon)" defined in the policy user config files. - Add interface auth_use_nsswitch() to systemd_domain_template. - Revert "auth_use_nsswitch can be used with attribute systemd_domain." - auth_use_nsswitch can be used with attribute systemd_domain. - ipsec: fix stringSwan charon-nm - docker is communicating with systemd-machined - Add missing systemd_dbus_chat_machined, needed by docker	2015-10-27 14:23:44 +01:00
Lukas Vrabec	0bd6f9778c	Add actual docker policy from docker-selinux repo.	2015-10-20 16:50:46 +02:00
Lukas Vrabec	fadb0d2542	docker policy files support	2015-10-20 16:26:28 +02:00

Author

SHA1

Message

Date

Lukas Vrabec

66791f96f6

* Tue Oct 27 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-156

- Allow fail2ban-client to execute ldconfig. #1268715
- Add interface virt_sandbox_domain()
- Use mmap_file_perms instead of exec_file_perms in setroubleshoot policy to shave off the execute_no_trans permission. Based on a github communication with Dominick Grift.
-all userdom_dontaudit_user_getattr_tmp_sockets instead() of usedom_dontaudit_user_getattr_tmp_sockets().
- Rename usedom_dontaudit_user_getattr_tmp_sockets() to userdom_dontaudit_user_getattr_tmp_sockets().
- Remove auth_login_pgm_domain(init_t) which has been added by accident.
- init_t needs to able to change SELinux identity because it is used as login_pgm domain because of systemd-user and PAM. It allows security_compute_user() returns a list of possible context and then a correct default label is returned by "selinux.get_default_context(sel_user,fromcon)" defined in the policy user config files.
- Add interface auth_use_nsswitch() to systemd_domain_template.
- Revert "auth_use_nsswitch can be used with attribute systemd_domain."
- auth_use_nsswitch can be used with attribute systemd_domain.
- ipsec: fix stringSwan charon-nm
- docker is communicating with systemd-machined
- Add missing systemd_dbus_chat_machined, needed by docker

2015-10-27 14:23:44 +01:00

Lukas Vrabec

0bd6f9778c

Add actual docker policy from docker-selinux repo.

2015-10-20 16:50:46 +02:00

Lukas Vrabec

fadb0d2542

docker policy files support

2015-10-20 16:26:28 +02:00

1 2

53 Commits