0ec698fbc6
* Add prototype SELinux auto configure * Add 'force_enforcing' option for SELinux * Fix setools-console tools. * Enable SELinux by default (permissive mode) on all images. Drop build system unit test as it breaks with SELinux enabled on core-efi. * selinux-policy: Update to 2.20210908. * Update to 2.20220106. Implement policy for systemd-homed and systemd-userdbd. * Fix RPM changelog date. * Finalize systemd-homed policy. * Change SELinux enablement to not affect CONFIG_LSM. * Document build settings * Update cgmanifest * Update toolkit/docs/formats/imageconfig.md Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com> * audit: Remove override so auditd starts by default. * Add IsValid() call for SELinux inKkernelCommandLine * Add unit test for missing selinux package * Fix debug output for selinux setfiles Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com> Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| 0001-Makefile-Revise-relabel-targets-to-relabel-all-secla.patch | ||
| 0002-cronyd-Add-dac_read_search.patch | ||
| 0003-Temporary-fix-for-wrong-audit-log-directory.patch | ||
| 0004-Set-default-login-to-unconfined_u.patch | ||
| 0005-systemd-Add-systemd-homed-and-systemd-userdbd.patch | ||
| 0006-systemd-ssh-Crypto-sysctl-use.patch | ||
| 0007-systemd-Additional-fixes-for-fs-getattrs.patch | ||
| 0008-systemd-Updates-for-generators-and-kmod-static-nodes.patch | ||
| Makefile.devel | ||
| booleans_targeted.conf | ||
| selinux-policy.signatures.json | ||
| selinux-policy.spec | ||