[WIP] add selinux-policies packages

Signed-off-by: David Cassany <[email protected]>
rancher · May 3, 2021 · 7b54025 · 7b54025
1 parent 95aeb1d
commit 7b54025
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 4 deletions.
diff --git a/packages/cos/build.yaml b/packages/cos/build.yaml
@@ -20,7 +20,10 @@ requires:
 - name: cos-features
   category: system
   version: ">=0"
-- name: "refpolicy"
+#- name: "refpolicy"
+  #category: "system"
+  #version: ">=0"
+- name: "selinux-policies"
   category: "system"
   version: ">=0"
 

diff --git a/packages/installer/definition.yaml b/packages/installer/definition.yaml
@@ -1,3 +1,3 @@
 name: "installer"
 category: "utils"
-version: "0.6.33"
+version: "0.6.34"
diff --git a/packages/installer/installer.sh b/packages/installer/installer.sh
@@ -205,12 +205,13 @@ do_copy()
 {
     echo "Copying cOS.."
 
-    rsync -aqz --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' ${DISTRO}/ ${TARGET}
+    rsync -aqzAX --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' ${DISTRO}/ ${TARGET}
      if [ -n "$COS_INSTALL_CONFIG_URL" ]; then
         OEM=${TARGET}/oem/99_custom.yaml
         get_url "$COS_INSTALL_CONFIG_URL" $OEM
         chmod 600 ${OEM}
     fi
+    setfiles -r ${TARGET} ${TARGET}/etc/selinux/targeted/contexts/files/file_contexts ${TARGET}
     mkdir -p $TARGET/usr/local/cloud-config
 cat > $TARGET/usr/local/cloud-config/90_after_install.yaml <<EOF
 # Execute this stage in the boot phase:

diff --git a/packages/installer/upgrade.sh b/packages/installer/upgrade.sh
@@ -132,7 +132,8 @@ upgrade() {
           args=
         fi
         luet util unpack $args $UPGRADE_IMAGE /usr/local/tmp/rootfs
-        rsync -aqz --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' /usr/local/tmp/rootfs/ /tmp/upgrade
+        rsync -aqzAX --exclude='mnt' --exclude='proc' --exclude='sys' --exclude='dev' --exclude='tmp' /usr/local/tmp/rootfs/ /tmp/upgrade
+        setfiles -r ${TARGET} ${TARGET}/etc/selinux/targeted/contexts/files/file_contexts ${TARGET}
         rm -rf /usr/local/tmp/rootfs
     fi
 

diff --git a/packages/selinux-policies/build.yaml b/packages/selinux-policies/build.yaml
@@ -0,0 +1,21 @@
+requires:
+- name: "base"
+  category: "distro"
+  version: ">=0"
+
+steps:
+{{ if .Values.distribution }}
+{{if eq .Values.distribution "opensuse" }}
+- zypper ar https://download.opensuse.org/repositories/security:/SELinux/openSUSE_Leap_15.3/security:SELinux.repo
+- zypper --gpg-auto-import-keys in -y --allow-vendor-change --allow-downgrade selinux-policy audit selinux-tools python3-policycoreutils policycoreutils-python-utils container-selinux -libsemanage1
+- zypper cc
+{{else if eq .Values.distribution "fedora" }}
+- dnf install -y container-selinux selinux-policy-targeted
+- dnf clean all
+- systemctl mask selinux-autorelabel.service && systemctl mask selinux-autorelabel-mark.service
+{{else if eq .Values.distribution "ubuntu" }}
+- apt-get install -y selinux-policy-default selinux-utils
+- apt-get clean
+{{end}}
+{{end}}
+- rm -rf /.autorelabel
diff --git a/packages/selinux-policies/definition.yaml b/packages/selinux-policies/definition.yaml
@@ -0,0 +1,4 @@
+name: "selinux-policies"
+category: "system"
+version: "0.0.3"
+