From 862ca0164c9c79dadb82ed980faaa2db83a1883a Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 23 Apr 2025 18:01:32 +0200 Subject: [PATCH] overlay profiles: Clean up selinux enabling Not needed given that we have switched to selinux profile, which enables selinux USE. Signed-off-by: Krzesimir Nowak --- .../profiles/coreos/base/package.use | 24 ++++--------------- .../profiles/coreos/base/use.mask | 3 --- 2 files changed, 4 insertions(+), 23 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index bad964ff16..6657014b87 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -29,8 +29,8 @@ dev-vcs/git -perl -iconv app-admin/sudo -sendmail # disable hybrid cgroup as we use the unified mode now -# use lzma which is the default on non-gentoo systems, enable selinux, -sys-apps/systemd -cgroup-hybrid curl idn lzma selinux tpm +# use lzma which is the default on non-gentoo systems, +sys-apps/systemd -cgroup-hybrid curl idn lzma tpm net-libs/libmicrohttpd -ssl # disable kernel config detection and module building @@ -59,7 +59,7 @@ sys-libs/glibc nscd dev-libs/cyrus-sasl kerberos -gdbm # don't build manpages for sssd -sys-auth/sssd -python samba kerberos gssapi ssh selinux +sys-auth/sssd -python samba kerberos gssapi ssh # enable logging command-line options in update_engine dev-cpp/glog gflags @@ -72,20 +72,7 @@ sys-fs/quota rpc sys-apps/portage -xattr -rsync-verify # Enable -M and -Z flags; -M is used by mayday -sys-process/lsof rpc selinux - -# Enable SELinux for all targets -coreos-base/coreos selinux -sys-apps/dbus selinux - -# Enable SELinux for coreutils -sys-apps/coreutils selinux - -# Enable SELinux for tar -app-arch/tar selinux - -# Enable SELinux for runc -app-containers/runc selinux +sys-process/lsof rpc # enable regular expression processing in jq app-misc/jq oniguruma @@ -137,9 +124,6 @@ dev-libs/libpcre2 -pcre16 -pcre32 unicode # smi and ssl, no clue. net-analyzer/tcpdump -ssl -smi -samba -# selinux: to find files with a particular SElinux label -sys-apps/findutils selinux - # Flatcar defaults formerly defined in coreos-overlay ebuilds app-containers/containerd btrfs device-mapper app-containers/docker btrfs overlay seccomp diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.mask index 930f943f47..d8002ac04e 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.mask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/use.mask @@ -1,9 +1,6 @@ # Never enable experimental code kdbus -# Unmask selinux so it can be enabled selectively in package.use --selinux - # We don't care about i10n, takes too much space, pulls in too many # extra dependencies. nls