| Commit message (Expand) | Author | Age | Files | Lines |
* | apparmor: Fix comments after PID file and AF_UNIX socket creation refactoring2024_05_23.765eb0b | Stefano Brivio | 2024-05-23 | 3 | -7/+13 |
* | apparmor: Fix passt abstraction | Maxime Bélair | 2024-05-22 | 1 | -1/+1 |
* | apparmor: allow netns paths on /tmp | Paul Holzinger | 2024-05-13 | 1 | -1/+1 |
* | apparmor: allow read access on /tmp for pasta2024_05_10.7288448 | Paul Holzinger | 2024-05-10 | 1 | -2/+3 |
* | apparmor: Fix access to procfs namespace entries in pasta's abstraction | Danish Prakash | 2024-04-05 | 1 | -0/+3 |
* | apparmor: Expand scope of @{run}/user access, allow writing PID files too | Stefano Brivio | 2024-04-05 | 1 | -1/+1 |
* | apparmor: Add mount rule with explicit, empty source in passt abstraction | Stefano Brivio | 2024-04-05 | 1 | -0/+1 |
* | fedora: Switch license identifier to SPDX2024_03_18.615d370 | Dan Čermák | 2024-03-18 | 1 | -1/+1 |
* | selinux: Allow pasta to remount procfs2024_02_16.08344da | Stefano Brivio | 2024-02-16 | 1 | -0/+2 |
* | Revert "selinux: Drop user_namespace class rules for Fedora 37"2023_11_07.56d9f6d | Stefano Brivio | 2023-11-07 | 2 | -0/+4 |
* | selinux: Allow passt to talk over unconfined_t UNIX domain socket for --fd2023_11_07.74e6f48 | Stefano Brivio | 2023-11-07 | 1 | -0/+1 |
* | selinux: Drop user_namespace class rules for Fedora 37 | Stefano Brivio | 2023-11-07 | 2 | -4/+0 |
* | fedora: Replace pasta hard links by separate builds | Stefano Brivio | 2023-09-07 | 1 | -6/+16 |
* | apparmor: Add pasta's own profile | Stefano Brivio | 2023-09-07 | 3 | -10/+31 |
* | apparmor: Allow pasta to remount /proc, access entries under its own copy | Stefano Brivio | 2023-09-07 | 1 | -0/+7 |
* | apparmor: Allow read-only access to uid_map | Stefano Brivio | 2023-09-07 | 1 | -0/+2 |
* | apparmor: Explicitly pass options we use while remounting root filesystem | Stefano Brivio | 2023-09-07 | 1 | -1/+1 |
* | apparmor: Use abstractions/nameservice to deal with symlinked resolv.conf | Stefano Brivio | 2023-09-06 | 1 | -2/+1 |
* | selinux: Fix domain transitions for typical commands pasta might run2023_08_18.0af928e | Stefano Brivio | 2023-08-18 | 1 | -1/+18 |
* | selinux: Allow pasta_t to read nsfs entries | Stefano Brivio | 2023-08-18 | 1 | -0/+2 |
* | selinux: Add rules for sysctl and /proc/net accesses | Stefano Brivio | 2023-08-18 | 2 | -0/+4 |
* | selinux: Update policy to fix user/group settings | Stefano Brivio | 2023-08-18 | 2 | -4/+13 |
* | selinux: Fix user namespace creation after breaking kernel change | Stefano Brivio | 2023-08-18 | 2 | -0/+4 |
* | selinux: Use explicit paths for binaries in file context | Stefano Brivio | 2023-08-18 | 2 | -2/+4 |
* | fedora: Install pasta as hard link to ensure SELinux file context match | Stefano Brivio | 2023-08-18 | 1 | -0/+7 |
* | passt: Relicense to GPL 2.0, or any later version | Stefano Brivio | 2023-04-06 | 11 | -12/+12 |
* | fedora: Adjust path for SELinux policy and interface file to latest guidelines2023_03_29.b10b983 | Stefano Brivio | 2023-03-29 | 1 | -9/+8 |
* | fedora: Don't install useless SELinux interface file for pasta | Stefano Brivio | 2023-03-29 | 1 | -2/+0 |
* | selinux: Drop useless interface file for pasta | Stefano Brivio | 2023-03-29 | 1 | -25/+0 |
* | fedora: Refresh SELinux labels in scriptlets, require -selinux package2023_03_17.dd23496 | Stefano Brivio | 2023-03-17 | 1 | -5/+15 |
* | fedora: Install SELinux interface files to shared include directory2023_03_10.70c0765 | Stefano Brivio | 2023-03-10 | 1 | -0/+4 |
* | contrib/selinux: Split interfaces into smaller bits | Stefano Brivio | 2023-03-10 | 1 | -10/+61 |
* | contrib/selinux: Drop unused passt_read_data() interface | Stefano Brivio | 2023-03-10 | 1 | -8/+0 |
* | contrib/selinux: Drop "example" from headers: this is the actual policy | Stefano Brivio | 2023-03-10 | 6 | -6/+6 |
* | contrib: Drop libvirt out-of-tree patch, integration mostly works in 9.1.0 | Stefano Brivio | 2023-03-09 | 1 | -427/+0 |
* | contrib: Drop QEMU out-of-tree patches | Stefano Brivio | 2023-03-09 | 2 | -208/+0 |
* | contrib: Drop Podman out-of-tree patch, integration is upstream now | Stefano Brivio | 2023-03-09 | 1 | -605/+0 |
* | contrib/selinux: Let interface users set paths for log, PID, socket files | Stefano Brivio | 2023-03-09 | 1 | -1/+25 |
* | contrib/selinux: Allow binding and connecting to all UDP and TCP ports | Stefano Brivio | 2023-03-09 | 1 | -12/+15 |
* | contrib/selinux: Let passt write to stdout and stderr when it starts | Stefano Brivio | 2023-03-09 | 1 | -0/+1 |
* | contrib/selinux: Drop duplicate init_daemon_domain() rule | Stefano Brivio | 2023-03-09 | 1 | -1/+0 |
* | contrib/apparmor: Split profile into abstractions, use them | Stefano Brivio | 2023-02-27 | 3 | -60/+89 |
* | selinux/passt.te: Allow setting socket option on routing netlink socket | Stefano Brivio | 2023-02-21 | 1 | -1/+1 |
* | selinux/passt.te: Allow /etc/resolv.conf symlinks to be followed | Stefano Brivio | 2023-02-21 | 1 | -0/+1 |
* | selinux/passt.te: Allow setcap on the process itself | Stefano Brivio | 2023-02-21 | 1 | -0/+1 |
* | selinux: Switch to a more reasonable model for PID and socket files | Stefano Brivio | 2023-02-21 | 2 | -5/+7 |
* | selinux: Define interfaces for libvirt and similar frameworks | Stefano Brivio | 2023-02-21 | 2 | -0/+27 |
* | selinux/passt.if: Fix typo in passt_read_data interface definition | Stefano Brivio | 2023-02-21 | 1 | -1/+1 |
* | Remove contrib/debian, Debian package development now happens on Salsa | Stefano Brivio | 2022-11-16 | 6 | -63/+0 |
* | contrib/apparmor: Merge pasta and passt profiles, update rules | Stefano Brivio | 2022-11-16 | 2 | -88/+51 |