-
Notifications
You must be signed in to change notification settings - Fork 36
sec-policy/*: sync with gentoo #1993
base: main
Are you sure you want to change the base?
Commits on Nov 23, 2022
-
sec-policy/selinux-base: sync with gentoo
Commit-Ref: c9baed78f05f99338abd378e4338ff6d2a9a509d Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 5607def - Browse repository at this point
Copy the full SHA 5607defView commit details -
sec-policy/selinux-base: apply flatcar patches
- removed non-used ebuilds - added patch for ping - run sshd (and child) as unconfined_t - add init.patch to allow execute_no_trans,map and exec from init to unconfined - add AVC patch for local login and journald Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for dc45dad - Browse repository at this point
Copy the full SHA dc45dadView commit details -
sec-policy/selinux-base-policy: sync with gentoo
Commit-Ref: c9baed78f05f99338abd378e4338ff6d2a9a509d Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 206dae9 - Browse repository at this point
Copy the full SHA 206dae9View commit details -
sec-policy/selinux-base-policy: apply Flatcar patches
- remove non-used ebuilds - added a patch for ping - run sshd (and child) as unconfined_t - add init.patch to allow execute_no_trans,map and exec from init to unconfined - add AVC patch for local login and journald - enabled tunable_policy systemd_tmpfiles_manage_all Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 48b9eaf - Browse repository at this point
Copy the full SHA 48b9eafView commit details -
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 2769e99 - Browse repository at this point
Copy the full SHA 2769e99View commit details -
sec-policy/selinux-virt: remove this policy in favor of container
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for dd1eff4 - Browse repository at this point
Copy the full SHA dd1eff4View commit details -
coreos-base/coreos: replace selinux-virt by selinux-container
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 875dd39 - Browse repository at this point
Copy the full SHA 875dd39View commit details -
coreos-base/coreos: add explicit selinux-dbus
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 63d7975 - Browse repository at this point
Copy the full SHA 63d7975View commit details -
sec-policy/selinux-container: new package
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 42a0329 - Browse repository at this point
Copy the full SHA 42a0329View commit details -
sec-policy/selinux-container: apply flatcar patch
- removed non-used ebuilds - add file context for torcx image Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 7f7a57a - Browse repository at this point
Copy the full SHA 7f7a57aView commit details -
sys-apps/baselayout: bump commit ID
it pulls relabelling of some files Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 47099ae - Browse repository at this point
Copy the full SHA 47099aeView commit details -
sys-libs/libsemanage: set correct label for semanage.conf
``` Jul 07 08:37:09 localhost audit[1363]: AVC avc: denied { getattr } for pid=1363 comm="systemd-tmpfile" path="/etc/selinux/semanage.conf" dev="vda9" ino=27 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file permissive=1 ``` Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for eeecb89 - Browse repository at this point
Copy the full SHA eeecb89View commit details -
profiles: build
find
with selinux supportSigned-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 6557bfc - Browse repository at this point
Copy the full SHA 6557bfcView commit details -
app-emulation/containerd: restorecon on /var/run/docker
otherwise it's keep the initrc_runtime_t label from the systemd unit and it leads to denials. Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for b185bf3 - Browse repository at this point
Copy the full SHA b185bf3View commit details -
sec-policy/selinux-docker: add new package
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 48e8369 - Browse repository at this point
Copy the full SHA 48e8369View commit details -
sec-policy/selinux-docker: add flatcar patch
- drop useless ebuilds - add torcx docker patch Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for 8d7b7a8 - Browse repository at this point
Copy the full SHA 8d7b7a8View commit details -
coreos-base: add selinux dependencies to the SDK
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Configuration menu - View commit details
-
Copy full SHA for f9a9943 - Browse repository at this point
Copy the full SHA f9a9943View commit details