containers
/
container-selinux
mirror of https://github.com/containers/container-selinux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • f00d1f4ec8
         Re-add Drop some container interface from selinux-policy patch v2.129.0 Daniel J Walsh 2020-03-29 07:12:19 -0400
  • 3a21d67129
         Drop some container interface from selinux-policy Daniel J Walsh 2020-03-29 07:10:29 -0400
  • 363646ff75
         Allpw containers to use sctp ports v2.128.0 Daniel J Walsh 2020-03-29 07:07:30 -0400
  • 0d0be75726
         Drop some container interface from selinux-policy Lukas Vrabec 2020-03-28 15:52:36 +0100
  • 6caf15d854
         add missing rules for container_kvm_t v2.127.0 Daniel J Walsh 2020-03-27 08:37:04 -0400
  • 867a37749b
         Add container_init_t types to container policy v2.126.0 Daniel J Walsh 2020-03-26 09:16:37 -0400
  • ae0720d6ac
         Add container_contexts file and man page to be shipped with policy v2.125.2 Daniel J Walsh 2020-03-23 15:29:10 -0400
  • fde876b2d8
         Add container_contexts file to be shipped with policy v2.125.1 Daniel J Walsh 2020-03-23 15:03:45 -0400
  • b321ea4107
         Add policy for kata containers v2.125.0 Daniel J Walsh 2020-03-20 14:03:55 -0400
  • 5624558914
         Merge pull request #88 from TomSweeneyRedHat/coc Daniel J Walsh 2020-02-10 07:42:36 -0500
  • 132f93923e Add Code of Conduct TomSweeneyRedHat 2020-02-08 16:04:25 -0500
  • 9a1f11a8ff
         Create new SELinux policy for kubevirt project Lukas Vrabec 2020-01-29 12:54:48 +0100
  • f958d0cee4
         Allow systemd_logind_t to transition to container_runtime_t v2.124.0 v1.124.0 Daniel J Walsh 2019-12-11 12:13:15 -0500
  • 0b25a4a5f0
         Merge pull request #85 from zpytela/fb-spec-macros Daniel J Walsh 2019-11-29 06:47:19 -0500
  • 6ee4ce3cfc Use priority 200 for uninstalling the container module BZ(1777740) Zdenek Pytela 2019-11-28 12:19:44 +0100
  • 661a904580
         Bump version to trigger build v2.123.0 Daniel J Walsh 2019-11-25 10:31:36 -0500
  • b5c9e8b5cd
         Merge pull request #84 from zpytela/fb-container-ro Daniel J Walsh 2019-11-25 10:30:43 -0500
  • cbe1e7278c Change container_ro_file_t type statement to typealias Zdenek Pytela 2019-11-25 14:55:52 +0100
  • 4560dd4dbb
         Bump verion to v2.122.0 v2.122.0 Daniel J Walsh 2019-11-22 16:04:59 -0500
  • f69b9a4dd1
         Merge branch 'master' of github.com:containers/container-selinux Daniel J Walsh 2019-11-22 15:03:25 -0500
  • 67b024ddf8
         Make container_file_t a logging file Daniel J Walsh 2019-11-22 15:02:42 -0500
  • a233788873
         Merge pull request #82 from wrabcak/container_ro Daniel J Walsh 2019-11-19 05:29:53 -0800
  • a02c6f0d02
         New alias for container_share_t type Lukas Vrabec 2019-11-18 20:50:02 +0100
  • 1589288995
         Allow containers to listen on sctp_sockets v1.121.0 Daniel J Walsh 2019-11-13 22:46:00 -0500
  • bbc98bc26d
         Add boolean to support sctp sockets Lukas Vrabec 2019-11-11 10:41:53 +0100
  • 6fb6dcf0e4
         Add role to container_runtime_domain interface Daniel J Walsh 2019-11-06 14:27:08 -0500
  • e544d77116
         Add container_runtime_domain attribute Daniel J Walsh 2019-11-06 14:23:35 -0500
  • 2ecb2a86fb
         Remove VERSION file Daniel J Walsh 2019-10-27 04:19:44 -0400
  • a9e5b4617c
         move to 2.119.1-dev Daniel J Walsh 2019-10-27 04:18:33 -0400
  • c57a6f9dc5
         move to 2.119.1-dev Daniel J Walsh 2019-10-27 04:17:45 -0400
  • 46c7e70e6c
         Don't audit attempts by containers to set sysctls Daniel J Walsh 2019-10-24 11:56:49 -0400
  • b383f07f54
         Allow containers to use leaked pipes from user domains v2.119.0 2.119.0 Daniel J Walsh 2019-10-24 11:53:42 -0400
  • d07b69d30e
         Allow containers to use leaked pipes from user domains Daniel J Walsh 2019-10-24 11:52:39 -0400
  • 79bdcb5e74
