aboutsummaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* github: Only test hardened-refpolicy on distro gentooHEAD2.20240916-r1masterJason Zaman12 days2-2/+2
* Merge upstreamJason Zaman12 days1-1/+1
* Update Changelog and VERSION for release 2.20240916.Chris PeBenito12 days2-1/+137
* Update mysql.fcnisbet-hubbard12 days1-0/+1
* Additional permissions when fapolicyd.conf more strictDave Sugar12 days3-1/+64
* systemd: allow systemd-hostnamed to read vsock deviceYi Zhao12 days1-0/+1
* systemd: fix policy for systemd-ssh-generatorYi Zhao12 days1-0/+9
* devices: add label vsock_device_t for /dev/vsockYi Zhao12 days3-0/+61
* systemd: add policy for systemd-nsresourcedYi Zhao12 days7-0/+79
* systemd: allow system --user to create netlink_route_socketYi Zhao12 days1-0/+2
* systemd: allow systemd-networkd to manage sock files under /run/systemd/netifYi Zhao12 days1-0/+1
* systemd: set context to systemd_networkd_var_lib_t for /var/lib/systemd/networkYi Zhao12 days2-0/+8
* Allow interactive user terminal output for the NetLabel management tool.Guido Trentalancia12 days1-0/+2
* bluetooth: Move line.Chris PeBenito12 days1-3/+2
* Adding SE Policy rules to allow usage of unix stream sockets by dbus and blue...Naga Bhavani Akella12 days3-0/+26
* kubernetes: allow kubelet to connect all TCP portsKenton Groombridge12 days1-3/+1
* container: allow reading generic certsKenton Groombridge12 days1-0/+1
* testing: add container_kvm_t to net admin exempt listKenton Groombridge12 days1-0/+1
* Makefile: drop duplicate quotesChristian Göttsche12 days1-2/+2
* various: rules required for DV manipulation in kubevirtKenton Groombridge12 days7-0/+48
* container: add container_kvm_t and supporting kubevirt rulesKenton Groombridge12 days1-1/+33
* iptables: allow reading container engine tmp filesKenton Groombridge12 days2-2/+23
* container: allow spc various rules for kubevirtKenton Groombridge12 days2-2/+29
* container, kubernetes: add supporting rules for kubevirt and multusKenton Groombridge12 days3-0/+50
* dbus: dontaudit session bus domains the netadmin capabilityKenton Groombridge12 days1-1/+1
* container: allow super privileged containers to manage BPF dirsKenton Groombridge12 days2-1/+19
* kubernetes: allow kubelet to create unlabeled dirsKenton Groombridge12 days2-0/+21
* haproxy: allow interactive usageKenton Groombridge12 days1-0/+4
* podman: allow managing init runtime unitsKenton Groombridge12 days1-0/+6
* iptables: allow reading usr filesKenton Groombridge12 days1-0/+1
* filesystem, devices: move gadgetfs to usbfs_tDmitry Sharshakov12 days2-1/+1
* systemd: make xdg optionalYi Zhao12 days1-2/+8
* sshd: label sshd-session as sshd_exec_tKenton Groombridge12 days1-0/+1
* Setting bluetooth helper domain for bluetoothctlNaga Bhavani Akella12 days2-0/+6
* Adding Sepolicy rules to allow pulseaudio to access bluetooth sockets.Raghavender Reddy Bujala12 days1-0/+2
* systemd: allow logind to use locallogin pidfdsKenton Groombridge12 days1-0/+4
* userdomain: allow administrative user to get attributes of shadow history fileYi Zhao12 days2-0/+20
* node_exporter: allow reading RPC sysctlsKenton Groombridge12 days1-0/+1
* asterisk: allow reading certbot libKenton Groombridge12 days1-0/+4
* postfix: allow postfix pipe to watch mail spoolKenton Groombridge12 days1-0/+1
* netutils: allow ping to read net sysctlsKenton Groombridge12 days1-0/+1
* node_exporter: allow reading localizationKenton Groombridge12 days1-0/+2
* container: allow containers to execute tmpfs filesKenton Groombridge12 days1-0/+1
* sysadm: make haproxy adminKenton Groombridge12 days1-0/+4
* haproxy: initial policyKenton Groombridge12 days3-0/+222
* init: use pidfds from local loginKenton Groombridge12 days2-0/+22
* dbus, init: add interface for pidfd usageKenton Groombridge12 days2-1/+20
* asterisk: allow watching spool dirsKenton Groombridge12 days1-0/+1
* su, sudo: allow sudo to signal all su domainsKenton Groombridge12 days3-2/+27
* sudo: allow systemd-logind to read cgroup state of sudoKenton Groombridge12 days1-0/+2