mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-22 15:01:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1335 from marineam/selinux

Browse Source 
selinux: make selinux optional based on USE flags, disable for now.
This commit is contained in:
Michael Marineau 2015-07-02 12:13:59 -07:00
commit 8f935f6ebb
3 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild vendored
View File

@ -9,7 +9,7 @@ HOMEPAGE="http://coreos.com"
LICENSE="GPL-2" LICENSE="GPL-2"
SLOT="0" SLOT="0"
KEYWORDS="amd64 arm arm64 x86" KEYWORDS="amd64 arm arm64 x86"
IUSE="etcd_protocols_1 etcd_protocols_2" IUSE="etcd_protocols_1 etcd_protocols_2 selinux"
################################################################################ ################################################################################
@ -87,6 +87,13 @@ RDEPEND="${RDEPEND}
etcd_protocols_2? ( dev-db/etcd:2 ) etcd_protocols_2? ( dev-db/etcd:2 )
" "
# Optionally enable SELinux and pull in policy for containers
RDEPEND="${RDEPEND}
sys-apps/systemd[selinux?]
selinux? (
sec-policy/selinux-virt
)"
RDEPEND="${RDEPEND} RDEPEND="${RDEPEND}
app-emulation/actool app-emulation/actool
app-emulation/rkt app-emulation/rkt
@ -119,7 +126,6 @@ RDEPEND="${RDEPEND}
net-misc/ntp net-misc/ntp
net-misc/rsync net-misc/rsync
net-misc/wget net-misc/wget
sec-policy/selinux-virt
sys-apps/coreutils sys-apps/coreutils
sys-apps/dbus sys-apps/dbus
sys-apps/ethtool sys-apps/ethtool
@ -136,7 +142,6 @@ RDEPEND="${RDEPEND}
sys-apps/sed sys-apps/sed
sys-apps/seismograph sys-apps/seismograph
sys-apps/shadow sys-apps/shadow
sys-apps/systemd
sys-apps/usbutils sys-apps/usbutils
sys-apps/util-linux sys-apps/util-linux
sys-fs/btrfs-progs sys-fs/btrfs-progs

8
sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass vendored
View File

@ -18,6 +18,7 @@ HOMEPAGE="http://www.kernel.org"
LICENSE="GPL-2 freedist" LICENSE="GPL-2 freedist"
SLOT="0/${PVR}" SLOT="0/${PVR}"
SRC_URI="" SRC_URI=""
IUSE="selinux"
DEPEND="=sys-kernel/coreos-sources-${COREOS_SOURCE_VERSION} DEPEND="=sys-kernel/coreos-sources-${COREOS_SOURCE_VERSION}
sys-kernel/bootengine:=" sys-kernel/bootengine:="
@ -134,6 +135,13 @@ coreos-kernel_src_prepare() {
} }
coreos-kernel_src_configure() { coreos-kernel_src_configure() {
if ! use selinux; then
sed -i -e '/CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE/d' \
"${KBUILD_OUTPUT}/.config" || die
echo CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 >> \
"${KBUILD_OUTPUT}/.config" || die
fi
# Use default for any options not explitly set in defconfig # Use default for any options not explitly set in defconfig
yes "" | kmake oldconfig yes "" | kmake oldconfig

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use vendored
View File

@ -37,7 +37,7 @@ net-analyzer/nmap ncat -lua
app-admin/sudo -sendmail app-admin/sudo -sendmail
# avoid pulling in gnutls, disable gentoo-only bits, enable journal upload # avoid pulling in gnutls, disable gentoo-only bits, enable journal upload
sys-apps/systemd -ssl curl vanilla -lz4 lzma gcrypt selinux sys-apps/systemd -ssl curl vanilla -lz4 lzma gcrypt
# disable kernel config detection and module building # disable kernel config detection and module building
net-firewall/ipset -modules net-firewall/ipset -modules