SELinux policy configuration
Go to file
Lukas Vrabec 66791f96f6 * Tue Oct 27 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-156
- Allow fail2ban-client to execute ldconfig. #1268715
- Add interface virt_sandbox_domain()
- Use mmap_file_perms instead of exec_file_perms in setroubleshoot policy to shave off the execute_no_trans permission. Based on a github communication with Dominick Grift.
-all userdom_dontaudit_user_getattr_tmp_sockets instead() of usedom_dontaudit_user_getattr_tmp_sockets().
- Rename usedom_dontaudit_user_getattr_tmp_sockets() to userdom_dontaudit_user_getattr_tmp_sockets().
- Remove auth_login_pgm_domain(init_t) which has been added by accident.
- init_t needs to able to change SELinux identity because it is used as login_pgm domain because of systemd-user and PAM. It allows security_compute_user() returns a list of possible context and then a correct default label is returned by "selinux.get_default_context(sel_user,fromcon)" defined in the policy user config files.
- Add interface auth_use_nsswitch() to systemd_domain_template.
- Revert "auth_use_nsswitch can be used with attribute systemd_domain."
- auth_use_nsswitch can be used with attribute systemd_domain.
- ipsec: fix stringSwan charon-nm
- docker is communicating with systemd-machined
- Add missing systemd_dbus_chat_machined, needed by docker
2015-10-27 14:23:44 +01:00
.gitignore - Update to upstream 2011-01-17 18:42:12 +00:00
booleans-minimum.conf - Turn on execstack on a temporary basis (#512845) 2009-08-07 19:36:54 +00:00
booleans-mls.conf Make rawhide == f18 2012-12-17 17:21:00 +01:00
booleans-targeted.conf Make rawhide == f18 2012-12-17 17:21:00 +01:00
booleans.subs_dist * Tue Apr 8 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-45 2014-04-08 11:35:12 +02:00
config.tgz Update config.tgz to reflect changes in default context for SELinux users related to pam_selinux.so which is now used in systemd-users. 2015-09-17 08:34:47 +02:00
COPYING remove extra level of directory 2006-07-12 20:32:27 +00:00
customizable_types svirt_sandbox_file_t should be in customizable_types 2014-04-11 15:09:33 -04:00
docker-selinux.tgz * Tue Oct 27 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-156 2015-10-27 14:23:44 +01:00
file_contexts.subs_dist Label genrator.late correctly 2014-09-21 07:36:03 -04:00
make-rhat-patches.sh Update make-rhat-patches.sh to avoid git-checkout for patches creation. 2015-10-23 11:06:11 +02:00
Makefile - Add sepgsql_contexts file 2011-01-18 10:28:56 +00:00
Makefile.devel Hard code to MLSENABLED 2011-08-22 16:30:20 -04:00
manpages_html.tgz Fix for Replace generating man/html pages with pages from actual build. This is due to broken userspace with python3 in F23/Rawhide. Please Revert when userspace will be fixed. 2015-08-04 00:25:37 +02:00
manpages_man.tgz Fix for Replace generating man/html pages with pages from actual build. This is due to broken userspace with python3 in F23/Rawhide. Please Revert when userspace will be fixed. 2015-08-04 00:25:37 +02:00
modules-minimum.conf - More access needed for devicekit 2010-08-30 11:58:36 -04:00
modules-mls-base.conf Add fixes for selinux-policy packages to reflect the latest changes related to policy module store migration. 2015-07-16 09:10:21 +02:00
modules-mls-contrib.conf Add fixes for selinux-policy packages to reflect the latest changes related to policy module store migration. 2015-07-16 09:10:21 +02:00
modules-targeted-base.conf Activate kdbus.pp 2015-08-03 17:47:45 +02:00
modules-targeted-contrib.conf Set recently created domains as permissive for testing period. Enable new ipmievd domain. #1241453 2015-10-15 13:40:32 +02:00
modules-targeted.conf We should not build vbetool anylonger 2014-10-12 07:15:24 -04:00
permissivedomains.cil Added also pkcs11proxyd domains to permissivedomains. 2015-10-15 13:42:05 +02:00
policy-rawhide-base-cockpit.patch - Allow systemd-networkd to be running as dhcp client. 2014-10-17 10:12:44 +02:00
policy-rawhide-base.patch * Tue Oct 27 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-156 2015-10-27 14:23:44 +01:00
policy-rawhide-contrib.patch * Tue Oct 27 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-156 2015-10-27 14:23:44 +01:00
securetty_types-minimum - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-mls - Update to upstream 2010-03-18 15:47:35 +00:00
securetty_types-targeted - Update to upstream 2010-03-18 15:47:35 +00:00
selinux-policy.conf We need to setcheckreqprot to 0 for security purposes 2015-04-16 14:00:38 -04:00
selinux-policy.spec * Tue Oct 27 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-156 2015-10-27 14:23:44 +01:00
setrans-minimum.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
setrans-mls.conf - Multiple policy fixes 2006-09-19 14:59:46 +00:00
setrans-targeted.conf - Update to Latest upstream 2009-03-03 20:10:30 +00:00
seusers - Fix cron jobs to run under the correct context 2006-09-21 23:05:49 +00:00
sources Fix config.tgz to include lxc_contexts and systemd_contexts 2013-11-14 11:05:22 -05:00
users-minimum - Move users file to selection by spec file. 2010-01-12 13:36:10 +00:00
users-mls - Move users file to selection by spec file. 2010-01-11 22:06:55 +00:00
users-targeted - Move users file to selection by spec file. 2010-01-12 13:36:10 +00:00