         Dontaudit attempts by containers to write systectls Daniel J Walsh 2019-10-11 10:08:40 -0400
  • bfde70abea
         Bump a new version v2.117.0 Daniel J Walsh 2019-09-20 09:41:09 +0200
  • 2bc8648fb4
         Merge pull request #76 from giuseppe/add-crun Daniel J Walsh 2019-09-20 09:39:07 +0200
  • b62485aef5
         container.fc: label crun Giuseppe Scrivano 2019-09-20 09:29:42 +0200
  • c5ef5ac658
         Tighten policy on container_runtime_t transitioning to svirt_sandbox_domains Daniel J Walsh 2019-09-04 13:49:04 -0400
  • fddfbbb783
         Allow containers to execmod files on fusefs_t file systems Daniel J Walsh 2019-08-21 09:53:31 -0400
  • 42087be248
         Allow containers to execmod files on fusefs_t file systems Daniel J Walsh 2019-08-21 09:51:36 -0400
  • 8042f8ca64
         UPdate to match upstream Daniel J Walsh 2019-08-20 10:21:34 -0400
  • 028ab00496
         Allow containers to setattr on their processes link files Daniel J Walsh 2019-08-19 08:03:42 -0400
  • 4f7d6bb787
         We want to allow containers to do anything with the network Daniel J Walsh 2019-08-09 15:07:43 -0400
  • b68cf19f1c
         Allow containers to use fusefs_t entrypoint Daniel J Walsh 2019-08-08 17:15:51 -0400
  • 9a75deb315
         Dontaudit attempts to setattr on devicenodes. Daniel J Walsh 2019-07-17 22:25:47 -0400
  • 544d71ff87
         Merge pull request #74 from ashley-cui/readme Daniel J Walsh 2019-07-09 14:14:17 -0400
  • b5217c74ce SELinux policy documentation in README Ashley Cui 2019-07-09 13:20:09 -0400
  • 014f8664b9
         Dontaudit attempts to setattr on chr device nodes Daniel J Walsh 2019-07-09 08:39:47 -0400
  • c662497ae1
         Allow init_t to read container runtime files Daniel J Walsh 2019-07-09 07:52:51 -0400
  • 08282a866a
         Allow init_t to read container runtime files Daniel J Walsh 2019-07-09 07:51:37 -0400
  • 4d624e440d
         Allow containers to accept connections on all socket types Daniel J Walsh 2019-07-08 13:35:02 -0400
  • db771da271
         Allow containers to accept connections on all socket types v2.109.0 Daniel J Walsh 2019-07-08 13:33:43 -0400
  • a6c059aa1f
         Allow containers to coonect to gssproxy stream sockets if added to container Daniel J Walsh 2019-06-28 15:28:15 -0400
  • 0aa6e7ddb6
         Allow containers to coonect to gssproxy stream sockets if added to container Daniel J Walsh 2019-06-28 15:25:40 -0400
  • 871b7da9f7
         Bump to next version Daniel J Walsh 2019-06-14 07:58:35 -0400
  • 453b816c74
         Allow containers to manipulate Onload files. Daniel J Walsh 2019-06-14 07:56:39 -0400
  • 20536122cb
         Merge pull request #66 from gd-sfc/onloadfs Daniel J Walsh 2019-06-14 07:53:42 -0400
  • 1ea3f5ef9d Allow containers to manipulate Onload files. Gregor Dick 2019-03-12 16:32:28 +0000
  • fc7111d5a9
         Allow all unconfined domains to manage unlabeled keyrings Daniel J Walsh 2019-06-11 15:01:37 -0400
  • d551dfc390
         Allow unconfined domains to write to unlabeled_t keys Daniel J Walsh 2019-06-11 14:35:03 -0400
  • dcff55397d
         Bump up to latest version in master 2.105 Daniel J Walsh 2019-06-08 07:18:59 -0400
  • 6e069ebfa6
         Add labeling for kubernetes pods Daniel J Walsh 2019-06-08 07:13:57 -0400
  • 7baad79ed0
         Create new version with labeling for silverblue Daniel J Walsh 2019-06-03 06:48:49 +0200
  • 07852ca073
         Merge pull request #72 from mike-nguyen/srv_containers Daniel J Walsh 2019-06-03 00:47:46 -0400
  • 84227215a5 container.fc: label {var/srv,srv}/containers as container_file_t Michael Nguyen 2019-05-31 13:24:39 -0400
  • b275a1f887
         Add labels for /var/lib/containers/storage/volumes/*/* Daniel J Walsh 2019-05-17 16:26:49 -0400
  • 1c24dcb7f0
         Allow all container domains to be entered from container_file_t Daniel J Walsh 2019-05-12 06:48:12 -0400
