Commits on Nov 23, 2022

1. sec-policy/selinux-base: sync with gentoo …

   Commit-Ref: c9baed78f05f99338abd378e4338ff6d2a9a509d
   
   Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

   

   tormath1 committed Nov 23, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 5607def
   • Browse repository at this point

   Copy the full SHA

   5607def View commit details

   Browse the repository at this point in the history

2. sec-policy/selinux-base: apply flatcar patches …

   - removed non-used ebuilds
   - added patch for ping
   - run sshd (and child) as unconfined_t
   - add init.patch to allow execute_no_trans,map and exec from init to unconfined
   - add AVC patch for local login and journald
   
   Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

   

   tormath1 committed Nov 23, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for dc45dad
   • Browse repository at this point

   Copy the full SHA

   dc45dad View commit details

   Browse the repository at this point in the history

3. sec-policy/selinux-base-policy: sync with gentoo …

   Commit-Ref: c9baed78f05f99338abd378e4338ff6d2a9a509d
   
   Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

   

   tormath1 committed Nov 23, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 206dae9
   • Browse repository at this point

   Copy the full SHA

   206dae9 View commit details

   Browse the repository at this point in the history

4. sec-policy/selinux-base-policy: apply Flatcar patches …

   - remove non-used ebuilds
   - added a patch for ping
   - run sshd (and child) as unconfined_t
   - add init.patch to allow execute_no_trans,map and
   exec from init to unconfined
   - add AVC patch for local login and journald
   - enabled tunable_policy systemd_tmpfiles_manage_all
   
   Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

   

   tormath1 committed Nov 23, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 48b9eaf
   • Browse repository at this point

   Copy the full SHA

   48b9eaf View commit details

   Browse the repository at this point in the history

5. changelog: add entry …

   Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

   

   tormath1 committed Nov 23, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 2769e99
   • Browse repository at this point

   Copy the full SHA

   2769e99 View commit details

   Browse the repository at this point in the history

6. sec-policy/selinux-virt: remove this policy in favor of container …

   Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

   

   tormath1 committed Nov 23, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for dd1eff4
   • Browse repository at this point

   Copy the full SHA

   dd1eff4 View commit details

   Browse the repository at this point in the history

7. coreos-base/coreos: replace selinux-virt by selinux-container …

   Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

   

   tormath1 committed Nov 23, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 875dd39
   • Browse repository at this point

   Copy the full SHA

   875dd39 View commit details

   Browse the repository at this point in the history

8. coreos-base/coreos: add explicit selinux-dbus …

   Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

   

   tormath1 committed Nov 23, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 63d7975
   • Browse repository at this point

   Copy the full SHA

   63d7975 View commit details

   Browse the repository at this point in the history

9. sec-policy/selinux-container: new package …

   Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

   

   tormath1 committed Nov 23, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 42a0329
   • Browse repository at this point

   Copy the full SHA

   42a0329 View commit details

   Browse the repository at this point in the history

10. sec-policy/selinux-container: apply flatcar patch …

    - removed non-used ebuilds
    - add file context for torcx image
    
    Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

    

    tormath1 committed Nov 23, 2022
    Configuration menu

    • View commit details
    • Copy full SHA for 7f7a57a
    • Browse repository at this point

    Copy the full SHA

    7f7a57a View commit details

    Browse the repository at this point in the history

11. sys-apps/baselayout: bump commit ID …

    it pulls relabelling of some files
    
    Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

    

    tormath1 committed Nov 23, 2022
    Configuration menu

    • View commit details
    • Copy full SHA for 47099ae
    • Browse repository at this point

    Copy the full SHA

    47099ae View commit details

    Browse the repository at this point in the history

12. sys-libs/libsemanage: set correct label for semanage.conf …

    ```
    Jul 07 08:37:09 localhost audit[1363]: AVC avc:  denied  { getattr } for  pid=1363 comm="systemd-tmpfile" path="/etc/selinux/semanage.conf" dev="vda9" ino=27 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file permissive=1
    ```
    
    Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

    

    tormath1 committed Nov 23, 2022
    Configuration menu

    • View commit details
    • Copy full SHA for eeecb89
    • Browse repository at this point

    Copy the full SHA

    eeecb89 View commit details

    Browse the repository at this point in the history

13. profiles: build find with selinux support …

    Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

    

    tormath1 committed Nov 23, 2022
    Configuration menu

    • View commit details
    • Copy full SHA for 6557bfc
    • Browse repository at this point

    Copy the full SHA

    6557bfc View commit details

    Browse the repository at this point in the history

14. app-emulation/containerd: restorecon on /var/run/docker …

    otherwise it's keep the initrc_runtime_t label from the systemd unit
    and it leads to denials.
    
    Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

    

    tormath1 committed Nov 23, 2022
    Configuration menu

    • View commit details
    • Copy full SHA for b185bf3
    • Browse repository at this point

    Copy the full SHA

    b185bf3 View commit details

    Browse the repository at this point in the history

15. sec-policy/selinux-docker: add new package …

    Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

    

    tormath1 committed Nov 23, 2022
    Configuration menu

    • View commit details
    • Copy full SHA for 48e8369
    • Browse repository at this point

    Copy the full SHA

    48e8369 View commit details

    Browse the repository at this point in the history

16. sec-policy/selinux-docker: add flatcar patch …

    - drop useless ebuilds
    - add torcx docker patch
    
    Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

    

    tormath1 committed Nov 23, 2022
    Configuration menu

    • View commit details
    • Copy full SHA for 8d7b7a8
    • Browse repository at this point

    Copy the full SHA

    8d7b7a8 View commit details

    Browse the repository at this point in the history

17. coreos-base: add selinux dependencies to the SDK …

    Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>

    

    tormath1 committed Nov 23, 2022
    Configuration menu

    • View commit details
    • Copy full SHA for f9a9943
    • Browse repository at this point

    Copy the full SHA

    f9a9943 View commit details

    Browse the repository at this point in the history