Commit Graph

Select branches

Hide Pull Requests

RHEL-1.12

RHEL7.5

fedora

main

mls

rhaos-maint

rhel-1.10

userns

#1

#102

#105

#108

#110

#112

#116

#117

#118

#120

#121

#122

#123

#124

#126

#127

#128

#13

#137

#138

#139

#140

#143

#146

#148

#151

#153

#154

#156

#157

#16

#162

#163

#165

#166

#17

#173

#177

#178

#181

#184

#185

#189

#19

#192

#193

#194

#196

#199

#2

#20

#200

#204

#206

#208

#209

#21

#212

#213

#214

#215

#216

#217

#218

#219

#220

#222

#223

#224

#225

#226

#228

#229

#230

#232

#233

#235

#236

#237

#238

#24

#240

#241

#242

#243

#246

#247

#248

#249

#25

#250

#251

#253

#254

#255

#256

#258

#259

#26

#26

#260

#261

#264

#265

#266

#267

#268

#271

#272

#275

#276

#277

#278

#279

#28

#280

#281

#284

#285

#286

#287

#288

#289

#29

#29

#290

#291

#292

#294

#295

#296

#297

#298

#299

#30

#300

#301

#302

#303

#304

#305

#306

#307

#308

#309

#31

#310

#311

#312

#313

#314

#315

#316

#317

#318

#319

#320

#321

#323

#324

#325

#326

#327

#328

#329

#33

#330

#332

#333

#335

#336

#337

#338

#339

#340

#341

#342

#343

#344

#345

#346

#348

#350

#352

#353

#354

#355

#356

#357

#358

#359

#36

#360

#361

#362

#363

#364

#365

#367

#368

#369

#369

#37

#370

#371

#372

#373

#374

#378

#378

#38

#380

#381

#383

#383

#384

#386

#387

#388

#388

#39

#4

#40

#41

#42

#47

#47

#49

#49

#5

#5

#50

#53

#54

#56

#59

#62

#64

#65

#66

#69

#7

#7

#70

#72

#74

#76

#8

#80

#82

#84

#85

#87

#88

#9

#9

#90

#95

#98

2.119.0

2.156.0

2.165.0

2.170.0

2.217.0

2.231.0

2.24.0

V2.57

v1.121.0

v1.124.0

v1.150.0

v1.152.0

v2.0

v2.1

v2.10

v2.109.0

v2.117.0

v2.119.0

v2.122.0

v2.123.0

v2.124.0

v2.125.0

v2.125.1

v2.125.2

v2.126.0

v2.127.0

v2.128.0

v2.129.0

v2.130.0

v2.131.0

v2.132.0

v2.134.0

v2.135.0

v2.137.0

v2.138.0

v2.139.0

v2.140.0

v2.141.0

v2.142.0

v2.143.0

v2.144.0

v2.145.0

v2.150.0

v2.151.0

v2.152.0

v2.153.0

v2.154.0

v2.155.0

v2.156.0

v2.158.0

v2.159.0

v2.160.0

v2.160.1

v2.160.2

v2.161.0

v2.161.1

v2.162.0

v2.162.1

v2.162.2

v2.163.0

v2.164.0

v2.164.1

v2.164.2

v2.165.0

v2.165.1

v2.167.0

v2.168.0

v2.169.0

v2.170.0

v2.171.0

v2.172.0

v2.172.1

v2.173.0

v2.173.1

v2.173.2

v2.174.0

v2.175.0

v2.176.0

v2.177.0

v2.178.0

v2.179.0

v2.179.1

v2.180.0

v2.181.0

v2.182.0

v2.183.0

v2.186.0

v2.187.0

v2.188.0

v2.189.0

v2.190.0

v2.190.1

v2.191.0

v2.193.0

v2.194.0

v2.195.0

v2.195.1

v2.197.0

v2.198.0

v2.199.0

v2.2

v2.200.0

v2.201.0

v2.202.0

v2.203.0

v2.204.0

v2.205.0

v2.206.0

v2.208.0

v2.209.0

v2.210.0

v2.211.0

v2.211.1

v2.213.0

v2.215.0

v2.216.0

v2.217.0

v2.218.0

v2.219.0

v2.220

v2.221

v2.221.0

v2.221.1

v2.222.0

v2.223.0

v2.224.0

v2.226.0

v2.227.0

v2.228.0

v2.228.1

v2.229.0

v2.229.1

v2.230.0

v2.231.0

v2.232.0

v2.232.1

v2.233.0

v2.234.1

v2.234.2

v2.235.0

v2.236.0

v2.237.0

v2.238.0

v2.239.0

v2.3

v2.38

v2.39.0

v2.4

v2.40

v2.40.0

v2.41.0

v2.43.0

v2.44

v2.45

v2.46.0

v2.48

v2.5

v2.57

v2.58

v2.59

v2.6

v2.60

v2.61

v2.65.0

v2.7

v2.8

v2.9

Mono Color

• c1fad62fb2 Allow containers to show IPC information using `ipcs` Filipe Brandenburger 2018-01-24 11:02:36 -0800
• dfcc97d9c6 Allow containers to map the container_runtime_t fifo_files leaked into the container v2.43.0 Daniel J Walsh 2018-01-22 09:34:38 -0500
