selinux-refpolicy

nnd/selinux-refpolicy

Fork 0

71f4bd1992

Merge pull request #799 from dsseng/gadgetfs-usbfs main Chris PeBenito 2024-07-22 09:17:22 -0400
a6cf207363

filesystem, devices: move gadgetfs to usbfs_t Dmitry Sharshakov 2024-07-20 20:37:47 +0300
1b11d94cd7

Merge pull request #792 from yizhao1/systemd Chris PeBenito 2024-07-12 08:28:35 -0400
75492f95f7 systemd: make xdg optional Yi Zhao 2021-09-29 11:08:49 +0800
302e66507a

Merge pull request #794 from 0xC0ncord/main Chris PeBenito 2024-07-10 10:19:43 -0400
b65469f826

Merge pull request #793 from 0xC0ncord/sshd-session Chris PeBenito 2024-07-10 10:19:15 -0400
097d688ff8 sshd: label sshd-session as sshd_exec_t Kenton Groombridge 2024-07-05 14:47:47 -0400
6cacc4871a

Merge pull request #791 from pebenito/quic_nakella-bluetoothctl Chris PeBenito 2024-07-01 15:24:37 -0400
b3c272d6ac

Merge pull request #790 from pebenito/quic_rbujala-pulseaudio Chris PeBenito 2024-07-01 15:17:54 -0400
73c2c68ee7

Merge pull request #789 from yizhao1/update Chris PeBenito 2024-07-01 15:12:24 -0400
b57b6005c5 Setting bluetooth helper domain for bluetoothctl Naga Bhavani Akella 2024-06-28 12:13:12 +0530
30f451d6a4 Adding Sepolicy rules to allow pulseaudio to access bluetooth sockets. Raghavender Reddy Bujala 2024-06-27 14:10:40 +0530
7037c341fb systemd: allow logind to use locallogin pidfds Kenton Groombridge 2024-07-01 09:42:33 -0400
5f7f494d19 userdomain: allow administrative user to get attributes of shadow history file Yi Zhao 2024-06-30 22:24:57 +0800
7c797909a2

Merge pull request #787 from 0xC0ncord/various/20240515 Chris PeBenito 2024-06-28 13:25:54 -0400
0126cb1e66 node_exporter: allow reading RPC sysctls Kenton Groombridge 2024-06-27 14:22:19 -0400
9c90f9f7d9 asterisk: allow reading certbot lib Kenton Groombridge 2024-06-27 13:47:49 -0400
bfcaec9bab postfix: allow postfix pipe to watch mail spool Kenton Groombridge 2024-06-27 13:20:12 -0400
06a80c3d8a netutils: allow ping to read net sysctls Kenton Groombridge 2024-06-27 13:18:45 -0400
2e0509c9e7 node_exporter: allow reading localization Kenton Groombridge 2024-06-27 13:16:33 -0400
50a8cddd10 container: allow containers to execute tmpfs files Kenton Groombridge 2024-06-27 10:22:39 -0400
ae71af8b4f

Merge pull request #786 from 0xC0ncord/haproxy Chris PeBenito 2024-06-28 11:34:45 -0400
790ab4ee96

Merge pull request #788 from freedom1b2830/main Chris PeBenito 2024-06-28 10:51:32 -0400
09a747a16d sysadm: make haproxy admin Kenton Groombridge 2024-06-27 10:34:40 -0400
c8c3ae2cba haproxy: initial policy Kenton Groombridge 2024-06-27 10:34:25 -0400
4e97f87cee init: use pidfds from local login Kenton Groombridge 2024-06-27 10:04:36 -0400
7fd9032d88 dbus, init: add interface for pidfd usage Kenton Groombridge 2024-06-26 11:35:09 -0400
a6d6921a9c asterisk: allow watching spool dirs Kenton Groombridge 2024-05-15 23:30:40 -0400
72c1d912ff su, sudo: allow sudo to signal all su domains Kenton Groombridge 2024-05-15 11:21:23 -0400
8b31782480 sudo: allow systemd-logind to read cgroup state of sudo Kenton Groombridge 2024-05-15 11:12:35 -0400
871f0b0dd7 postfix: allow smtpd to mmap SASL keytab files Kenton Groombridge 2024-05-15 11:07:42 -0400
578375480d sysnetwork: allow ifconfig to read usr files Kenton Groombridge 2024-05-15 11:04:51 -0400
6916e9b20c systemd: allow systemd-logind to use sshd pidfds Kenton Groombridge 2024-05-15 10:56:17 -0400
96ebb7c4e0

