proj/hardened-refpolicy.git - Gentoo Hardened SELinux reference policy implementation

	Commit message (Expand)	Author	Age	Files	Lines
...
*	systemd: label systemd-pcrlock as systemd-pcrphase	Kenton Groombridge	2024-03-01	1	-0/+1
*	kubernetes: fix kubelet accounting	Kenton Groombridge	2024-03-01	2	-0/+65
*	container, kubernetes: allow kubernetes to use fuse-overlayfs	Kenton Groombridge	2024-03-01	4	-0/+49
*	systemd: add policy for systemd-machine-id-setup	Kenton Groombridge	2024-03-01	2	-0/+29
*	init, systemd: allow systemd-pcrphase to write TPM measurements	Kenton Groombridge	2024-03-01	2	-0/+106
*	container: add filecons for rook-ceph	Kenton Groombridge	2024-03-01	1	-0/+3
*	kernel: dontaudit read fixed disk devices	Kenton Groombridge	2024-03-01	1	-0/+4
*	container, kubernetes: add support for rook-ceph	Kenton Groombridge	2024-03-01	8	-3/+237
*	fstools: allow reading container device blk files	Kenton Groombridge	2024-03-01	2	-0/+22
*	fstools: allow fsadm to ioctl cgroup dirs	Kenton Groombridge	2024-03-01	1	-0/+2
*	mount: make mount_runtime_t a kubernetes mountpoint	Kenton Groombridge	2024-03-01	1	-0/+4
*	udev: fix for systemd-udevd	Yi Zhao	2024-03-01	1	-1/+1
*	systemd: allow systemd-rfkill to getopt from uevent sockets	Yi Zhao	2024-03-01	1	-1/+1
*	systemd: allow systemd-hostnamed to read machine-id and localization files	Yi Zhao	2024-03-01	1	-0/+3
*	Resolve error when cockpit initiate shutdown	Dave Sugar	2024-03-01	3	-1/+5
*	Fix password changing from cockpit login screen	Dave Sugar	2024-03-01	1	-0/+1
*	Denial during cockpit use	Dave Sugar	2024-03-01	1	-0/+2
*	Additional access for systemctl	Dave Sugar	2024-03-01	1	-0/+2
*	Add watches	Dave Sugar	2024-03-01	3	-0/+61
*	Add dontaudit to quiet down a bit	Dave Sugar	2024-03-01	4	-0/+101
*	Allow key manipulation	Dave Sugar	2024-03-01	1	-0/+4
*	admin can read/write web socket	Dave Sugar	2024-03-01	1	-0/+39
*	This works instead of allow exec on user_tmpfs_t!	Dave Sugar	2024-03-01	2	-0/+46
*	This seems important for administrative access	Dave Sugar	2024-03-01	1	-0/+1
*	Signal during logout	Dave Sugar	2024-03-01	2	-0/+19
*	The L+ tmpfiles option needs to read the symlink	Dave Sugar	2024-03-01	1	-1/+1
*	Allow sudo dbus chat w/sysemd-logind	Dave Sugar	2024-03-01	2	-1/+2
*	cockpit ssh as user	Dave Sugar	2024-03-01	2	-0/+41
*	allow system --user to execute systemd-tmpfiles in <user>_systemd_tmpfiles_t ...	Dave Sugar	2024-03-01	1	-1/+28
*	Fix denial while cleaning up pidfile symlink	Dave Sugar	2024-03-01	1	-1/+1
*	SELinux policy for cockpit	Dave Sugar	2024-03-01	6	-0/+494
*	kernel: allow delete and setattr on generic SCSI and USB devices	Kenton Groombridge	2024-03-01	3	-0/+44
*	su: various fixes	Kenton Groombridge	2024-03-01	1	-2/+13
*	zfs: dontaudit net_admin capability by zed	Kenton Groombridge	2024-03-01	1	-0/+1
*	zed: allow managing /etc/exports.d/zfs.exports	Kenton Groombridge	2024-03-01	2	-0/+24
*	rpc: add filecon for /etc/exports.d	Kenton Groombridge	2024-03-01	1	-0/+1
*	systemd: allow networkd to use netlink netfilter sockets	Kenton Groombridge	2024-03-01	1	-0/+1
*	systemd: fixes for systemd-pcrphase	Kenton Groombridge	2024-03-01	3	-0/+25
*	init: allow all daemons to write to init runtime sockets	Kenton Groombridge	2024-03-01	1	-0/+3
*	udev: allow reading kernel fs sysctls	Kenton Groombridge	2024-03-01	1	-0/+2
*	init, systemd: label systemd-executor as init_exec_t	Kenton Groombridge	2024-03-01	2	-0/+4
*	Needed to allow environment variable to process started (for cockpit)	Dave Sugar	2024-03-01	1	-0/+1
*	devicedisk: reorder optional block	Christian Göttsche	2024-03-01	1	-4/+4
*	systemd: reorder optional block	Christian Göttsche	2024-03-01	1	-4/+4
*	SELint userspace class tweaks	Christian Göttsche	2024-03-01	11	-18/+32
*	xguest ues systemd --user	Dave Sugar	2024-03-01	1	-0/+4
*	Firewalld need to relabel direct.xml file	Dave Sugar	2024-03-01	1	-1/+1
*	init: only grant getattr in init_getattr_generic_units_files()	Christian Göttsche	2024-03-01	2	-2/+2
*	kubernetes: allow container engines to mount on DRI devices if enabled	Kenton Groombridge	2024-03-01	2	-0/+22
*	container, kubernetes: add support for cilium	Kenton Groombridge	2024-03-01	6	-2/+226