• 126c1c0cd4 Add typebounds for spc_t and svirt_lxc_net_t Daniel J Walsh 2018-01-18 08:50:39 -0500
• d148550d8c Allow unconfined domains to transition to container types when no-new-privs Daniel J Walsh 2018-01-16 13:52:09 -0500
• c069765390 No longer need entrypoint calls since we are using nnp_transition rules Daniel J Walsh 2018-01-11 06:17:44 -0500
• 231b213555 Remove typebounds checking. Now we use nnp_transition v2.41.0 Daniel J Walsh 2018-01-09 11:03:48 -0500
• 0422c80dfb Fix type bounds rules Daniel J Walsh 2018-01-09 10:20:35 -0500
• 599072a930 Allow container_runtime_t to use user ptys v2.40.0 v2.40 Daniel J Walsh 2018-01-09 09:25:52 -0500
• df0c3358c6 Allow container_runtime_t to open and use user ptys Daniel J Walsh 2018-01-09 09:21:09 -0500
• de85c94ff2 Allow container runtimes to use inherited ttys Daniel J Walsh 2018-01-08 08:45:50 -0500
• 96e58bf7fd Allow container runtimes to use inherited ttys v2.39.0 Daniel J Walsh 2018-01-08 08:35:59 -0500
• 8b2b11958c Merge in changes from upstream Daniel J Walsh 2018-01-06 08:16:09 -0500
• 26c642ae12 Allow container runtimes to mmap container_file_t devices v2.38 Daniel J Walsh 2018-01-06 07:26:34 -0500
• 8ba32a4fd3 Allow containers to use inherited terminals. Daniel J Walsh 2017-12-12 08:06:30 -0500
• ba225397da Allow containers to use inherted ttys Daniel J Walsh 2017-12-01 14:16:56 +0000
• ff95335b4b Allow containers to relabelfrom/to container_file_t all file classes Daniel J Walsh 2017-11-28 13:36:50 +0000
• d985665b81 Allow container domains all file types relabelfrom/to container_file_t Daniel J Walsh 2017-11-27 14:55:55 +0000
• f9a30e8011 Allow containers to map container_file_t chr_file Daniel J Walsh 2017-11-27 13:17:30 +0000
• 6e97cb37eb Dontaudit gettattr on file systems Daniel J Walsh 2017-11-22 10:32:46 -0500
• 7fe0136a94 Dontaudit gettattr on file systems Daniel J Walsh 2017-11-22 10:30:16 -0500
• 0b666c4f14 Allow containers to read /etc/resolv.conf volume mounted in from the host Daniel J Walsh 2017-11-19 11:35:54 +0000
• 86f33cdfe0 Allow containers to read volume mounted in content labeled net_conf_t Daniel J Walsh 2017-11-19 06:21:09 -0500
• b430a71a44 Make sure users creating content in /var/lib with right labels Daniel J Walsh 2017-11-08 21:07:53 +0000
• fe1124b7a4 Make sure users creating content in /var/lib with right labels Daniel J Walsh 2017-11-08 21:06:58 +0000
• 47e0448a47 Allow the container runtime to dbus chat with dnsmasq Daniel J Walsh 2017-10-26 04:33:29 -0700
• bed43e85ff Allow the container runtime to dbus chat with dnsmasq Daniel J Walsh 2017-10-26 04:31:53 -0700
• 0d05a629fd add dontaudit rules for container trying to write to /proc Daniel J Walsh 2017-10-11 17:21:09 +0000
• 7f2de1af7c Don'd audit attempts to write to /proc Daniel J Walsh 2017-10-11 13:07:39 -0400
• 2798fb51ce Transition tmpfs content created by container to svirt_sandbox_file_t Daniel J Walsh 2017-10-10 10:18:18 -0400
• 0620186b73 Merge pull request #42 from Conan-Kudo/lxd-support Daniel J Walsh 2017-10-10 12:11:23 -0400
• 3750be3718 Allow a container to create tmpfs files labeled container_file_t Daniel J Walsh 2017-10-10 10:20:20 -0400
• 85ce14731c Update to 2.28 Daniel J Walsh 2017-10-09 09:04:34 -0400
• de38c07f35 Allow a container to umount a container_file_t filesystem Daniel J Walsh 2017-10-09 12:56:27 +0000
