Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

init: optionally load the system SELinux policy #400

Open
wants to merge 68 commits into
base: master
Choose a base branch
from
Open

init: optionally load the system SELinux policy #400

Changes from 1 commit
Commits
Show all changes
68 commits
Select commit Hold shift + click to select a range
69d80f4
init: optionally load the system SELinux policy
WavyEbuilder Oct 15, 2024
0a5f876
mark selinux_transition as static
WavyEbuilder Oct 19, 2024
c465b81
BUILD_MESON: add selinux option documentation
WavyEbuilder Oct 19, 2024
6063686
init: selinux: add --disable-selinux
WavyEbuilder Oct 19, 2024
57b94a2
doc: manpages: mention --disable-selinux flag
WavyEbuilder Oct 19, 2024
6910b6d
init: selinux: fix header guards
WavyEbuilder Oct 19, 2024
67c3d8b
build: docs: add SUPPORT_SELINUX info
WavyEbuilder Oct 23, 2024
55b82d8
init: rename --disable-selinux option to --disable-selinux-policy
WavyEbuilder Oct 23, 2024
15e2f6e
selinux: add explanatory comments for selinux related functions
WavyEbuilder Oct 26, 2024
ca63b57
configure: update help text for selinux options
WavyEbuilder Oct 26, 2024
159ffac
printVersion: add selinux information to output
WavyEbuilder Oct 26, 2024
0e959a7
selinux: update comments
WavyEbuilder Oct 27, 2024
a40f43a
meson.build: clean up selinux related options
WavyEbuilder Oct 27, 2024
7d88201
meson.build: rename libselinux dependency to libselinux_dep
WavyEbuilder Oct 27, 2024
157a78a
meson: refractor mconfig logic for selinux
WavyEbuilder Oct 27, 2024
01640d8
configure: update --enable-selinux help text
WavyEbuilder Oct 31, 2024
a8ecd7d
doc: manpages: update --disable-selinux flag to --disable-selinux-policy
WavyEbuilder Oct 31, 2024
10c8198
dinit.cc: fix line wrapping for comments per CODE-STYLE
WavyEbuilder Oct 31, 2024
e4b5b3e
dinit.cc: selinux_transition: clarify comment regarding the log
WavyEbuilder Oct 31, 2024
02b93a8
selinux_transition: clean up comment per CODE-STYLE
WavyEbuilder Nov 2, 2024
66be73d
selinux_transition: log error and return early for permissive
WavyEbuilder Nov 2, 2024
e06e054
selinux_transition: check that getcon_raw(3) doesn't return nullptr
WavyEbuilder Nov 8, 2024
4bf712a
selinux_transition: clarify kernel context in comment
WavyEbuilder Nov 8, 2024
eadc90c
selinux_transition: be more specific in comment
WavyEbuilder Nov 8, 2024
86a9f0c
selinux_transition: fix line wrapping for comments
WavyEbuilder Nov 8, 2024
8737eef
selinux_transition: correct check for getcon_raw(3) return value
WavyEbuilder Nov 11, 2024
f093426
selinux_transition: don't exit if we are unable to transition
WavyEbuilder Nov 11, 2024
e40b38e
selinux_transition: always error exit if we fail to load the policy
WavyEbuilder Nov 11, 2024
a6af309
selinux_transition: update comments to reflect the current control flow
WavyEbuilder Nov 11, 2024
25eb167
selinux_transition: fix grammar in comment
WavyEbuilder Nov 11, 2024
d90b013
selinux_transition: improve wording for comment
WavyEbuilder Nov 11, 2024
1f2f7cf
selinux_transition: document the mounting of /sys
WavyEbuilder Nov 11, 2024
ab15586
selinux_transition: reformat if statement per CODE-STYLE
WavyEbuilder Nov 11, 2024
90b789b
selinux_transition: clarify policy choice for inital domain in comment
WavyEbuilder Nov 11, 2024
c0cef53
selinux_transition: reword comment about pitfalls of getcon_raw(3)
WavyEbuilder Dec 18, 2024
2a6af9d
selinux_transition: cleanroom rewrite of getcon_raw(3) comment
WavyEbuilder Dec 18, 2024
ef2c41f
selinux_transition: use correct variable naming in comments
WavyEbuilder Dec 18, 2024
8f1ac95
selinux_transition: add attribution to getcon_raw(3) comment
WavyEbuilder Dec 18, 2024
64ec986
selinux: new documentation
WavyEbuilder Dec 18, 2024
266cc8c
