Allow init to remount container filesystems. This is in support of other
services starting with NoNewPrivileges while already running containers
have mounted filesystems.
Signed-off-by: Kenton Groombridge <me@concord.sh>
Allow conmon to use init file descriptors and read-write init unix
stream sockets. This is in support of containers started as systemd
units.
Signed-off-by: Kenton Groombridge <me@concord.sh>
Same as before but moved to the top of my patch list so it will apply to the
git policy.
Should be ready to merge now.
Signed-off-by: Russell Coker <russell@coker.com.au>
Same as the last one but with the directory names for the auto trans rules
removed. I think it's ready for merging.
Signed-off-by: Russell Coker <russell@coker.com.au>
When using systemd-resolved, the recommended configuration is to symlink
/etc/resolv.conf to one of the stub files in /run/systemd/resolve. To
support this, daemons that can read net_conf_t must be able to search
the init runtime and read etc_t symlinks. Allow this access if systemd
is enabled.
Signed-off-by: Kenton Groombridge <me@concord.sh>
PAM can be configured to allow sudo to unmount/remount private tmp
directories when invoked. Allow this access if enabled.
Signed-off-by: Kenton Groombridge <me@concord.sh>
The context= mount option can be used to label, for example, a DOS
filesystem mounted on boot to be boot_t instead of dosfs_t. Explicitly
allow init (systemd) to remount boot_t filesystems so that options like
ProtectSystem=full work properly.
Signed-off-by: Kenton Groombridge <me@concord.sh>
Add a target for modular polices to load all built modules while
simultaneously removing all non Reference Policy ones. This will remove
dropped Reference Policy modules and user installed ones.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
When adding program options to checkpolicy and checkmodule use
override to add them even when CHECKPOLICY or CHECKMODULE have been
set by the caller.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Add a Makefile target to generate a CIL policy, useful for debugging,
introspection or testing.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Fail on python code calling str(bytes_instance) or
str(bytearray_instance), or comparing bytes/bytearray with str.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Booleans and tunables must have a value of true or false and infoflow
needs to be of type read, write, none or both with a weight of 1 to 10.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Add new future policy capability ioctl_skip_cloexec.
Drop estimate comments from genfs_seclabel_symlinks.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Kenton Groombridge
Chris PeBenito
Russell Coker
Jonathan Davies
Christian Göttsche