selinux-refpolicy

History

Guido Trentalancia b0c13980d2 bootloader: stricter permissions and more tailored file contexts Update the bootloader module so that it can manage only its own runtime files and not all boot_t files (which include, for example, the common locations for kernel images and initramfs archives) and so that it can execute only its own etc files (needed by grub2-mkconfig) and not all etc_t files which is more dangerous. Signed-off-by: Guido Trentalancia <guido@trentalancia.net>		2016-12-27 10:22:55 -05:00
..
flask	refpolicy: Define extended_socket_class policy capability and socket classes	2016-12-08 18:07:42 -05:00
modules	bootloader: stricter permissions and more tailored file contexts	2016-12-27 10:22:55 -05:00
support	refpolicy: Define extended_socket_class policy capability and socket classes	2016-12-08 18:07:42 -05:00
constraints	remove trailing whitespaces	2016-12-06 13:45:13 +01:00
context_defaults	Fix error in default_user example.	2014-04-28 10:19:22 -04:00
global_booleans
global_tunables	user_udp_server tunable	2016-08-02 19:44:16 -04:00
mcs	remove trailing whitespaces	2016-12-06 13:45:13 +01:00
mls	remove trailing whitespaces	2016-12-06 13:45:13 +01:00
policy_capabilities	refpolicy: Define extended_socket_class policy capability and socket classes	2016-12-08 18:07:42 -05:00
users	Apply direct_initrc to unconfined_r:unconfined_t	2014-01-16 15:27:18 -05:00