RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,450 Commits 3 Branches 49 Tags 19 MiB
Commit Graph

6 Commits

Author SHA1 Message Date
Kenton Groombridge 4210d32eba podman: rework conmon rules 
Use a template to generate conmon domains and add a common attribute for
them. This is so that domains who use conmon can execute it and have
conmon transition back to the original domain instead of to the generic
podman domain. This is used by CRI-O, for example.

Signed-off-by: Kenton Groombridge <me@concord.sh>
 2022-05-18 09:29:18 -04:00
Kenton Groombridge 7b08c9958e podman: add interface to rangetrans when executing conmon 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2022-05-18 09:29:16 -04:00
Kenton Groombridge fcb295578e container, podman: allow containers to interact with conmon 
Allow containers to use inherited conmon file descriptors and read and
write unnamed conmon pipes.

Signed-off-by: Kenton Groombridge <me@concord.sh>
 2022-04-01 09:15:11 -04:00
Kenton Groombridge 52dc8d8a26 container, podman: add policy for conmon 
Make conmon run in a separate domain and allow podman types to
transition to it.

Signed-off-by: Kenton Groombridge <me@concord.sh>
 2022-01-24 11:07:45 -05:00
Kenton Groombridge 526dd08ff3 container, podman, systemd: initial support for rootless podman 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2022-01-24 11:07:02 -05:00
Kenton Groombridge 83df290da3 container, podman: initial support for podman 
Signed-off-by: Kenton Groombridge <me@concord.sh>
 2022-01-24 11:07:02 -05:00