| Commit message (Expand) | Author | Age | Files | Lines |
* | Revert "selinux: Drop user_namespace class rules for Fedora 37"2023_11_07.56d9f6d | Stefano Brivio | 2023-11-07 | 2 | -0/+4 |
* | selinux: Allow passt to talk over unconfined_t UNIX domain socket for --fd2023_11_07.74e6f48 | Stefano Brivio | 2023-11-07 | 1 | -0/+1 |
* | selinux: Drop user_namespace class rules for Fedora 37 | Stefano Brivio | 2023-11-07 | 2 | -4/+0 |
* | fedora: Replace pasta hard links by separate builds | Stefano Brivio | 2023-09-07 | 1 | -6/+16 |
* | apparmor: Add pasta's own profile | Stefano Brivio | 2023-09-07 | 3 | -10/+31 |
* | apparmor: Allow pasta to remount /proc, access entries under its own copy | Stefano Brivio | 2023-09-07 | 1 | -0/+7 |
* | apparmor: Allow read-only access to uid_map | Stefano Brivio | 2023-09-07 | 1 | -0/+2 |
* | apparmor: Explicitly pass options we use while remounting root filesystem | Stefano Brivio | 2023-09-07 | 1 | -1/+1 |
* | apparmor: Use abstractions/nameservice to deal with symlinked resolv.conf | Stefano Brivio | 2023-09-06 | 1 | -2/+1 |
* | selinux: Fix domain transitions for typical commands pasta might run2023_08_18.0af928e | Stefano Brivio | 2023-08-18 | 1 | -1/+18 |
* | selinux: Allow pasta_t to read nsfs entries | Stefano Brivio | 2023-08-18 | 1 | -0/+2 |
* | selinux: Add rules for sysctl and /proc/net accesses | Stefano Brivio | 2023-08-18 | 2 | -0/+4 |
* | selinux: Update policy to fix user/group settings | Stefano Brivio | 2023-08-18 | 2 | -4/+13 |
* | selinux: Fix user namespace creation after breaking kernel change | Stefano Brivio | 2023-08-18 | 2 | -0/+4 |
* | selinux: Use explicit paths for binaries in file context | Stefano Brivio | 2023-08-18 | 2 | -2/+4 |
* | fedora: Install pasta as hard link to ensure SELinux file context match | Stefano Brivio | 2023-08-18 | 1 | -0/+7 |
* | passt: Relicense to GPL 2.0, or any later version | Stefano Brivio | 2023-04-06 | 11 | -12/+12 |
* | fedora: Adjust path for SELinux policy and interface file to latest guidelines2023_03_29.b10b983 | Stefano Brivio | 2023-03-29 | 1 | -9/+8 |
* | fedora: Don't install useless SELinux interface file for pasta | Stefano Brivio | 2023-03-29 | 1 | -2/+0 |
* | selinux: Drop useless interface file for pasta | Stefano Brivio | 2023-03-29 | 1 | -25/+0 |
* | fedora: Refresh SELinux labels in scriptlets, require -selinux package2023_03_17.dd23496 | Stefano Brivio | 2023-03-17 | 1 | -5/+15 |
* | fedora: Install SELinux interface files to shared include directory2023_03_10.70c0765 | Stefano Brivio | 2023-03-10 | 1 | -0/+4 |
* | contrib/selinux: Split interfaces into smaller bits | Stefano Brivio | 2023-03-10 | 1 | -10/+61 |
* | contrib/selinux: Drop unused passt_read_data() interface | Stefano Brivio | 2023-03-10 | 1 | -8/+0 |
* | contrib/selinux: Drop "example" from headers: this is the actual policy | Stefano Brivio | 2023-03-10 | 6 | -6/+6 |
* | contrib: Drop libvirt out-of-tree patch, integration mostly works in 9.1.0 | Stefano Brivio | 2023-03-09 | 1 | -427/+0 |
* | contrib: Drop QEMU out-of-tree patches | Stefano Brivio | 2023-03-09 | 2 | -208/+0 |
* | contrib: Drop Podman out-of-tree patch, integration is upstream now | Stefano Brivio | 2023-03-09 | 1 | -605/+0 |
* | contrib/selinux: Let interface users set paths for log, PID, socket files | Stefano Brivio | 2023-03-09 | 1 | -1/+25 |
* | contrib/selinux: Allow binding and connecting to all UDP and TCP ports | Stefano Brivio | 2023-03-09 | 1 | -12/+15 |
* | contrib/selinux: Let passt write to stdout and stderr when it starts | Stefano Brivio | 2023-03-09 | 1 | -0/+1 |
* | contrib/selinux: Drop duplicate init_daemon_domain() rule | Stefano Brivio | 2023-03-09 | 1 | -1/+0 |
* | contrib/apparmor: Split profile into abstractions, use them | Stefano Brivio | 2023-02-27 | 3 | -60/+89 |
* | selinux/passt.te: Allow setting socket option on routing netlink socket | Stefano Brivio | 2023-02-21 | 1 | -1/+1 |
* | selinux/passt.te: Allow /etc/resolv.conf symlinks to be followed | Stefano Brivio | 2023-02-21 | 1 | -0/+1 |
* | selinux/passt.te: Allow setcap on the process itself | Stefano Brivio | 2023-02-21 | 1 | -0/+1 |
* | selinux: Switch to a more reasonable model for PID and socket files | Stefano Brivio | 2023-02-21 | 2 | -5/+7 |
* | selinux: Define interfaces for libvirt and similar frameworks | Stefano Brivio | 2023-02-21 | 2 | -0/+27 |
* | selinux/passt.if: Fix typo in passt_read_data interface definition | Stefano Brivio | 2023-02-21 | 1 | -1/+1 |
* | Remove contrib/debian, Debian package development now happens on Salsa | Stefano Brivio | 2022-11-16 | 6 | -63/+0 |
* | contrib/apparmor: Merge pasta and passt profiles, update rules | Stefano Brivio | 2022-11-16 | 2 | -88/+51 |
* | conf, log, Makefile: Add versioning information | Stefano Brivio | 2022-10-15 | 1 | -1/+1 |
* | contrib/podman: Rebase to latest upstream | Stefano Brivio | 2022-09-24 | 1 | -45/+50 |
* | fedora: Escape % characters in spec file's changelog2022_09_06.e2cae8f | Stefano Brivio | 2022-09-07 | 1 | -1/+1 |
* | fedora: Add selinux-policy Requires: tag2022_09_01.7ce9fd1 | Stefano Brivio | 2022-09-02 | 1 | -2/+5 |
* | fedora: Add %dir entries for own SELinux policy directory and documentation | Stefano Brivio | 2022-09-02 | 1 | -3/+5 |
* | podman, slirp4netns.sh: Use --netns option on pasta's command line2022_08_29.0cb795e | Stefano Brivio | 2022-08-30 | 1 | -3/+3 |
* | contrib: Rebase Podman patch to latest upstream | Stefano Brivio | 2022-08-30 | 1 | -47/+47 |
* | fedora: Pass explicit bindir, mandir, docdir, and drop OpenSUSE override | Stefano Brivio | 2022-08-30 | 1 | -5/+1 |
* | fedora: Use full versioning for SELinux subpackage Requires: tag | Stefano Brivio | 2022-08-30 | 1 | -1/+1 |