From 4aed2a5403c353e59a0194e43fc1161d663525c4 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Tue, 5 Dec 2023 15:59:11 +0100 Subject: [PATCH] overlay coreos/user-patches: Shuffle the SELinux patches All the sec-policy/selinux-* packages contain policies from the same tarball. Which means that for the sake of consistency we should be applying our patches for every sec-policy/selinux- package. Currently we have six such packages, so for each of those packages have a symlink that points to the common selinux patches directory. --- .../0001-policy-modules-kernel-all-more-actions-for-kernel.patch | 0 .../container.patch | 0 .../files-relabel.patch | 0 .../{selinux-base => flatcar-selinux-patches}/icmp-bind.patch | 0 .../{selinux-base-policy => flatcar-selinux-patches}/init.patch | 0 .../locallogin.patch | 0 .../logging.patch | 0 .../{selinux-base-policy => flatcar-selinux-patches}/ping.patch | 0 .../coreos-overlay/coreos/user-patches/sec-policy/selinux-base | 1 + .../coreos/user-patches/sec-policy/selinux-base-policy | 1 + .../coreos/user-patches/sec-policy/selinux-container | 1 + .../coreos-overlay/coreos/user-patches/sec-policy/selinux-dbus | 1 + .../coreos-overlay/coreos/user-patches/sec-policy/selinux-sssd | 1 + .../coreos/user-patches/sec-policy/selinux-unconfined | 1 + 14 files changed, 6 insertions(+) rename sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/{selinux-base => flatcar-selinux-patches}/0001-policy-modules-kernel-all-more-actions-for-kernel.patch (100%) rename sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/{selinux-container => flatcar-selinux-patches}/container.patch (100%) rename sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/{selinux-base => flatcar-selinux-patches}/files-relabel.patch (100%) rename sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/{selinux-base => flatcar-selinux-patches}/icmp-bind.patch (100%) rename sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/{selinux-base-policy => flatcar-selinux-patches}/init.patch (100%) rename sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/{selinux-base-policy => flatcar-selinux-patches}/locallogin.patch (100%) rename sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/{selinux-base-policy => flatcar-selinux-patches}/logging.patch (100%) rename sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/{selinux-base-policy => flatcar-selinux-patches}/ping.patch (100%) create mode 120000 sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base create mode 120000 sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy create mode 120000 sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-container create mode 120000 sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-dbus create mode 120000 sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-sssd create mode 120000 sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-unconfined diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base/0001-policy-modules-kernel-all-more-actions-for-kernel.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/0001-policy-modules-kernel-all-more-actions-for-kernel.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base/0001-policy-modules-kernel-all-more-actions-for-kernel.patch rename to sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/0001-policy-modules-kernel-all-more-actions-for-kernel.patch diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-container/container.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/container.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-container/container.patch rename to sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/container.patch diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base/files-relabel.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/files-relabel.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base/files-relabel.patch rename to sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/files-relabel.patch diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base/icmp-bind.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/icmp-bind.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base/icmp-bind.patch rename to sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/icmp-bind.patch diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy/init.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/init.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy/init.patch rename to sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/init.patch diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy/locallogin.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/locallogin.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy/locallogin.patch rename to sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/locallogin.patch diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy/logging.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/logging.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy/logging.patch rename to sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/logging.patch diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy/ping.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/ping.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy/ping.patch rename to sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/ping.patch diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base new file mode 120000 index 0000000000..283011aeaf --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base @@ -0,0 +1 @@ +flatcar-selinux-patches \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy new file mode 120000 index 0000000000..283011aeaf --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy @@ -0,0 +1 @@ +flatcar-selinux-patches \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-container b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-container new file mode 120000 index 0000000000..283011aeaf --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-container @@ -0,0 +1 @@ +flatcar-selinux-patches \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-dbus b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-dbus new file mode 120000 index 0000000000..283011aeaf --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-dbus @@ -0,0 +1 @@ +flatcar-selinux-patches \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-sssd b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-sssd new file mode 120000 index 0000000000..283011aeaf --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-sssd @@ -0,0 +1 @@ +flatcar-selinux-patches \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-unconfined b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-unconfined new file mode 120000 index 0000000000..283011aeaf --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-unconfined @@ -0,0 +1 @@ +flatcar-selinux-patches \ No newline at end of file