refpolicy
refpolicy copied to clipboard
SELinuxProject
SELinux Reference Policy v2
1. When I use permissive mode, I collect all the deny information in the auth.log and make it pass in the policy. 2. After I used permissive mode with no...
Add task SID labeling for `pidfs`, which is the new backing pseudo filesystem for `pidfd`s. The existing rules will allow domains to open pidfds and use them internally, but other...
A few various fixes, notably: - let `podman auto-update` restart containers spawned by quadlet - allow haproxy to be run interactively - allow kubelet to create subPath directories on not...
As mentioned in https://github.com/SELinuxProject/refpolicy/pull/793, OpenSSH is reworking the `sshd` binary by splitting some of its functionality into separate components. This started with OpenSSH 9.8 by splitting the SSH protocol and...
I'm seeing the following error when running validate-appconfig.py. I'm on a RHEL9 system. Validating clip file contexts. /sbin/setfiles -q -c tmp/policy.bin tmp/all_mods.fc Validating clip appconfig. python3 -bb -t -t -E...
Add the netlink_xperm policy capability and nlmsg permission definitions. The policy capability is commented-out/disabled by default. Enabling it will require the next release version of libsepol (3.8+) and the next...
New validations: * default_type * failsafe_context * default_contexts * seuser default_contexts Additionally add GitHub annotations to logging.
Hi! I'm looking to add support for the dinit init system and service manager to the refpolicy. I had a few questions along the way, so I thought I would...
