Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] new package: sec-policy/selinux-container #479

Closed
tormath1 opened this issue Aug 12, 2021 · 2 comments · Fixed by flatcar/scripts#917 · May be fixed by flatcar-archive/coreos-overlay#1993
Closed

[RFE] new package: sec-policy/selinux-container #479

tormath1 opened this issue Aug 12, 2021 · 2 comments · Fixed by flatcar/scripts#917 · May be fixed by flatcar-archive/coreos-overlay#1993
Labels
area/selinux Issues related to SELinux kind/feature A feature request

Comments

@tormath1
Copy link
Contributor

tormath1 commented Aug 12, 2021
edited
Loading

Current situation

For SELinux, we currently use the following policies with custom patches:

  • sec-policy/selinux-virt
  • sec-policy/selinux-unconfined
  • sec-policy/selinux-base

In the SELinux effort, it would be nice to port the following policy: https://github.com/containers/container-selinux to the OS to be aligned with an upstream reference and contribute to it.

Impact

  • no need to maintain custom patches
  • up-to-date with an official containers SELinux policy
  • contribute to the containers/container-selinux

Implementation options

It seems there is no ebuild for this policy - we could contribute to the upstream ::gentoo to provide it then add it to ::portage-stable.

Additional information
@tormath1 tormath1 added the kind/feature A feature request label Aug 12, 2021
@0xC0ncord 0xC0ncord mentioned this issue Nov 16, 2021
Merged
@tormath1 tormath1 mentioned this issue Jan 18, 2022
Open
@tormath1
Copy link
Contributor Author

containers SELinux module has been added to refpolicy.

@tormath1 tormath1 changed the title [RFE] new package: sec-policy/selinux-containers [RFE] new package: sec-policy/selinux-container Jan 31, 2022
@tormath1 tormath1 mentioned this issue Feb 22, 2022
Open
@tormath1 tormath1 mentioned this issue Mar 11, 2022
Open
1 task
@tormath1 tormath1 added the area/selinux Issues related to SELinux label Mar 29, 2022
@tormath1 tormath1 mentioned this issue Mar 30, 2022
Closed
@tormath1
Copy link
Contributor Author

sec-policy/selinux-container has been added upstream: https://github.com/gentoo/gentoo/tree/master/sec-policy/selinux-container

@tormath1 tormath1 mentioned this issue Jun 16, 2022
Open
This was referenced Jun 30, 2022
Draft
Draft
@pothos pothos moved this from No Status to Upcoming / Backlog in Flatcar tactical, release planning, and roadmap May 22, 2023
@tormath1 tormath1 mentioned this issue Jun 14, 2023
Merged
3 tasks
@stephen-fox stephen-fox mentioned this issue Aug 23, 2023
Open
@github-actions github-actions bot mentioned this issue Nov 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/selinux Issues related to SELinux kind/feature A feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

selinux: update flatcar/scripts
sec-policy/*: sync with gentoo flatcar-archive/coreos-overlay
1 participant
@tormath1