mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-21 22:41:09 +02:00
Merge pull request #1335 from marineam/selinux
selinux: make selinux optional based on USE flags, disable for now.
This commit is contained in:
commit
8f935f6ebb
@ -9,7 +9,7 @@ HOMEPAGE="http://coreos.com"
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
KEYWORDS="amd64 arm arm64 x86"
|
||||
IUSE="etcd_protocols_1 etcd_protocols_2"
|
||||
IUSE="etcd_protocols_1 etcd_protocols_2 selinux"
|
||||
|
||||
|
||||
################################################################################
|
||||
@ -87,6 +87,13 @@ RDEPEND="${RDEPEND}
|
||||
etcd_protocols_2? ( dev-db/etcd:2 )
|
||||
"
|
||||
|
||||
# Optionally enable SELinux and pull in policy for containers
|
||||
RDEPEND="${RDEPEND}
|
||||
sys-apps/systemd[selinux?]
|
||||
selinux? (
|
||||
sec-policy/selinux-virt
|
||||
)"
|
||||
|
||||
RDEPEND="${RDEPEND}
|
||||
app-emulation/actool
|
||||
app-emulation/rkt
|
||||
@ -119,7 +126,6 @@ RDEPEND="${RDEPEND}
|
||||
net-misc/ntp
|
||||
net-misc/rsync
|
||||
net-misc/wget
|
||||
sec-policy/selinux-virt
|
||||
sys-apps/coreutils
|
||||
sys-apps/dbus
|
||||
sys-apps/ethtool
|
||||
@ -136,7 +142,6 @@ RDEPEND="${RDEPEND}
|
||||
sys-apps/sed
|
||||
sys-apps/seismograph
|
||||
sys-apps/shadow
|
||||
sys-apps/systemd
|
||||
sys-apps/usbutils
|
||||
sys-apps/util-linux
|
||||
sys-fs/btrfs-progs
|
||||
|
@ -18,6 +18,7 @@ HOMEPAGE="http://www.kernel.org"
|
||||
LICENSE="GPL-2 freedist"
|
||||
SLOT="0/${PVR}"
|
||||
SRC_URI=""
|
||||
IUSE="selinux"
|
||||
|
||||
DEPEND="=sys-kernel/coreos-sources-${COREOS_SOURCE_VERSION}
|
||||
sys-kernel/bootengine:="
|
||||
@ -134,6 +135,13 @@ coreos-kernel_src_prepare() {
|
||||
}
|
||||
|
||||
coreos-kernel_src_configure() {
|
||||
if ! use selinux; then
|
||||
sed -i -e '/CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE/d' \
|
||||
"${KBUILD_OUTPUT}/.config" || die
|
||||
echo CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 >> \
|
||||
"${KBUILD_OUTPUT}/.config" || die
|
||||
fi
|
||||
|
||||
# Use default for any options not explitly set in defconfig
|
||||
yes "" | kmake oldconfig
|
||||
|
||||
|
@ -37,7 +37,7 @@ net-analyzer/nmap ncat -lua
|
||||
app-admin/sudo -sendmail
|
||||
|
||||
# avoid pulling in gnutls, disable gentoo-only bits, enable journal upload
|
||||
sys-apps/systemd -ssl curl vanilla -lz4 lzma gcrypt selinux
|
||||
sys-apps/systemd -ssl curl vanilla -lz4 lzma gcrypt
|
||||
|
||||
# disable kernel config detection and module building
|
||||
net-firewall/ipset -modules
|
||||
|
Loading…
x
Reference in New Issue
Block a user