• e37e93dbe6 Allow container runtimes to work with the netfilter sockets Daniel J Walsh 2017-10-04 05:04:02 -0400
• 865f49d465 Allow libvirt running in a spc container to launch svirt vms Daniel J Walsh 2017-09-28 08:45:27 -0400
• 23b2e0b167 Allow container_file_t to be an entrypoint for VM's Daniel J Walsh 2017-09-27 10:56:30 -0400
• efaffbd8fa Allow spc_t domains to trransition to svirt_t Daniel J Walsh 2017-09-26 16:10:07 -0400
• 1b03ba3fd8 Add support for LXD Neal Gompa 2017-09-26 12:39:33 -0400
• aeff029dd6 Merge pull request #41 from lsm5/RHEL-1.12-2.24 Daniel J Walsh 2017-09-26 11:00:56 -0400
• 6fc0c6dfb6 Make sure container_runtime_t has all access of container_t Daniel J Walsh 2017-09-22 11:03:53 +0000
• a9260d44ec Make sure container_runtime_t has all access of container_t 2.24.0 Daniel J Walsh 2017-09-22 11:03:53 +0000
• 4074d9f979 Allow container runtime to create socket files in tmp directories Daniel J Walsh 2017-09-07 04:38:39 -0400
• 81ff96c3e1 Allow container runtime to create socket files in tmp directories Daniel J Walsh 2017-09-07 04:37:10 -0400
• 58324f3026 Add additional labels for containers storage Daniel J Walsh 2017-09-05 20:37:46 +0000
• 491bf756ec Add additional labels for containers storage Daniel J Walsh 2017-09-05 20:36:44 +0000
• ba103acc2c Add missing interface. Daniel J Walsh 2017-08-08 20:13:48 +0000
• 233bb1ed03 Allow iptables to read system state of the container runtime process Daniel J Walsh 2017-08-08 20:01:30 +0000
• 333854a550 Allow container processes to execmod on content labeled container_share_t Daniel J Walsh 2017-07-11 13:32:03 -0400
• c89e9b5e45 Allow container processes to execmod on container_share_t files. Daniel J Walsh 2017-07-11 13:27:21 -0400
• 532fa20f04 We should not be doing typebounds in RHEL yet. Daniel J Walsh 2017-07-08 06:15:03 -0400
• 288f4ad81c Add temporary rules to allow iptables to work with containers. Daniel J Walsh 2017-07-05 06:34:33 -0400
• c5fd77fc24 Allow container processes to getsession Daniel J Walsh 2017-06-30 11:49:09 -0400
• 43cc79929a Allow container processes to getsession Daniel J Walsh 2017-06-30 11:47:26 -0400
• b22d1515cb Add interface to allow the reading of the container runtime state Daniel J Walsh 2017-06-15 12:23:03 +0000
• 1f34237f9f General policy changes for RHEL7.4 Daniel J Walsh 2017-06-14 19:14:20 +0000
• a80afba083 Create new version for tunnel sockets Daniel J Walsh 2017-06-12 14:06:01 -0400
• d72cc6ddab Allow containers to create tunnel sockets. Daniel J Walsh 2017-06-12 13:13:37 -0400
• 5212fea857 Label content in /var/lib/contaienrs/storage/overlay* correctly Daniel J Walsh 2017-06-06 19:26:21 +0000
• ed3082b4d7 Don't range the container_runtime_t in targeted policy Daniel J Walsh 2017-06-05 16:05:44 -0400
• 9027f8e958 Bump to version 2.16.0 Daniel J Walsh 2017-06-01 17:43:12 -0400
• 38bd98f201 Merge pull request #40 from runcom/etc-crio Daniel J Walsh 2017-06-01 17:40:24 -0400
• 56ef1b4a69
  container.fc: label /etc/crio/... Antonio Murdaca 2017-05-19 15:41:57 +0200
• bb412f5c9e Merge e0d0d73a21 into c81ea2691f Lukáš Zapletal 2017-06-01 21:20:43 +0000
• 583ca403b7 Fix policy so it will build on RHEL7.3 Daniel J Walsh 2017-05-31 14:04:55 +0000
• eada5c5968 Update to lates upstream for RHEL policy Daniel J Walsh 2017-05-31 13:22:52 +0000
• c81ea2691f Bumb Version to 2.15 Daniel J Walsh 2017-05-31 08:15:04 -0400
