-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
overlay coreos/user-patches: Rework SELinux patches
- Merge all the patches into one. Previously there were a bunch of smaller patches, but their filenames and their contents did not really explain what they were fixing. - Document some of the changes that we have made. Try to put as much information about our own modifications. - Drop deprecated killall(kernel_t), mcs_file_read_all(kernel_t), mcs_file_write_all(kernel_t), mcs_ptrace_all(kernel_t). - Add more changes to cover more of the AVCs we were getting.
- Loading branch information
Showing
10 changed files
with
518 additions
and
239 deletions.
There are no files selected for viewing
501 changes: 501 additions & 0 deletions
501
...y/coreos/user-patches/sec-policy/flatcar-selinux-patches/0001-Flatcar-modifications.patch
Large diffs are not rendered by default.
Oops, something went wrong.
16 changes: 0 additions & 16 deletions
16
...licy/flatcar-selinux-patches/0001-policy-modules-kernel-all-more-actions-for-kernel.patch
This file was deleted.
Oops, something went wrong.
17 changes: 17 additions & 0 deletions
17
...coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
The following steps were needed to make these patches: | ||
|
||
- Clone the refpolicy repo: | ||
- https://github.com/SELinuxProject/refpolicy.git | ||
- Checkout the appropriate tag: | ||
- For example `RELEASE_2_20231002`. | ||
- Apply the Gentoo patch: | ||
- See the sec-policy/selinux-base ebuild in portage-stable for the | ||
patch tarball URL. | ||
- Apply our changes. | ||
- Generate the patch: | ||
- Since sec-policy/selinux- packages set their source directory to | ||
work directory (in Gentooese: `S=${WORKDIR}/`), the user patches | ||
are applied from the parent directory of the refpolicy sources. In | ||
order to generate proper patches, do `git format-patch | ||
--src-prefix=a/refpolicy/ --dst-prefix=b/refpolicy/ | ||
<SINCE_COMMIT>` |
78 changes: 0 additions & 78 deletions
78
...rty/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/container.patch
This file was deleted.
Oops, something went wrong.
44 changes: 0 additions & 44 deletions
44
...coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/files-relabel.patch
This file was deleted.
Oops, something went wrong.
40 changes: 0 additions & 40 deletions
40
...rty/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/icmp-bind.patch
This file was deleted.
Oops, something went wrong.
11 changes: 0 additions & 11 deletions
11
...rd_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/init.patch
This file was deleted.
Oops, something went wrong.
13 changes: 0 additions & 13 deletions
13
...ty/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/locallogin.patch
This file was deleted.
Oops, something went wrong.
18 changes: 0 additions & 18 deletions
18
...party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/logging.patch
This file was deleted.
Oops, something went wrong.
19 changes: 0 additions & 19 deletions
19
...rd_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/ping.patch
This file was deleted.
Oops, something went wrong.