  • b0061dc418
         Allow containers to read rpm cache files Daniel J Walsh 2019-05-02 16:01:49 -0400
  • 3b78187c6f
         Allow spc_t to create unlabeled_t keyrings Daniel J Walsh 2019-04-23 11:39:23 -0400
  • b13d03b706
         Merge fixes from upstream Daniel J Walsh 2019-04-23 08:20:23 -0400
  • 9a53d6c1b9
         Fix labeling on overlay-layers and overlay-images Daniel J Walsh 2019-04-22 16:49:59 -0400
  • a0c3116888
         Fix documentation on interface Daniel J Walsh 2019-04-20 06:23:21 -0400
  • ec20b4ad7f
         Merge pull request #70 from wrabcak/master Lukas Vrabec 2019-04-20 00:09:54 +0200
  • 82d4e20015
         Fix typo in container_manage_config_files() Lukas Vrabec 2019-04-20 00:07:27 +0200
  • aa7b8073fc
         Allow iptables domains to append to container_file_t Daniel J Walsh 2019-04-15 09:12:27 -0400
  • a6c98225aa
         Merge branch 'master' of github.com:containers/container-selinux Daniel J Walsh 2019-04-12 12:44:45 -0400
  • 7ba191a4b6
         Merge pull request #69 from wrabcak/master Lukas Vrabec 2019-04-12 18:29:51 +0200
  • ad5f6303c8
         Add container_manage_config_files() interface Lukas Vrabec 2019-04-12 18:24:47 +0200
  • da8c5746ea
         Allow containers to read/write sysctl_kernel_ns_last_pid_t Daniel J Walsh 2019-04-04 10:31:23 -0400
  • aeb7d8f3c1
         Remove systemd_dbus_chat_resolved line since this does not exist in rhel7 Daniel J Walsh 2019-04-02 17:49:28 -0400
  • e3ebc6845c
         Allow containers to manage fusefs sockets and named pipes Daniel J Walsh 2019-04-01 17:44:03 -0400
  • 698b6e2163
         Bump up to match upstream Daniel J Walsh 2019-04-01 13:49:51 -0400
  • 1e99f1d53a
         Allow init_t to manage container content files Daniel J Walsh 2019-03-28 07:49:25 -0400
  • 53cdfc3669
         Allow container domains to create fifo_files on fusefs file systems Daniel J Walsh 2019-03-28 07:13:21 -0400
  • bf9e3528d1
         Add boolean to allow containers to use ceph file systems Daniel J Walsh 2019-03-27 06:37:58 -0400
  • acc6941b2b
         Allow container runtimes to create unlabeled keyrings Daniel J Walsh 2019-03-26 08:12:33 -0400
  • 619db17b74
         Allow containers to use fuse file systems. Daniel J Walsh 2019-03-20 15:34:37 -0400
  • db3c78b86d
         Allow all container domains to have container file types entrypoint Daniel J Walsh 2019-03-08 14:56:22 -0500
  • 2521d0d608
         Allow all container domains to have container file types entrypoint Daniel J Walsh 2019-03-08 14:55:16 -0500
  • 9793d9f290
         Add dontaudit transition rules for container domains Daniel J Walsh 2019-03-06 10:01:22 -0500
  • 5c98b566cb
         Add new release to fix issues with udica Daniel J Walsh 2019-03-06 09:57:10 -0500
  • 2c1a2ab7c5
         Merge pull request #65 from wrabcak/dontaudit Daniel J Walsh 2019-03-05 13:13:02 -0500
  • 14cb4e56c6
         Dontaudit containers to inherit limits and signal state from container runtime. Lukas Vrabec 2019-03-05 17:32:09 +0100
  • 8615da4ae3
         Allow container_runtime_t to dyntransition to container domains Daniel J Walsh 2019-03-05 07:56:29 -0500
  • b9e1be42cd
         Allow unconfined user and service to dyntrans to container domains Daniel J Walsh 2019-03-05 07:55:30 -0500
  • f31a18efcd
         Allow containers to execute hugetlb files Daniel J Walsh 2019-03-05 07:54:12 -0500
  • 891a85fee0
         Allow container_runtime_t to dyntransition to container domains Daniel J Walsh 2019-03-01 09:20:12 -0500
  • c178849184
         Merge branch 'master' of github.com:containers/container-selinux Daniel J Walsh 2019-03-01 08:57:34 -0500
  • a2fc030964
         Allow unconfined user and service to dyntrans to container domains Daniel J Walsh 2019-03-01 08:56:17 -0500
  • 5dda903958
         Allow containers to execute hugetlb files Daniel J Walsh 2019-03-01 05:26:16 -0500