RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/modules/system
History
Kenton Groombridge 0e3ce95c94 container, init: allow init to remount container filesystems 
Allow init to remount container filesystems. This is in support of other
services starting with NoNewPrivileges while already running containers
have mounted filesystems.

Signed-off-by: Kenton Groombridge <me@concord.sh>
 		2022-04-01 09:15:15 -04:00
..
application.fc
application.if
application.te Drop module versioning. 2022-01-06 09:19:13 -05:00
authlogin.fc
authlogin.if
authlogin.te authlogin: dontaudit getcap chkpwd 2022-03-23 10:57:57 -04:00
clock.fc
clock.if
clock.te Drop module versioning. 2022-01-06 09:19:13 -05:00
daemontools.fc
daemontools.if
daemontools.te Drop module versioning. 2022-01-06 09:19:13 -05:00
fstools.fc
fstools.if systemd: Add systemd-homed and systemd-userdbd. 2022-02-01 09:07:28 -05:00
fstools.te Drop module versioning. 2022-01-06 09:19:13 -05:00
getty.fc
getty.if
getty.te getty, locallogin: cgroup fixes 2022-03-23 10:57:57 -04:00
hostname.fc
hostname.if
hostname.te Drop module versioning. 2022-01-06 09:19:13 -05:00
init.fc init: split access for systemd runtime units 2022-03-18 13:12:10 -04:00
init.if init: allow systemd to nnp_transition and nosuid_transition to daemon domains 2022-03-23 10:57:47 -04:00
init.te container, init: allow init to remount container filesystems 2022-04-01 09:15:15 -04:00
ipsec.fc ipsec: fixes for strongswan 2021-11-29 16:38:12 +08:00
ipsec.if
ipsec.te Merge pull request #454 from jpds/rwnetlinksocketperms-typo 2022-01-11 15:04:31 -05:00
iptables.fc
iptables.if Make hide_broken_symptoms unconditional. 2022-02-16 12:04:21 -05:00
iptables.te Make hide_broken_symptoms unconditional. 2022-02-16 12:04:21 -05:00
iscsi.fc
iscsi.if
iscsi.te Drop module versioning. 2022-01-06 09:19:13 -05:00
libraries.fc
libraries.if
libraries.te Make hide_broken_symptoms unconditional. 2022-02-16 12:04:21 -05:00
locallogin.fc
locallogin.if various: remove various mcs ranged transitions 2022-01-06 20:58:28 -05:00
locallogin.te getty, locallogin: cgroup fixes 2022-03-23 10:57:57 -04:00
logging.fc
logging.if logging: Allow auditd to stat() dispatcher executables. 2021-11-18 16:37:01 -05:00
logging.te systemd: Updates for generators and kmod-static-nodes.service. 2022-02-01 09:07:31 -05:00
lvm.fc
lvm.if
lvm.te systemd: Add systemd-homed and systemd-userdbd. 2022-02-01 09:07:28 -05:00
metadata.xml
miscfiles.fc
miscfiles.if systemd: Unit generator fixes. 2021-11-18 16:25:30 -05:00
miscfiles.te various: make various types a mountpoint for containers 2022-01-21 15:03:35 -05:00
modutils.fc systemd: Updates for generators and kmod-static-nodes.service. 2022-02-01 09:07:31 -05:00
modutils.if
modutils.te Drop module versioning. 2022-01-06 09:19:13 -05:00
mount.fc
mount.if
mount.te Make hide_broken_symptoms unconditional. 2022-02-16 12:04:21 -05:00
netlabel.fc
netlabel.if
netlabel.te Drop module versioning. 2022-01-06 09:19:13 -05:00
raid.fc
raid.if
raid.te various: various userns capability permissions 2022-01-24 11:07:02 -05:00
selinuxutil.fc
selinuxutil.if
selinuxutil.te Make hide_broken_symptoms unconditional. 2022-02-16 12:04:21 -05:00
setrans.fc
setrans.if
setrans.te various: remove various mcs ranged transitions 2022-01-06 20:58:28 -05:00
sysnetwork.fc
sysnetwork.if sysnetwork: add interfaces for /run/netns 2022-01-21 15:03:27 -05:00
sysnetwork.te Make hide_broken_symptoms unconditional. 2022-02-16 12:04:21 -05:00
systemd.fc systemd: Add systemd-homed and systemd-userdbd. 2022-02-01 09:07:28 -05:00
systemd.if Merge pull request #487 from jpds/userdb-lnk-read 2022-03-25 12:39:34 -04:00
systemd.te systemd: various fixes 2022-03-23 10:57:57 -04:00
udev.fc udev: allow udev_t to watch udev_rules_t dir 2021-10-27 11:20:11 +08:00
udev.if
udev.te udev: allow udev to start the systemd system object 2022-03-23 10:57:57 -04:00
unconfined.fc
unconfined.if various: various userns capability permissions 2022-01-24 11:07:02 -05:00
unconfined.te unconfined: fixes for bluetooth dbus chat and systemd 2022-03-23 10:57:57 -04:00
userdomain.fc userdomain: add type for user bin files 2022-01-24 11:07:45 -05:00
userdomain.if systemd: Add systemd-homed and systemd-userdbd. 2022-02-01 09:07:28 -05:00
userdomain.te userdomain: add type for user bin files 2022-01-24 11:07:45 -05:00
xdg.fc
xdg.if xdg: add interface to search xdg data directories 2022-01-24 11:07:45 -05:00
xdg.te Drop module versioning. 2022-01-06 09:19:13 -05:00
xen.fc
xen.if
xen.te Drop module versioning. 2022-01-06 09:19:13 -05:00