aimee-os

History

Dustin 2b40255a61 selinux: Simplify policy for init-storage As the scope of Aimee OS grows, and other applications are added to it, the `init-storage` command will have an ever-growing list of file and directory types to copy from the rootfs image. Originally, I wanted to explicitly allow it to only copy files that are found in `/var`, but this will become untenable very quickly. As such, to avoid having to constantly update the SELinux policy for every new application that stores anything in `/var` at install time, the `aimee_storinit_t` domain can now manage all "non-security" files, directories, and symbolic links. This covers pretty much everything in `/var` except `/var/log/audit`, while still excluding the most sensitive files (e.g. `/etc/shadow`),	2023-03-16 18:36:26 -05:00
..
aimee-os	selinux: Simplify policy for init-storage	2023-03-16 18:36:26 -05:00
x-portage	build: Implement CONFIGDIR setting	2023-03-15 21:12:04 -05:00

Dustin 2b40255a61 selinux: Simplify policy for init-storage

As the scope of Aimee OS grows, and other applications are added to it,
the `init-storage` command will have an ever-growing list of file and
directory types to copy from the rootfs image.  Originally, I wanted to
explicitly allow it to only copy files that are found in `/var`, but
this will become untenable very quickly.  As such, to avoid having to
constantly update the SELinux policy for every new application that
stores anything in `/var` at install time, the `aimee_storinit_t` domain
can now manage all "non-security" files, directories, and symbolic
links.  This covers pretty much everything in `/var` except
`/var/log/audit`, while still excluding the most sensitive files (e.g.
`/etc/shadow`),

2023-03-16 18:36:26 -05:00

aimee-os

selinux: Simplify policy for init-storage

2023-03-16 18:36:26 -05:00

x-portage

build: Implement CONFIGDIR setting

2023-03-15 21:12:04 -05:00