Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/services
Commit message (Expand)AuthorAgeFilesLines
* Update mysql.fcnisbet-hubbard2024-09-211-0/+1
* systemd: add policy for systemd-nsresourcedYi Zhao2024-09-214-0/+18
* bluetooth: Move line.Chris PeBenito2024-09-211-3/+2
* Adding SE Policy rules to allow usage of unix stream sockets by dbus and blue...Naga Bhavani Akella2024-09-213-0/+26
* kubernetes: allow kubelet to connect all TCP portsKenton Groombridge2024-09-211-3/+1
* container: allow reading generic certsKenton Groombridge2024-09-211-0/+1
* various: rules required for DV manipulation in kubevirtKenton Groombridge2024-09-213-0/+23
* container: add container_kvm_t and supporting kubevirt rulesKenton Groombridge2024-09-211-1/+33
* iptables: allow reading container engine tmp filesKenton Groombridge2024-09-211-0/+20
* container: allow spc various rules for kubevirtKenton Groombridge2024-09-211-2/+11
* container, kubernetes: add supporting rules for kubevirt and multusKenton Groombridge2024-09-213-0/+50
* dbus: dontaudit session bus domains the netadmin capabilityKenton Groombridge2024-09-211-1/+1
* container: allow super privileged containers to manage BPF dirsKenton Groombridge2024-09-211-1/+1
* kubernetes: allow kubelet to create unlabeled dirsKenton Groombridge2024-09-211-0/+3
* haproxy: allow interactive usageKenton Groombridge2024-09-211-0/+4
* podman: allow managing init runtime unitsKenton Groombridge2024-09-211-0/+6
* sshd: label sshd-session as sshd_exec_tKenton Groombridge2024-09-211-0/+1
* Setting bluetooth helper domain for bluetoothctlNaga Bhavani Akella2024-09-212-0/+6
* node_exporter: allow reading RPC sysctlsKenton Groombridge2024-09-211-0/+1
* asterisk: allow reading certbot libKenton Groombridge2024-09-211-0/+4
* postfix: allow postfix pipe to watch mail spoolKenton Groombridge2024-09-211-0/+1
* node_exporter: allow reading localizationKenton Groombridge2024-09-211-0/+2
* container: allow containers to execute tmpfs filesKenton Groombridge2024-09-211-0/+1
* haproxy: initial policyKenton Groombridge2024-09-213-0/+222
* dbus, init: add interface for pidfd usageKenton Groombridge2024-09-211-0/+19
* asterisk: allow watching spool dirsKenton Groombridge2024-09-211-0/+1
* postfix: allow smtpd to mmap SASL keytab filesKenton Groombridge2024-09-212-1/+20
* Reorder perms and classesfreedom1b28302024-09-21117-396/+396
* Sepolicy changes for bluez to access uhidAmisha Jain2024-09-211-0/+1
* Adding Sepolicy rules to allow bluetoothctl and dbus-daemon to access unix st...Naga Bhavani Akella2024-09-213-2/+26
* various: various fixesKenton Groombridge2024-05-141-0/+2
* container, crio, kubernetes: minor fixesKenton Groombridge2024-05-143-0/+5
* container, podman: various fixesKenton Groombridge2024-05-142-2/+50
* container: allow containers to getcapKenton Groombridge2024-05-141-1/+1
* container: allow system container engines to mmap runtime filesKenton Groombridge2024-05-141-1/+1
* matrixd: add tunable for binding to all unreserved portsKenton Groombridge2024-05-141-1/+15
* asterisk: allow binding to all unreserved UDP portsKenton Groombridge2024-05-141-0/+1
* postgres: add a standalone execmem tunableKenton Groombridge2024-05-141-1/+8
* dovecot: allow dovecot-auth to read SASL keytabKenton Groombridge2024-05-141-0/+4
* fail2ban: allow reading net sysctlsKenton Groombridge2024-05-141-0/+1
* init: allow systemd to use sshd pidfdsKenton Groombridge2024-05-141-0/+19
* files context for merged-usr profile on gentooGrzegorz Filo2024-05-141-0/+4
* Need map perm for cockpit 300.4Dave Sugar2024-05-141-1/+1
* cockpit: Change $1_cockpit_tmpfs_t to a tmpfs file type.Chris PeBenito2024-05-141-1/+1
* certbot: Drop execmem.Chris PeBenito2024-05-141-4/+0
* xen: Drop xend/xm stack.Chris PeBenito2024-05-145-8/+4
* cups: Remove PTAL.Chris PeBenito2024-05-143-108/+7
* minissdpd: Revoke kernel module loading permissions.Chris PeBenito2024-05-141-2/+1
* docker: Fix dockerc typo in container_engine_executable_fileChris PeBenito2024-05-141-1/+1
* cron: Use raw entrypoint rule for system_cronjob_t.Chris PeBenito2024-05-141-1/+1