RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/modules/kernel
History
Nicolas Iooss 25bc2d5c1d Allow systemd services to use PrivateNetwork feature 
systemd creates a new network namespace for services which are using
PrivateNetwork=yes.

In the implementation, systemd uses a socketpair as a storage buffer for
the namespace reference file descriptor (c.f.
https://github.com/systemd/systemd/blob/v228/src/core/namespace.c#L660).
One end of this socketpair is locked (hence the need of "lock" access to
self:unix_dgram_socket for init_t) while systemd opens
/proc/self/ns/net, which lives in nsfs.

While at it, add filesystem_type attribute to nsfs_t.
 		2016-01-11 13:17:16 -05:00
..
corecommands.fc Merge branch 'systemd-1' of git://github.com/bigon/refpolicy into bigon-systemd-1 2016-01-06 09:13:47 -05:00
corecommands.if
corecommands.te Module version bump for syslog and systemd changes from Laurent Bigonville 2016-01-06 09:22:11 -05:00
corenetwork.fc Start pulling in kernel layer pieces from Fedora. 2011-03-29 10:33:43 -04:00
corenetwork.if.in Corenetwork policy size optimization from Dan Walsh. 2011-08-26 09:03:25 -04:00
corenetwork.if.m4
corenetwork.te.in Bump module versions for release. 2014-12-03 13:37:38 -05:00
corenetwork.te.m4 Fix corenetwork port declaration to choose either reserved or unreserved. 2011-10-04 15:31:08 -04:00
devices.fc adds vfio device support to base policy 2015-09-15 08:17:31 -04:00
devices.if Add sysfs_types attribute. 2015-10-23 10:17:46 -04:00
devices.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
domain.fc
domain.if Fix domain_mmap_low() to be a proper tunable. 2015-02-09 16:02:36 -05:00
domain.te Add neverallow for mac_override capability. It is not used by SELinux. 2016-01-06 09:09:36 -05:00
files.fc Label (/var)?/tmp/systemd-private-.../tmp like /tmp 2014-08-26 08:22:53 -04:00
files.if Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
files.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
filesystem.fc filesystem: label cgroup symlinks 2014-04-21 09:32:30 -04:00
filesystem.if Allow systemd services to use PrivateNetwork feature 2016-01-11 13:17:16 -05:00
filesystem.te Allow systemd services to use PrivateNetwork feature 2016-01-11 13:17:16 -05:00
kernel.fc Add fc for /sys/kernel/debug as debugfs_t 2015-05-06 09:49:40 -04:00
kernel.if Add interfaces to read/write /proc/sys/vm/overcommit_memory 2015-12-14 10:02:53 -05:00
kernel.te Module version bump for vm overcommit sysctl interfaces from Laurent Bigonville. 2015-12-14 10:04:14 -05:00
mcs.fc
mcs.if Move mcs_constrained() impementation. 2012-11-28 16:26:05 -05:00
mcs.te Bump module versions for release. 2013-04-24 16:14:52 -04:00
metadata.xml
mls.fc
mls.if
mls.te
selinux.fc
selinux.if Revise selinux module interfaces for perms protected by neverallows. 2015-11-04 15:10:29 -05:00
selinux.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
storage.fc File contexts for zram 2014-06-25 10:34:45 -04:00
storage.if Fix misspelling 2014-06-09 08:21:45 -04:00
storage.te Bump module versions for release. 2014-12-03 13:37:38 -05:00
terminal.fc Initial virtio console device 2013-09-26 10:27:29 -04:00
terminal.if Implement core systemd policy. 2015-10-23 10:16:59 -04:00
terminal.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
ubac.fc
ubac.if
ubac.te