From eaaed3bba653e5b4da1fc5aa84ffc52babd8c5d6 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Wed, 8 Oct 2025 12:21:08 +0200
Subject: [PATCH] overlay profiles: Build only the mcs SELinux policy

Building multiple policies is pointless - changing the policy at
runtime would require relabeling the filesystem, which will not work,
because /usr is read-only.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
---
 .../coreos-overlay/profiles/coreos/base/make.defaults         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
index 4594d5905a..6b8593563b 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
@@ -53,8 +53,8 @@ BOOTSTRAP_USE="${BOOTSTRAP_USE} curl_ssl_openssl ssl"
 BOOTSTRAP_USE="${BOOTSTRAP_USE} xml"
 
 # Set SELinux policy
-POLICY_TYPES="targeted mcs mls"
-SELINUX_POLICY_TYPES="targeted mcs mls"
+POLICY_TYPES="mcs"
+SELINUX_POLICY_TYPES="mcs"
 
 # Disable packages or optional features with distribution issues.
 ACCEPT_RESTRICT="* -bindist"