From 2d6e8046d8803d839685597cdf3d599758a4b3bd Mon Sep 17 00:00:00 2001
From: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Date: Fri, 29 Nov 2024 09:48:48 +0100
Subject: [PATCH] sec-policy/selinux-docker: add selinux-docker

This is missing for containerd and docker labels:

Current:
```
$ selabel_lookup -k /usr/bin/docker
Default context: system_u:object_r:bin_t:s0
```

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
---
 .../workflows/portage-stable-packages-list    |  1 +
 .../coreos-base/coreos/coreos-0.0.1.ebuild    |  1 +
 .../sec-policy/selinux-docker/Manifest        |  4 ++++
 .../sec-policy/selinux-docker/metadata.xml    |  8 +++++++
 .../selinux-docker-2.20240226-r2.ebuild       | 21 +++++++++++++++++++
 .../selinux-docker-2.20240916-r1.ebuild       | 21 +++++++++++++++++++
 .../selinux-docker/selinux-docker-9999.ebuild | 21 +++++++++++++++++++
 7 files changed, 77 insertions(+)
 create mode 100644 sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/Manifest
 create mode 100644 sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/metadata.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/selinux-docker-2.20240226-r2.ebuild
 create mode 100644 sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/selinux-docker-2.20240916-r1.ebuild
 create mode 100644 sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/selinux-docker-9999.ebuild

diff --git a/.github/workflows/portage-stable-packages-list b/.github/workflows/portage-stable-packages-list
index 6894ad7faa..9d759e49d0 100644
--- a/.github/workflows/portage-stable-packages-list
+++ b/.github/workflows/portage-stable-packages-list
@@ -559,6 +559,7 @@ sec-policy/selinux-base
 sec-policy/selinux-base-policy
 sec-policy/selinux-container
 sec-policy/selinux-dbus
+sec-policy/selinux-docker
 sec-policy/selinux-policykit
 sec-policy/selinux-sssd
 sec-policy/selinux-unconfined
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
index bfe8b96ed1..c6f0d49527 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
@@ -148,6 +148,7 @@ RDEPEND="${RDEPEND}
 	sec-policy/selinux-base-policy
 	sec-policy/selinux-container
 	sec-policy/selinux-dbus
+	sec-policy/selinux-docker
 	sec-policy/selinux-policykit
 	sec-policy/selinux-unconfined
 	sys-apps/acl
diff --git a/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/Manifest b/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/Manifest
new file mode 100644
index 0000000000..5727621b3a
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/Manifest
@@ -0,0 +1,4 @@
+DIST patchbundle-selinux-base-policy-2.20240226-r2.tar.bz2 442650 BLAKE2B f2f7c5e4a595afafc072fd78fc4ef3930cf739d05cbe9670f2fb2956fe84e3045518345e103bc3880603d2562f06ba0597fc005d8d394e9f8cd057363f9bf95f SHA512 2cb00d088eebdb098a6496f156eeb3dcee026fc6e53d732bac5bc8a4cfee1ce3bf2bdbbbfbbe9bba237d61c06f299d96bb9d123a57a44aaaa17cc122e15ea268
+DIST patchbundle-selinux-base-policy-2.20240916-r1.tar.bz2 274891 BLAKE2B 72b8181424450998164979ab582e8edee6d73b9110b4535e7880d1f7c989bd0ac391422872858da7bad3e3d77516996af93aa2f149f7d4a7f8fd329c481964cf SHA512 fd8259c91cc779301d6e0964827133529a9141dc235301da135210ea4359b800023848a25e33c45678477fa4f54e75da51be9ec85a3bed8b07cf5487e73b84f3
+DIST refpolicy-2.20240226.tar.bz2 610561 BLAKE2B 5dc54dcf7238776d4e4b282c1dcbc499f45c0d96676dbf931da39592854034874b5dd6197a2e2776fccec5106d5f245eea3fb9419959bd4d61e9b2c12aeaaa85 SHA512 896a57afb024bd131f25d2831a9a5ac90ee7e5d76b0565bc818c156f6c310d86758bcd4cedbd9df5b29954c9a92a42300d16685a7e07a5efd8f789320724b3f9
+DIST refpolicy-2.20240916.tar.bz2 618218 BLAKE2B d86ca75d254eef10f4aa57ef3977825211200cdf1eaa9bf9d416c9a52acee476b3f8719c3b0c8c17fdff2abc0c396989961e37e313a7b3bd3b4b0266a6280e75 SHA512 a8b6c90f8e186796b4c7db1e2d8ed3c3b8690bb5b8f180dcb6d5468ba80467e2969012c4edddf74429c0f5ce900d68fbbc0c2f8e253165af28f93f191039f064
diff --git a/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/metadata.xml b/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/metadata.xml
new file mode 100644
index 0000000000..781bc07e6d
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="project">
+		<email>selinux@gentoo.org</email>
+		<name>SELinux Team</name>
+	</maintainer>
+</pkgmetadata>
diff --git a/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/selinux-docker-2.20240226-r2.ebuild b/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/selinux-docker-2.20240226-r2.ebuild
new file mode 100644
index 0000000000..f8e3f816a1
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/selinux-docker-2.20240226-r2.ebuild
@@ -0,0 +1,21 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+MODS="docker"
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for docker"
+
+if [[ ${PV} != 9999* ]] ; then
+	KEYWORDS="amd64 arm arm64 x86"
+fi
+
+DEPEND="${DEPEND}
+	sec-policy/selinux-container
+"
+RDEPEND="${RDEPEND}
+	sec-policy/selinux-container
+"
diff --git a/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/selinux-docker-2.20240916-r1.ebuild b/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/selinux-docker-2.20240916-r1.ebuild
new file mode 100644
index 0000000000..f8e3f816a1
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/selinux-docker-2.20240916-r1.ebuild
@@ -0,0 +1,21 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+MODS="docker"
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for docker"
+
+if [[ ${PV} != 9999* ]] ; then
+	KEYWORDS="amd64 arm arm64 x86"
+fi
+
+DEPEND="${DEPEND}
+	sec-policy/selinux-container
+"
+RDEPEND="${RDEPEND}
+	sec-policy/selinux-container
+"
diff --git a/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/selinux-docker-9999.ebuild b/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/selinux-docker-9999.ebuild
new file mode 100644
index 0000000000..2c75223af5
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sec-policy/selinux-docker/selinux-docker-9999.ebuild
@@ -0,0 +1,21 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+MODS="docker"
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for docker"
+
+if [[ ${PV} != 9999* ]] ; then
+	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+fi
+
+DEPEND="${DEPEND}
+	sec-policy/selinux-container
+"
+RDEPEND="${RDEPEND}
+	sec-policy/selinux-container
+"