root needs to be specified with -p instead of -S.
The policy dir (-S) defaults to (-p) + /var/lib/selinux/ + (-s).
Picked from upstream: 54a8322d18
Closes: https://github.com/flatcar-linux/Flatcar/issues/596
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
The mirror-calico workflow has been failing because it currently determines
version=v3.22.0-0.dev-typha, which is not the tag used by the individual
container images. Rewrite the version logic to determine the version based on
what is in the tigera operator manifest. This is the same manifest that we use
to deploy calico in mantle.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
The entries added in changelog/security/ do not follow our existing
security section in the release notes:
https://www.flatcar.org/releases/#release-3033.2.0
Document the structure and an example to use the right format that we
need for release note generation.
The net-misc/iputils package never provided the traceroute binary,
only traceroute6, which is probably why the use flag got renamed to
traceroute6 too.
It was removed from Gentoo and with updated profiles, the build
started to fail with:
USE flag 'elibc_uclibc' referenced in conditional 'elibc_uclibc?' is
not in IUSE
We rely on this setting to make iPXE booting work on EFI platforms. In iPXE we
use 2 initramfs': the kernel builtin one and a pxe specific one that contains
the contents of the usr partition. This appears to rely on the EFI stub, which
unpacks the second one based on the passed commandline parameter (initrd=).
This affects arm64 kernels after v5.11 because of this commit:
6edcf9dc2e
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
The changelog entries should be directly used for the release notes,
thus they need to be short and hold only information relevant to the
end user, and should be in the markdown bullet point format.
The used changelog entry format in
https://github.com/flatcar-linux/coreos-overlay/pull/1502 is not really
useful for the release notes. This paragraph is good for the PR
description or a commit message, but here should be a bullet point for
the release notes.
Replace the paragraph by a release notes bullet point.
All runs of the GitHub Action to update the kernel used the same
changelog name, which is a bit confusing when comparing the releases.
Append the version to the filename to avoid using the same name for the
maintenance updates of a channel releases and for the introduction of a
kernel update in main.
Unlike with Kernel 5.10, dracut does not automatically install `loop.ko`
with Kernel 5.15.
Explicitly install the loop module from the dracut command line.
Pulls in https://github.com/flatcar-linux/bootengine/pull/32
`net-libs/libnetfilter_cthelper` needs CONFIG_NF_CT_NETLINK_HELPER.
CONFIG_NET_VRF was requested by a user. CONFIG_KEY_DH_OPERATIONS is
useful for `sys-apps/keyutils`. Rest of the added configs are
dependencies.
enables ELF support to e.g. allow tc to handle BPF filters.
It has been dropped in this commit: 406576c5e5
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
