GitWeb
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Gentoo Repository
Repositories
Projects
Developer Overlays
User Overlays
Data
Websites
index
:
proj/hardened-refpolicy.git
concord-dev
mailinfra
master
secmodel
Gentoo Hardened SELinux reference policy implementation
Sven Vermeulen <swift@gentoo.org>
about
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
policy
Commit message (
Expand
)
Author
Age
Files
Lines
...
*
systemd: label systemd-pcrlock as systemd-pcrphase
Kenton Groombridge
2024-03-01
1
-0
/
+1
*
kubernetes: fix kubelet accounting
Kenton Groombridge
2024-03-01
2
-0
/
+65
*
container, kubernetes: allow kubernetes to use fuse-overlayfs
Kenton Groombridge
2024-03-01
4
-0
/
+49
*
systemd: add policy for systemd-machine-id-setup
Kenton Groombridge
2024-03-01
2
-0
/
+29
*
init, systemd: allow systemd-pcrphase to write TPM measurements
Kenton Groombridge
2024-03-01
2
-0
/
+106
*
container: add filecons for rook-ceph
Kenton Groombridge
2024-03-01
1
-0
/
+3
*
kernel: dontaudit read fixed disk devices
Kenton Groombridge
2024-03-01
1
-0
/
+4
*
container, kubernetes: add support for rook-ceph
Kenton Groombridge
2024-03-01
8
-3
/
+237
*
fstools: allow reading container device blk files
Kenton Groombridge
2024-03-01
2
-0
/
+22
*
fstools: allow fsadm to ioctl cgroup dirs
Kenton Groombridge
2024-03-01
1
-0
/
+2
*
mount: make mount_runtime_t a kubernetes mountpoint
Kenton Groombridge
2024-03-01
1
-0
/
+4
*
udev: fix for systemd-udevd
Yi Zhao
2024-03-01
1
-1
/
+1
*
systemd: allow systemd-rfkill to getopt from uevent sockets
Yi Zhao
2024-03-01
1
-1
/
+1
*
systemd: allow systemd-hostnamed to read machine-id and localization files
Yi Zhao
2024-03-01
1
-0
/
+3
*
Resolve error when cockpit initiate shutdown
Dave Sugar
2024-03-01
3
-1
/
+5
*
Fix password changing from cockpit login screen
Dave Sugar
2024-03-01
1
-0
/
+1
*
Denial during cockpit use
Dave Sugar
2024-03-01
1
-0
/
+2
*
Additional access for systemctl
Dave Sugar
2024-03-01
1
-0
/
+2
*
Add watches
Dave Sugar
2024-03-01
3
-0
/
+61
*
Add dontaudit to quiet down a bit
Dave Sugar
2024-03-01
4
-0
/
+101
*
Allow key manipulation
Dave Sugar
2024-03-01
1
-0
/
+4
*
admin can read/write web socket
Dave Sugar
2024-03-01
1
-0
/
+39
*
This works instead of allow exec on user_tmpfs_t!
Dave Sugar
2024-03-01
2
-0
/
+46
*
This seems important for administrative access
Dave Sugar
2024-03-01
1
-0
/
+1
*
Signal during logout
Dave Sugar
2024-03-01
2
-0
/
+19
*
The L+ tmpfiles option needs to read the symlink
Dave Sugar
2024-03-01
1
-1
/
+1
*
Allow sudo dbus chat w/sysemd-logind
Dave Sugar
2024-03-01
2
-1
/
+2
*
cockpit ssh as user
Dave Sugar
2024-03-01
2
-0
/
+41
*
allow system --user to execute systemd-tmpfiles in <user>_systemd_tmpfiles_t ...
Dave Sugar
2024-03-01
1
-1
/
+28
*
Fix denial while cleaning up pidfile symlink
Dave Sugar
2024-03-01
1
-1
/
+1
*
SELinux policy for cockpit
Dave Sugar
2024-03-01
6
-0
/
+494
*
kernel: allow delete and setattr on generic SCSI and USB devices
Kenton Groombridge
2024-03-01
3
-0
/
+44
*
su: various fixes
Kenton Groombridge
2024-03-01
1
-2
/
+13
*
zfs: dontaudit net_admin capability by zed
Kenton Groombridge
2024-03-01
1
-0
/
+1
*
zed: allow managing /etc/exports.d/zfs.exports
Kenton Groombridge
2024-03-01
2
-0
/
+24
*
rpc: add filecon for /etc/exports.d
Kenton Groombridge
2024-03-01
1
-0
/
+1
*
systemd: allow networkd to use netlink netfilter sockets
Kenton Groombridge
2024-03-01
1
-0
/
+1
*
systemd: fixes for systemd-pcrphase
Kenton Groombridge
2024-03-01
3
-0
/
+25
*
init: allow all daemons to write to init runtime sockets
Kenton Groombridge
2024-03-01
1
-0
/
+3
*
udev: allow reading kernel fs sysctls
Kenton Groombridge
2024-03-01
1
-0
/
+2
*
init, systemd: label systemd-executor as init_exec_t
Kenton Groombridge
2024-03-01
2
-0
/
+4
*
Needed to allow environment variable to process started (for cockpit)
Dave Sugar
2024-03-01
1
-0
/
+1
*
devicedisk: reorder optional block
Christian Göttsche
2024-03-01
1
-4
/
+4
*
systemd: reorder optional block
Christian Göttsche
2024-03-01
1
-4
/
+4
*
SELint userspace class tweaks
Christian Göttsche
2024-03-01
11
-18
/
+32
*
xguest ues systemd --user
Dave Sugar
2024-03-01
1
-0
/
+4
*
Firewalld need to relabel direct.xml file
Dave Sugar
2024-03-01
1
-1
/
+1
*
init: only grant getattr in init_getattr_generic_units_files()
Christian Göttsche
2024-03-01
2
-2
/
+2
*
kubernetes: allow container engines to mount on DRI devices if enabled
Kenton Groombridge
2024-03-01
2
-0
/
+22
*
container, kubernetes: add support for cilium
Kenton Groombridge
2024-03-01
6
-2
/
+226
[prev]
[next]