GitWeb
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Gentoo Repository
Repositories
Projects
Developer Overlays
User Overlays
Data
Websites
index
:
proj/hardened-refpolicy.git
concord-dev
mailinfra
master
secmodel
Gentoo Hardened SELinux reference policy implementation
Sven Vermeulen <swift@gentoo.org>
about
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
policy
Commit message (
Expand
)
Author
Age
Files
Lines
*
Allow interactive user terminal output for the NetLabel management tool.
Guido Trentalancia
2024-09-21
1
-0
/
+2
*
bluetooth: Move line.
Chris PeBenito
2024-09-21
1
-3
/
+2
*
Adding SE Policy rules to allow usage of unix stream sockets by dbus and blue...
Naga Bhavani Akella
2024-09-21
3
-0
/
+26
*
kubernetes: allow kubelet to connect all TCP ports
Kenton Groombridge
2024-09-21
1
-3
/
+1
*
container: allow reading generic certs
Kenton Groombridge
2024-09-21
1
-0
/
+1
*
various: rules required for DV manipulation in kubevirt
Kenton Groombridge
2024-09-21
7
-0
/
+48
*
container: add container_kvm_t and supporting kubevirt rules
Kenton Groombridge
2024-09-21
1
-1
/
+33
*
iptables: allow reading container engine tmp files
Kenton Groombridge
2024-09-21
2
-2
/
+23
*
container: allow spc various rules for kubevirt
Kenton Groombridge
2024-09-21
2
-2
/
+29
*
container, kubernetes: add supporting rules for kubevirt and multus
Kenton Groombridge
2024-09-21
3
-0
/
+50
*
dbus: dontaudit session bus domains the netadmin capability
Kenton Groombridge
2024-09-21
1
-1
/
+1
*
container: allow super privileged containers to manage BPF dirs
Kenton Groombridge
2024-09-21
2
-1
/
+19
*
kubernetes: allow kubelet to create unlabeled dirs
Kenton Groombridge
2024-09-21
2
-0
/
+21
*
haproxy: allow interactive usage
Kenton Groombridge
2024-09-21
1
-0
/
+4
*
podman: allow managing init runtime units
Kenton Groombridge
2024-09-21
1
-0
/
+6
*
iptables: allow reading usr files
Kenton Groombridge
2024-09-21
1
-0
/
+1
*
filesystem, devices: move gadgetfs to usbfs_t
Dmitry Sharshakov
2024-09-21
2
-1
/
+1
*
systemd: make xdg optional
Yi Zhao
2024-09-21
1
-2
/
+8
*
sshd: label sshd-session as sshd_exec_t
Kenton Groombridge
2024-09-21
1
-0
/
+1
*
Setting bluetooth helper domain for bluetoothctl
Naga Bhavani Akella
2024-09-21
2
-0
/
+6
*
Adding Sepolicy rules to allow pulseaudio to access bluetooth sockets.
Raghavender Reddy Bujala
2024-09-21
1
-0
/
+2
*
systemd: allow logind to use locallogin pidfds
Kenton Groombridge
2024-09-21
1
-0
/
+4
*
userdomain: allow administrative user to get attributes of shadow history file
Yi Zhao
2024-09-21
2
-0
/
+20
*
node_exporter: allow reading RPC sysctls
Kenton Groombridge
2024-09-21
1
-0
/
+1
*
asterisk: allow reading certbot lib
Kenton Groombridge
2024-09-21
1
-0
/
+4
*
postfix: allow postfix pipe to watch mail spool
Kenton Groombridge
2024-09-21
1
-0
/
+1
*
netutils: allow ping to read net sysctls
Kenton Groombridge
2024-09-21
1
-0
/
+1
*
node_exporter: allow reading localization
Kenton Groombridge
2024-09-21
1
-0
/
+2
*
container: allow containers to execute tmpfs files
Kenton Groombridge
2024-09-21
1
-0
/
+1
*
sysadm: make haproxy admin
Kenton Groombridge
2024-09-21
1
-0
/
+4
*
haproxy: initial policy
Kenton Groombridge
2024-09-21
3
-0
/
+222
*
init: use pidfds from local login
Kenton Groombridge
2024-09-21
2
-0
/
+22
*
dbus, init: add interface for pidfd usage
Kenton Groombridge
2024-09-21
2
-1
/
+20
*
asterisk: allow watching spool dirs
Kenton Groombridge
2024-09-21
1
-0
/
+1
*
su, sudo: allow sudo to signal all su domains
Kenton Groombridge
2024-09-21
3
-2
/
+27
*
sudo: allow systemd-logind to read cgroup state of sudo
Kenton Groombridge
2024-09-21
1
-0
/
+2
*
postfix: allow smtpd to mmap SASL keytab files
Kenton Groombridge
2024-09-21
2
-1
/
+20
*
sysnetwork: allow ifconfig to read usr files
Kenton Groombridge
2024-09-21
1
-0
/
+1
*
systemd: allow systemd-logind to use sshd pidfds
Kenton Groombridge
2024-09-21
1
-0
/
+6
*
Reorder perms and classes
freedom1b2830
2024-09-21
219
-758
/
+758
*
devices: Change dev_rw_uhid() to use a policy pattern.
Chris PeBenito
2024-09-21
1
-2
/
+2
*
device: Move dev_rw_uhid definition.
Chris PeBenito
2024-09-21
1
-18
/
+19
*
Sepolicy changes for bluez to access uhid
Amisha Jain
2024-09-21
2
-0
/
+19
*
selinuxutil: make policykit optional
Yi Zhao
2024-09-21
1
-2
/
+4
*
newrole: allow newrole to search faillock runtime directory
Yi Zhao
2024-09-21
2
-0
/
+19
*
sysnetwork: fixes for dhcpcd
Yi Zhao
2024-09-21
1
-0
/
+5
*
Adding Sepolicy rules to allow bluetoothctl and dbus-daemon to access unix st...
Naga Bhavani Akella
2024-09-21
4
-3
/
+27
*
init: Add homectl dbus access.
Chris PeBenito
2024-09-21
2
-0
/
+25
*
filesystem/systemd: memory.pressure fixes.
Chris PeBenito
2024-09-21
3
-2
/
+6
*
cloudinit: Add support for cloud-init-growpart.
Chris PeBenito
2024-09-21
1
-0
/
+9
[next]