mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-11-28 14:01:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

sec-policy/selinux-virt: drop ebuild

Browse Source 
it's now replaced by selinux-container

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
This commit is contained in:
Mathieu Tortuyaux 2023-06-14 09:47:10 +02:00
parent 2af995d2dc
commit 1e2b1c999d
No known key found for this signature in database
GPG Key ID: AC5CCFB52545D9B8
7 changed files with 0 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild vendored
View File

@ -144,7 +144,6 @@ RDEPEND="${RDEPEND}
net-misc/wget
net-misc/whois
net-vpn/wireguard-tools
sec-policy/selinux-virt
sec-policy/selinux-base
sec-policy/selinux-base-policy
sec-policy/selinux-unconfined

4
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/Manifest vendored
View File

@ -1,4 +0,0 @@
DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3
DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff
DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc

45
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.patch vendored
View File

@ -1,45 +0,0 @@
index 4943ad79d..8b0ed779e 100644
--- services/virt.te
+++ services/virt.te
@@ -1377,3 +1377,41 @@ sysnet_dns_name_resolve(virtlogd_t)
virt_manage_log(virtlogd_t)
virt_read_config(virtlogd_t)
+
+require {
+ type kernel_t;
+ type tmpfs_t;
+ type var_lib_t;
+}
+allow kernel_t svirt_lxc_net_t:process transition;
+allow initrc_t svirt_lxc_net_t:process transition;
+allow kernel_t svirt_lxc_net_t:process2 nnp_transition;
+fs_manage_tmpfs_chr_files(svirt_lxc_net_t)
+fs_manage_tmpfs_dirs(svirt_lxc_net_t)
+fs_manage_tmpfs_files(svirt_lxc_net_t)
+fs_manage_tmpfs_sockets(svirt_lxc_net_t)
+fs_manage_tmpfs_symlinks(svirt_lxc_net_t)
+fs_remount_tmpfs(svirt_lxc_net_t)
+kernel_read_messages(svirt_lxc_net_t)
+kernel_sigchld(svirt_lxc_net_t)
+kernel_use_fds(svirt_lxc_net_t)
+allow svirt_lxc_net_t self:process getcap;
+files_read_var_lib_files(svirt_lxc_net_t)
+files_read_var_lib_symlinks(svirt_lxc_net_t)
+term_use_generic_ptys(svirt_lxc_net_t)
+term_setattr_generic_ptys(svirt_lxc_net_t)
+allow svirt_lxc_net_t tmpfs_t:chr_file { read write open };
+allow svirt_lxc_net_t svirt_lxc_file_t:chr_file { manage_file_perms };
+allow svirt_lxc_net_t self:capability sys_chroot;
+allow svirt_lxc_net_t self:process getpgid;
+allow svirt_lxc_net_t svirt_lxc_file_t:file { entrypoint mounton };
+allow svirt_lxc_net_t var_lib_t:file { entrypoint execute execute_no_trans };
+allow svirt_lxc_net_t kernel_t:fifo_file { getattr ioctl read write open append };
+allow svirt_lxc_net_t initrc_t:fifo_file { getattr ioctl read write open append };
+filetrans_pattern(kernel_t, etc_t, svirt_lxc_file_t, dir, "cni");
+
+# this is required by flanneld
+allow svirt_lxc_net_t kernel_t:system { module_request };
+
+# required by flanneld to write into /run/flannel/subnet.env
+filetrans_pattern(kernel_t, var_run_t, svirt_lxc_file_t, dir, "flannel");

8
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/metadata.xml vendored
View File

@ -1,8 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>selinux@gentoo.org</email>
<name>SELinux Team</name>
</maintainer>
</pkgmetadata>

18
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20200818-r2.ebuild vendored
View File

@ -1,18 +0,0 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
IUSE=""
MODS="virt"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for virt"
# flatcar changes
POLICY_PATCH="${FILESDIR}/virt.patch"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="amd64 -arm ~arm64 ~mips x86"
fi

15
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20210203-r1.ebuild vendored
View File

@ -1,15 +0,0 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
IUSE=""
MODS="virt"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for virt"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
fi

15
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-9999.ebuild vendored
View File

@ -1,15 +0,0 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
IUSE=""
MODS="virt"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for virt"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
fi