nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
25bc2d5c1d
selinux-refpolicy/policy/modules/system
History
Nicolas Iooss 25bc2d5c1d Allow systemd services to use PrivateNetwork feature 
systemd creates a new network namespace for services which are using
PrivateNetwork=yes.

In the implementation, systemd uses a socketpair as a storage buffer for
the namespace reference file descriptor (c.f.
https://github.com/systemd/systemd/blob/v228/src/core/namespace.c#L660).
One end of this socketpair is locked (hence the need of "lock" access to
self:unix_dgram_socket for init_t) while systemd opens
/proc/self/ns/net, which lives in nsfs.

While at it, add filesystem_type attribute to nsfs_t.
2016-01-11 13:17:16 -05:00
..
application.fc
application.if
application.te
authlogin.fc Properly label utempter helper on debian 2015-12-01 09:45:06 -05:00
authlogin.if Implement core systemd policy. 2015-10-23 10:16:59 -04:00
authlogin.te Module version bumps for 2 patches from Dominick Grift. 2015-12-10 15:46:13 -05:00
clock.fc
clock.if
clock.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
fstools.fc fstools: add in filetrans for /run dir 2015-04-15 12:16:32 -04:00
fstools.if system/fstools.if: Add fstools_use_fds interface 2014-08-18 15:24:46 -04:00
fstools.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
getty.fc
getty.if
getty.te
hostname.fc
hostname.if
hostname.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
hotplug.fc
hotplug.if
hotplug.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
init.fc Implement core systemd policy. 2015-10-23 10:16:59 -04:00
init.if Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
init.te Allow systemd services to use PrivateNetwork feature 2016-01-11 13:17:16 -05:00
ipsec.fc system/ipsec: Add policy for StrongSwan 2015-10-12 09:16:28 -04:00
ipsec.if Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
ipsec.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
iptables.fc Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
iptables.if Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
iptables.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
libraries.fc Label /lib symlink as lib_t for every distro 2014-07-08 08:49:37 -04:00
libraries.if
libraries.te Bump module versions for release. 2014-12-03 13:37:38 -05:00
locallogin.fc
locallogin.if Implement core systemd policy. 2015-10-23 10:16:59 -04:00
locallogin.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
logging.fc Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
logging.if Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
logging.te Module version bump for syslog and systemd changes from Laurent Bigonville 2016-01-06 09:22:11 -05:00
lvm.fc Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
lvm.if Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
lvm.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
metadata.xml
miscfiles.fc Label /etc/locale.alias as locale_t on Debian 2014-04-21 09:02:26 -04:00
miscfiles.if Fix misspelling 2014-06-09 08:21:45 -04:00
miscfiles.te Bump module versions for release. 2014-12-03 13:37:38 -05:00
modutils.fc
modutils.if
modutils.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
mount.fc Rearrange ZFS fc entries. 2014-01-21 08:55:28 -05:00
mount.if system/mount.if: Add mount_rw_loopback_files interface 2014-08-18 15:24:46 -04:00
mount.te Bump module versions for release. 2014-12-03 13:37:38 -05:00
netlabel.fc
netlabel.if
netlabel.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
selinuxutil.fc Update policy for selinux userspace moving the policy store to /var/lib/selinux 2014-12-03 13:36:31 -05:00
selinuxutil.if Add openrc support to init_startstop_service 2015-05-27 14:37:41 -04:00
selinuxutil.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
setrans.fc
setrans.if Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
setrans.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
sysnetwork.fc Label /sbin/iw as ifconfig_exec_t 2014-10-23 08:07:44 -04:00
sysnetwork.if
sysnetwork.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
systemd.fc systemd: add missing file context spec for systemd-user-sessions executable file 2015-12-09 09:26:59 -05:00
systemd.if Remove bad interface in systemd.if. 2015-11-05 15:31:53 -05:00
systemd.te Module version bump for syslog and systemd changes from Laurent Bigonville 2016-01-06 09:22:11 -05:00
udev.fc Label /usr/share/virtualbox/VBoxCreateUSBNode.sh as udev_helper_exec_t 2014-04-21 10:15:51 -04:00
udev.if Implement core systemd policy. 2015-10-23 10:16:59 -04:00
udev.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
unconfined.fc
unconfined.if Allow unconfined domains to use syslog capability 2014-06-09 09:28:33 -04:00
unconfined.te Bump module versions for release. 2014-12-03 13:37:38 -05:00
userdomain.fc
userdomain.if Remove duplicate role declarations 2014-09-17 10:44:04 -04:00
userdomain.te Bump module versions for release. 2014-12-03 13:37:38 -05:00