• 1a02b84e02 Allow container types to read/write container_runtime fifo files Daniel J Walsh 2017-05-31 08:14:22 -0400
• aea2b9bc3c Allow a container runtime to mount on top of its own /proc Daniel J Walsh 2017-05-30 16:54:04 -0400
• 7a352715e6 comment out lines with cap_userns and cap2_userns Lokesh Mandvekar 2017-05-23 11:07:58 -0400
• c48c904ca1 Allow containers to be able to set namespaced SYCTLS Dan Walsh 2017-05-16 08:45:49 -0400
• 14f7c51001 Add labels for crio rename Dan Walsh 2017-05-19 07:02:56 -0400
• a38f3c725b Break container_t rules out to use a separate container_domain Dan Walsh 2017-05-16 10:18:54 -0400
• 173862acc5 Allow containers to be able to set namespaced SYCTLS Dan Walsh 2017-05-16 08:45:49 -0400
• e7096ce79b Merge pull request #39 from lsm5/RHEL-1.12 Daniel J Walsh 2017-05-09 09:25:44 -0400
• 90386fd240 skip umount permission for class filesystem Lokesh Mandvekar 2017-05-09 09:21:45 -0400
• 14a50e338c comment out anything with cap_userns and cap2_userns Lokesh Mandvekar 2017-05-09 09:10:06 -0400
• b6c26da9ad Merge pull request #38 from lsm5/rhel Daniel J Walsh 2017-05-09 08:43:35 -0400
• 92d09a5960 s/container_t/svirt_lxc_net_t/g Lokesh Mandvekar 2017-05-08 11:12:18 -0400
• 567c3d2288 Merge pull request #37 from eparis/1445226-fuse-execute Eric Paris 2017-05-04 10:45:29 -0400
• cbe7c51059 Allow sandbox containers manage fuse files. Lukas Vrabec 2017-05-03 09:40:40 -0400
• 781bf81b7c Merge pull request #36 from wrabcak/master Eric Paris 2017-05-04 10:31:47 -0400
• ee260f3f26 Allow sandbox containers manage fuse files. Lukas Vrabec 2017-05-03 09:40:40 -0400
• a68dc2fbee Fixes to make container_runtimes work on MLS machines Daniel J Walsh 2017-04-26 08:20:18 -0400
• e9f5e63089 Allow handling of mount/umount container_file_t filesystems Daniel J Walsh 2017-04-10 14:39:48 -0400
• bf46ff72ad Bump version to allow handling of container_file_t filesystems Daniel J Walsh 2017-04-10 14:32:28 -0400
• d2152618bd Allow containers to mount, remount and umount container_file_t file systems Daniel J Walsh 2017-04-10 14:31:48 -0400
• 7400ac6a42 Update container-selinux version rhatdan 2017-04-10 10:09:22 -0400
• 40fb2fa078 Fixes to handle cap_userns rhatdan 2017-04-10 10:08:30 -0400
• c41f49243b Move spec file into a contrib subdir Daniel J Walsh 2017-03-13 09:10:21 -0400
• 7a17443e9f Fix missing interfaces from RHEL builds Daniel J Walsh 2017-03-06 14:00:09 -0500
• 393cac4ffa Bump RHEL branch to V2.10 Daniel J Walsh 2017-03-06 09:39:20 -0500
• 0060598655 Add fixes from master to RHEL branch Daniel J Walsh 2017-03-06 09:34:23 -0500
• c1fd4917ad Merge pull request #33 from joshwget/xfrm-sockets Daniel J Walsh 2017-03-06 09:04:57 -0500
• 3c7c4350fc Allow spc_t to dbus chat with init system Daniel J Walsh 2017-03-06 08:50:54 -0500
• 254d8ea483
  Give container_t access to XFRM sockets Josh Curl 2017-03-05 17:30:10 -0800
• 8f8caa66c1 Bump to v2.10 v2.10 Daniel J Walsh 2017-02-28 13:41:51 -0500
• c9829f9ea1 Allow containers to read cgroup configuration mounted into a container Daniel J Walsh 2017-02-28 13:41:15 -0500
• 4e082db3d7 Additional rules to allow a container runtime to run with unconfined disabled Daniel J Walsh 2017-02-28 13:40:35 -0500
• 132fee405e container_runtime_t Rules needed to work with unconfined module disabled. Daniel J Walsh 2017-02-27 09:47:01 -0500
• 46648d73b0 Label files under /usr/libexec/lxc as container_runtime_exec_t Daniel J Walsh 2017-02-24 10:25:08 -0500