mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-04-15 10:31:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
34,869 Commits 645 Branches 423 Tags
Commit Graph

34869 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Krzesimir Nowak
b3fbf3df58 overlay coreos/config: Add pam_selinux to systemd PAM configs 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
3f52571c6f overlay profiles: Drop sec-policy/selinux-ntp from package.provided 
We have pulled enough policies for the build problem to go away.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
88c7bcb097 overlay coreos/user-patches: Drop systemd patches related to SELinux issues 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
42ea00ec5e overlay coreos/user-patches: Add a patch for crossdev 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
053f9be6d8 HACK: sys-libs/glibc: Enable selinux even when cross-compiling 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
7871c11903 overlay coreos-base/coreos: Add more selinux policy packages 
Some of those policies are pulled in by sysext packages. We want the
policies to be in the base image, so we can build them and be
applicable for sysext contents.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
5aa4b7da2a build_library: Forbid SELinux policy packages in sysexts 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
b84b28dc9d build_sysext: Allow specifying forbidden packages in sysexts 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
b55be6f0d1 build_library: Relabel the whole filesystem 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
aaf5ccb019 build_library: Fix pkg_use_enabled 
"equery uses" ignores forced or masked USE flags by default. In our
case, the selinux USE flag is forced, so stop ignoring it with
--forced-masked flag. Update the regexp to catch the forced USE flags
too and modernize the function a bit.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
4008a89cd8 build_library: Building selinux policy 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
4cd4262521 overlay profiles: Move python from package.mask to package.provided for prod 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
bc301db1ed build_toolchains: Break dep loop and handle more dependencies 
Switching to a selinux profile caused more USE flags to be enabled
(selinux, audit, caps), thus more dependencies to be pulled. More
dependencies caused two things:

- cyclic dependencies appeared
- sys-apps/baselayout is being pulled in

Cyclic dependencies need to be handled in a similar way it was done in
build_packages, thus factor out the code doing it into a separate and
reusable part.

The dependency on baselayout needs to be handled by installing the
package as a first thing in $ROOT, followed by a more careful way of
copying things from $SYSROOT to $ROOT (due to split-usr differences),
followed by installing the rest of the packages.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
fe256e30b2 build_toolchain: Do not leak variables 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
14b977cb4f overlay profiles: Force static-libs on sys-libs/libsepol to fix bootstrap 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
d1997dbc08 overlay coreos/config: Add further Flatcar modifications for sys-apps/policycoreutils 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
764f4ede10 overlay profiles: Allow python for sys-process/audit 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
ab815e4de8 overlay coreos/config: Add further modifications to sys-process/audit 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
c868368282 .github: Add dev-python/networkx to automation 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
ad502e0a96 dev-python/networkx: Add from Gentoo 
It's from Gentoo commit 2d25fad95cbaa525c8945d8e582c749d49524f49.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
a78d7205b8 .github: Add sys-apps/selinux-python to automation 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
81a1248220 sys-apps/selinux-python: Add from Gentoo 
It's from Gentoo commit 1f169055faba2cf169efde90fc70c0c2c657204e.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
5181de137c overlay profiles: Do not pull app-admin/setools into prod images 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
da96fc636e .github: Add app-admin/setools to automation 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
7017e066d9 app-admin/setools: Add from Gentoo 
It's from Gentoo commit e96f3f5c911c831949de872f43bbb4ebd511fadb.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
e63aaa2680 overlay coreos/user-patches: Drop a patch for sys-libs/libsemanage 
We apply the fix in a different way.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
b677dcc5a0 overlay coreos/config: Add python stuff to install mask for prod images 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
0d02b23d97 .github: Add sys-apps/policycoreutils to automation 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
6a0a9c6295 sys-apps/policycoreutils: Sync with Gentoo 
It's from Gentoo commit ef1013be87a2c4ede3d16c2557881505b93c3996.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
6ed7455518 overlay sys-apps/policycoreutils: Move to portage-stable 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
ef87014121 .github: Add sys-libs/libsemanage to automation 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
b8f205f41f sys-libs/libsemanage: Sync with Gentoo 
It's from Gentoo commit 2a36cce420348509e5c8a75d75647c200f39b2bc.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:09 +01:00
Krzesimir Nowak
c5efcd696d overlay sys-libs/libsemanage: Move to portage-stable 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
01c453103b overlay coreos/config: Add Flatcar modifications for sys-libs/libsemanage 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
08870146fd overlay profiles: Allow python for sys-libs/libselinux 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
1df1df22c1 overlay profiles: Disable caps for smartmontools 
The USE=caps is only relevant for smartd, which we are not building
anyway.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
a6b5aa6dc4 overlay profiles: Drop enabling caps and audit USE flags for specific packages 
selinux profile enables the USE flags for all of them.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
d64475a947 overlay profiles: Mask python and perl USE flags for generic images 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
862ca0164c overlay profiles: Clean up selinux enabling 
Not needed given that we have switched to selinux profile, which
enables selinux USE.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
83d8f655f9 .github: Add newly added policy packages to automation 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
7ed13d9f00 overlay coreos/user-patches: Add symlinks for newly added policy packages 
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
18f458a744 sec-policy/selinux-zfs: Add from Gentoo 
It's from Gentoo commit 0868350882899927dd40131021bfcf8bd117e77c.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
b342b6f60a sec-policy/selinux-xfs: Add from Gentoo 
It's from Gentoo commit 0868350882899927dd40131021bfcf8bd117e77c.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
621ff5e537 sec-policy/selinux-wireguard: Add from Gentoo 
It's from Gentoo commit 0868350882899927dd40131021bfcf8bd117e77c.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
10cd11e8d7 sec-policy/selinux-virt: Add from Gentoo 
It's from Gentoo commit 0868350882899927dd40131021bfcf8bd117e77c.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
9c650f91d2 sec-policy/selinux-tcsd: Add from Gentoo 
It's from Gentoo commit 0868350882899927dd40131021bfcf8bd117e77c.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
dca1c34678 sec-policy/selinux-sudo: Add from Gentoo 
It's from Gentoo commit 0868350882899927dd40131021bfcf8bd117e77c.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
104d4939aa sec-policy/selinux-smartmon: Add from Gentoo 
It's from Gentoo commit 0868350882899927dd40131021bfcf8bd117e77c.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
f2ffabdb56 sec-policy/selinux-sasl: Add from Gentoo 
It's from Gentoo commit 0868350882899927dd40131021bfcf8bd117e77c.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00
Krzesimir Nowak
cf4ff86f00 sec-policy/selinux-samba: Add from Gentoo 
It's from Gentoo commit 0868350882899927dd40131021bfcf8bd117e77c.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
 2026-03-20 15:12:08 +01:00