selinux: correct flowchart in documentation
WavyEbuilder Dec 18, 2024
cec70a6
selinux_transition: fix formatting by placing opening { on a new line
WavyEbuilder Dec 18, 2024
4774421
selinux: document flag to disable policy loading
WavyEbuilder Dec 18, 2024
38fdef4
selinux: document mounting of /sys
WavyEbuilder Dec 18, 2024
b7ef63a
Merge branch 'master' into master
WavyEbuilder Dec 18, 2024
7d5ac36
meson.build: fix dependencies for libselinux_dep
WavyEbuilder Dec 18, 2024
c502a07
dinit.cc: add missing #endif directive for SUPPORT_SELINUX #ifdef
WavyEbuilder Dec 18, 2024
6f3f5cd
meson.build: remove old cgroup-related changes
WavyEbuilder Dec 18, 2024
4a5d7c1
meson.build: force SUPPORT_SELINUX mconfig variable for support-selinux
WavyEbuilder Dec 18, 2024
350fed8
configure: remove deprecated arguments
WavyEbuilder Dec 18, 2024
376c1cc
configure: fix to align with current upstream/master
WavyEbuilder Dec 18, 2024
5d143f4
feature_count: bump on SUPPORT_SELINUX
WavyEbuilder Dec 18, 2024
cc8bcb7
selinux_transition: add base for mounting /proc
WavyEbuilder Dec 18, 2024
653ecf4
selinux_transition: don't use type inference for errno_str
WavyEbuilder Dec 18, 2024
46ac998
selinux_transition: remove TODO for relabeling /proc
WavyEbuilder Jan 10, 2025
1a79e2f
doc: add SELinux related support to manpages
WavyEbuilder Jan 10, 2025
46331bf
doc: update SELinux flowchart to include mounting of /proc
WavyEbuilder Jan 10, 2025
26c1855
configure: sync to latest in davmac314/dinit
WavyEbuilder Jan 10, 2025
c2cf2f9
dinit: fix formatting in manpages
WavyEbuilder Jan 17, 2025
f360aff
manpages: fix typo
WavyEbuilder Jan 17, 2025
9260c20
docs: SELinux: refer to Dinit the project with a capital D
WavyEbuilder Jan 31, 2025
0f114a6
docs: SELinux: link to SELinux notebook
WavyEbuilder Jan 31, 2025
c5b6aae
docs: SELinux: link to build documentation
WavyEbuilder Jan 31, 2025
6be8175
selinux_transition: update comment wording to note relevant manpage
WavyEbuilder Jan 31, 2025
a3062d7
selinux_transition: mention SELinux in log output
WavyEbuilder Jan 31, 2025
3b674b3
selinux_transition: fix formatting
WavyEbuilder Jan 31, 2025
7e52501
selinux_transition: only bail early if enforcing mode requested
WavyEbuilder Jan 31, 2025
ed2a166
selinux_transition: stop attempting to create /proc if it doesn't exist
WavyEbuilder Feb 1, 2025
7a843a0
selinux_transition: clarify mounting behaviour in comment
WavyEbuilder Feb 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
doc: add SELinux related support to manpages 
Signed-off-by: Rahul Sandhu <[email protected]>
  • Loading branch information
@WavyEbuilder
WavyEbuilder committed Jan 10, 2025
commit 1a79e2f60cc45c01370cddf8992d2bf41dec1805
9 changes: 9 additions & 0 deletions doc/manpages/dinit.8.m4
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,15 @@ There are several ways to work around this.
Service names following the \fB\-\-container\fR (\fB\-o\fR) or \fB\-\-system\-mgr\fR (\fB\-m\fR) options are not ignored.
Also, the \fB\-\-service\fR (\fB\-t\fR) option can be used to force a service name to be recognised regardless of operating mode.
.\"
.SH SELINUX SUPPORT
.LP
When running as PID 1 on a SELinux enabled machine, \fBdinit\fR will by default load the system's SELinux policy. This behaviour
can be disabled by passing \fB\-\-disable\-selinux\-policy\fR to dinit through the kernel cmdline.
.LP
When loading the SELinux policy, dinit will automatically mount a few special filesystems needed to successfully load the policy.
\fBsysfs\fR will be mounted at \fB/sys\fR, and \fBselinuxfs\fR will be mounted at \fB/sys/fs/selinux\fR. \fBdinit\fR will not unmount either.
\fBprocfs\fR will also be mounted at \fB/proc\fR, but \fB/dinit\fR will unmount it when done with it.
.\"
.SH FILES
.\"
.TP
Expand Down