Merge pull request #1466 from mjg59/selinux

Build an selinux-capable image

sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use

@@ -3,6 +3,7 @@
 
 app-admin/rsyslog	-ssl
 app-editors/vim		minimal
+coreos-base/coreos	selinux
 dev-lang/python		-berkdb gdbm
 dev-libs/dbus-glib	tools
 dev-libs/elfutils	-utils
@@ -15,15 +16,18 @@ net-misc/dhcp	        -server
 net-misc/iperf		threads
 net-misc/ntp            caps
 sys-apps/busybox	-pam -selinux
+sys-apps/dbus		selinux
 sys-apps/smartmontools	minimal
 sys-block/parted        device-mapper
 sys-fs/lvm2		-lvm1 -readline
+sys-kernel/coreos-kernel selinux
 sys-libs/ncurses	minimal
 sys-libs/pam        -berkdb
 sys-libs/gdbm		berkdb
 
 # enable journal gateway and container features, avoid pulling in gnutls
-sys-apps/systemd audit importd http nat -ssl
+sys-apps/systemd audit importd http nat -ssl selinux
+
 net-libs/libmicrohttpd -ssl
 
 sys-boot/syslinux       -custom-cflags

sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.8.16-r2.ebuild

@@ -37,9 +37,7 @@ DEPEND="${CDEPEND}
 		>=dev-libs/glib-2.24
 		${PYTHON_DEPS}
 		)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-dbus )
-"
+RDEPEND="${CDEPEND}"
 
 DOC_CONTENTS="
 	Some applications require a session bus in addition to the system

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/files/amd64_defconfig-4.1

@@ -923,8 +923,8 @@ CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_SELINUX_DISABLE=n
 # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
 CONFIG_CRYPTO_CRC32C_INTEL=m
 CONFIG_CRYPTO_SHA1_SSSE3=m