Reorder perms and classes freedom1b2830 2024-06-28 05:34:45 +0000
eca307c232

Merge pull request #785 from pebenito/sediff Chris PeBenito 2024-06-27 09:59:38 -0400
cb68df0873 tests.yml: Add policy diff on PRs. Chris PeBenito 2024-06-27 09:02:20 -0400
99258825ce tests.yml: Divide into reusable workflows. Chris PeBenito 2024-06-18 12:59:12 -0400
1e4b689301

Reorder perms and classes freedom1b2830 2024-06-16 13:22:31 +0000
04eca2fa9b

Merge pull request #770 from pebenito/systemd-analyze Chris PeBenito 2024-06-06 12:07:27 -0400
c920fc5d9e

Merge pull request #781 from yizhao1/selinuxutil Chris PeBenito 2024-06-05 19:48:02 -0400
c963ddfae0

Merge pull request #782 from pebenito/quic_amisjain-bt-uhid Chris PeBenito 2024-06-05 19:42:16 -0400
2102055d4d devices: Change dev_rw_uhid() to use a policy pattern. Chris PeBenito 2024-06-05 15:26:56 -0400
1cbe455a5e device: Move dev_rw_uhid definition. Chris PeBenito 2024-06-05 15:25:24 -0400
7a33b4bc87 Sepolicy changes for bluez to access uhid Amisha Jain 2024-06-05 16:53:26 +0530
c6dd4087de selinuxutil: make policykit optional Yi Zhao 2024-06-05 10:32:34 +0800
d53aa53110

Merge pull request #779 from yizhao1/fixes Chris PeBenito 2024-06-04 10:05:54 -0400
50a1ee7e9c

Merge pull request #780 from pebenito/quic_nakella-gatt Chris PeBenito 2024-06-04 09:54:45 -0400
10feb47e55 newrole: allow newrole to search faillock runtime directory Yi Zhao 2024-05-28 15:06:06 +0800
bf34d3e5e8 sysnetwork: fixes for dhcpcd Yi Zhao 2024-05-28 13:17:42 +0800
4663e613f0 Adding Sepolicy rules to allow bluetoothctl and dbus-daemon to access unix stream sockets. Naga Bhavani Akella 2024-05-27 13:19:45 +0530
af26e63697

Merge pull request #778 from 0xC0ncord/various-20240506 Chris PeBenito 2024-05-13 08:38:14 -0400
27602a932b various: various fixes Kenton Groombridge 2024-05-06 17:46:06 -0400
63d50bbaa3 container, crio, kubernetes: minor fixes Kenton Groombridge 2024-05-06 17:19:44 -0400
11e729e273 container, podman: various fixes Kenton Groombridge 2024-05-06 17:03:59 -0400
ef5954a0e9 systemd: allow systemd-sysctl to search tmpfs Kenton Groombridge 2024-05-06 16:41:28 -0400
472e0442e7 container: allow containers to getcap Kenton Groombridge 2024-05-06 16:39:41 -0400
7876e51510 container: allow system container engines to mmap runtime files Kenton Groombridge 2024-05-06 16:38:43 -0400
d917092a81 matrixd: add tunable for binding to all unreserved ports Kenton Groombridge 2024-05-06 16:33:13 -0400
3dba91dd48 bootloader: allow systemd-boot to manage EFI binaries Kenton Groombridge 2024-05-06 16:31:46 -0400
ddf395d5d4 asterisk: allow binding to all unreserved UDP ports Kenton Groombridge 2024-05-06 16:21:13 -0400
3bad3696b8 postgres: add a standalone execmem tunable Kenton Groombridge 2024-05-06 16:14:04 -0400
ef28f7879a userdom: allow users to read user home dir symlinks Kenton Groombridge 2024-05-06 16:03:10 -0400
03711caea1 dovecot: allow dovecot-auth to read SASL keytab Kenton Groombridge 2024-05-06 15:59:55 -0400
cd781e783e fail2ban: allow reading net sysctls Kenton Groombridge 2024-05-06 15:58:20 -0400
ddc6ac493c init: allow systemd to use sshd pidfds Kenton Groombridge 2024-05-06 15:53:46 -0400
eefc22e395

