GitWeb
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Gentoo Repository
Repositories
Projects
Developer Overlays
User Overlays
Data
Websites
index
:
proj/hardened-refpolicy.git
concord-dev
mailinfra
master
secmodel
Gentoo Hardened SELinux reference policy implementation
Sven Vermeulen <swift@gentoo.org>
about
summary
refs
log
tree
commit
diff
log msg
author
committer
range
Commit message (
Expand
)
Author
Age
Files
Lines
*
github: Only test hardened-refpolicy on distro gentoo
HEAD
2.20240916-r1
master
Jason Zaman
12 days
2
-2
/
+2
*
Merge upstream
Jason Zaman
12 days
1
-1
/
+1
*
Update Changelog and VERSION for release 2.20240916.
Chris PeBenito
12 days
2
-1
/
+137
*
Update mysql.fc
nisbet-hubbard
12 days
1
-0
/
+1
*
Additional permissions when fapolicyd.conf more strict
Dave Sugar
12 days
3
-1
/
+64
*
systemd: allow systemd-hostnamed to read vsock device
Yi Zhao
12 days
1
-0
/
+1
*
systemd: fix policy for systemd-ssh-generator
Yi Zhao
12 days
1
-0
/
+9
*
devices: add label vsock_device_t for /dev/vsock
Yi Zhao
12 days
3
-0
/
+61
*
systemd: add policy for systemd-nsresourced
Yi Zhao
12 days
7
-0
/
+79
*
systemd: allow system --user to create netlink_route_socket
Yi Zhao
12 days
1
-0
/
+2
*
systemd: allow systemd-networkd to manage sock files under /run/systemd/netif
Yi Zhao
12 days
1
-0
/
+1
*
systemd: set context to systemd_networkd_var_lib_t for /var/lib/systemd/network
Yi Zhao
12 days
2
-0
/
+8
*
Allow interactive user terminal output for the NetLabel management tool.
Guido Trentalancia
12 days
1
-0
/
+2
*
bluetooth: Move line.
Chris PeBenito
12 days
1
-3
/
+2
*
Adding SE Policy rules to allow usage of unix stream sockets by dbus and blue...
Naga Bhavani Akella
12 days
3
-0
/
+26
*
kubernetes: allow kubelet to connect all TCP ports
Kenton Groombridge
12 days
1
-3
/
+1
*
container: allow reading generic certs
Kenton Groombridge
12 days
1
-0
/
+1
*
testing: add container_kvm_t to net admin exempt list
Kenton Groombridge
12 days
1
-0
/
+1
*
Makefile: drop duplicate quotes
Christian Göttsche
12 days
1
-2
/
+2
*
various: rules required for DV manipulation in kubevirt
Kenton Groombridge
12 days
7
-0
/
+48
*
container: add container_kvm_t and supporting kubevirt rules
Kenton Groombridge
12 days
1
-1
/
+33
*
iptables: allow reading container engine tmp files
Kenton Groombridge
12 days
2
-2
/
+23
*
container: allow spc various rules for kubevirt
Kenton Groombridge
12 days
2
-2
/
+29
*
container, kubernetes: add supporting rules for kubevirt and multus
Kenton Groombridge
12 days
3
-0
/
+50
*
dbus: dontaudit session bus domains the netadmin capability
Kenton Groombridge
12 days
1
-1
/
+1
*
container: allow super privileged containers to manage BPF dirs
Kenton Groombridge
12 days
2
-1
/
+19
*
kubernetes: allow kubelet to create unlabeled dirs
Kenton Groombridge
12 days
2
-0
/
+21
*
haproxy: allow interactive usage
Kenton Groombridge
12 days
1
-0
/
+4
*
podman: allow managing init runtime units
Kenton Groombridge
12 days
1
-0
/
+6
*
iptables: allow reading usr files
Kenton Groombridge
12 days
1
-0
/
+1
*
filesystem, devices: move gadgetfs to usbfs_t
Dmitry Sharshakov
12 days
2
-1
/
+1
*
systemd: make xdg optional
Yi Zhao
12 days
1
-2
/
+8
*
sshd: label sshd-session as sshd_exec_t
Kenton Groombridge
12 days
1
-0
/
+1
*
Setting bluetooth helper domain for bluetoothctl
Naga Bhavani Akella
12 days
2
-0
/
+6
*
Adding Sepolicy rules to allow pulseaudio to access bluetooth sockets.
Raghavender Reddy Bujala
12 days
1
-0
/
+2
*
systemd: allow logind to use locallogin pidfds
Kenton Groombridge
12 days
1
-0
/
+4
*
userdomain: allow administrative user to get attributes of shadow history file
Yi Zhao
12 days
2
-0
/
+20
*
node_exporter: allow reading RPC sysctls
Kenton Groombridge
12 days
1
-0
/
+1
*
asterisk: allow reading certbot lib
Kenton Groombridge
12 days
1
-0
/
+4
*
postfix: allow postfix pipe to watch mail spool
Kenton Groombridge
12 days
1
-0
/
+1
*
netutils: allow ping to read net sysctls
Kenton Groombridge
12 days
1
-0
/
+1
*
node_exporter: allow reading localization
Kenton Groombridge
12 days
1
-0
/
+2
*
container: allow containers to execute tmpfs files
Kenton Groombridge
12 days
1
-0
/
+1
*
sysadm: make haproxy admin
Kenton Groombridge
12 days
1
-0
/
+4
*
haproxy: initial policy
Kenton Groombridge
12 days
3
-0
/
+222
*
init: use pidfds from local login
Kenton Groombridge
12 days
2
-0
/
+22
*
dbus, init: add interface for pidfd usage
Kenton Groombridge
12 days
2
-1
/
+20
*
asterisk: allow watching spool dirs
Kenton Groombridge
12 days
1
-0
/
+1
*
su, sudo: allow sudo to signal all su domains
Kenton Groombridge
12 days
3
-2
/
+27
*
sudo: allow systemd-logind to read cgroup state of sudo
Kenton Groombridge
12 days
1
-0
/
+2
[next]