Merge pull request #768 from plsph/merged-usr-gentoo Chris PeBenito 2024-05-09 08:28:30 -0400
b9c457d80a

files context for merged-usr profile on gentoo Grzegorz Filo 2024-04-03 13:02:48 +0200
6daf602382 init: Add homectl dbus access. Chris PeBenito 2024-05-07 09:18:57 -0400
7d998958dc filesystem/systemd: memory.pressure fixes. Chris PeBenito 2024-04-29 16:36:38 -0400
9b4ac09194

Merge pull request #777 from dsugar100/cockpit_map Chris PeBenito 2024-05-06 13:43:26 -0400
5040dd3b6e

Need map perm for cockpit 300.4 Dave Sugar 2024-05-04 21:19:20 -0400
d049eb2173 cloudinit: Add support for cloud-init-growpart. Chris PeBenito 2024-04-29 16:36:05 -0400
739ae42cac systemd: Add basic systemd-analyze rules. Chris PeBenito 2024-04-09 09:41:52 -0400
0dc400529c

Merge pull request #776 from pebenito/sechecker Chris PeBenito 2024-04-30 10:17:51 -0400
029684596a

Merge pull request #775 from matt-sheets/masheets/init-siginh Chris PeBenito 2024-04-30 10:09:02 -0400
2ef9838dba tests.yml: Add sechecker testing. Chris PeBenito 2024-02-23 16:12:25 -0500
c62bd5c6c0 cockpit: Change $1_cockpit_tmpfs_t to a tmpfs file type. Chris PeBenito 2024-03-05 10:20:13 -0500
1c694125b7 certbot: Drop execmem. Chris PeBenito 2024-03-05 10:18:41 -0500
349411d555 xen: Drop xend/xm stack. Chris PeBenito 2024-02-29 13:31:57 -0500
2a261f9166 Allow systemd to pass down sig mask Matt Sheets 2024-04-26 17:09:53 -0700
2577feb839 cups: Remove PTAL. Chris PeBenito 2024-02-29 11:04:56 -0500
5b02b44e51 xen: Revoke kernel module loading permissions. Chris PeBenito 2024-02-29 10:14:01 -0500
1c20c002cd minissdpd: Revoke kernel module loading permissions. Chris PeBenito 2024-02-29 09:53:18 -0500
5671390e2c docker: Fix dockerc typo in container_engine_executable_file Chris PeBenito 2024-02-28 16:29:18 -0500
e1bc4830d6 cron: Use raw entrypoint rule for system_cronjob_t. Chris PeBenito 2024-02-23 16:06:03 -0500
0f71792c8c uml: Remove excessive access from user domains on uml_exec_t. Chris PeBenito 2024-02-23 15:57:52 -0500
f889384ddf

Merge pull request #774 from ralther/machine-info Chris PeBenito 2024-04-24 13:25:36 -0400
bea4b160bf

Merge pull request #773 from ralther/fix_MCS_CATS_comment Chris PeBenito 2024-04-22 10:11:25 -0400
0ede5759d8

Merge pull request #769 from cgzones/systemd Chris PeBenito 2024-04-22 09:56:00 -0400
511223e2d1 Set the type on /etc/machine-info to net_conf_t so hostnamectl can manipulate it (CRUD) Rick Alther 2024-04-22 01:36:57 -0400
72fc1b2a3e fix: minor correction in MCS_CATS range comment Rick Alther 2024-04-22 01:11:42 -0400
cbf56c8aea systemd: allow notify client to stat socket Christian Göttsche 2024-04-04 22:38:40 +0200
6507eebc23

Merge pull request #750 from dsugar100/selinux_dbus Chris PeBenito 2024-04-02 08:56:15 -0400
77184560ba

Merge pull request #766 from dsugar100/sos_rhel9 Chris PeBenito 2024-04-02 08:55:19 -0400
48b4e36137

Merge pull request #767 from cgzones/misc Chris PeBenito 2024-04-02 08:53:27 -0400
0aff1990e1 quote: read localization Christian Göttsche 2024-03-28 20:02:47 +0100
ab13c04211 getty: grant checkpoint_restore Christian Göttsche 2024-03-28 20:01:49 +0100
3643773aed Update SOS report to work on RHEL9 Dave Sugar 2024-03-08 10:16:32 -0500
fa84ee8fc0 Update Changelog and VERSION for release 2.20240226. Chris PeBenito 2024-02-26 13:38:45 -0500
d48b57a5bd

Merge pull request #763 from cgzones/dnl_space Chris PeBenito 2024-02-23 13:18:44 -0500

Commit Graph Select branches Hide Pull Requests main Mono Color

Commit Graph

Select branches

Hide Pull Requests

main