-
Notifications
You must be signed in to change notification settings - Fork 36
Add sssd to list of SELinux modules enabled #1712
Conversation
Hm, I see in the gentoo repo that there is a |
@krnowak that could be an option! Although, it's already included by default in Flatcar, so why not include it to the base list? the package is merely a |
The reason is that we aim for having the least amount of divergence between flatcar and gentoo, so we have less things to maintain. |
@krnowak understood. I'll pick up that package then. |
b68d12e
to
5afaf6a
Compare
@krnowak done |
@JAORMX: Thanks! I see that you added the Another thing is that With that done, I can start a test build in our CI. |
This is needed by flatcar-archive/coreos-overlay#1712 in order to enable the sssd SELinux policy Signed-off-by: Juan Antonio Osorio <[email protected]>
5afaf6a
to
d46dc61
Compare
Cool, CI is crunching now those PRs. Thanks! |
Signed-off-by: Juan Antonio Osorio <[email protected]>
d46dc61
to
a604f4b
Compare
There as a dev-container failure, that's unrelated to this PR, otherwise CI passed (had to rerun qemu tests, because some of them were flaky). You could download the qemu image and the bash script to verify if it works for you. |
@krnowak I haven't been able to test this cause I'm on mac right now and haven't rewritten the script to work on mac yet. Should CI be re-ran then? |
No, no need for rerunning the tests. dev-container failure is unrelated and I have a fix for it, but didn't manage to test it and merge yet. I'll check the contents of the image. |
Files in |
Thanks for the PR! I think we will eventually also need to focus on having more coverage of SELinux labeling. |
@krnowak yes, that's the goal of this issue: flatcar/Flatcar#673 and I revamped this PR: flatcar/scripts#66 to get a fully labeled system but it breaks everything in enforcing mode :) |
Right, last time I tried to label the whole filesystem and run the enforcing mode, I couldn't even ssh into the machine any more. :) |
Include
sssd
SELinux module in base policysssd it being provided by flatcar and it was missing from the list.
This inclusion should appropriately label sssd-related files.
Related-Bug: flatcar/Flatcar#673
How to use
[ describe what reviewers need to do in order to validate this PR ]
Testing done
[Describe the testing you have done before submitting this PR. Please include both the commands you issued as well as the output you got.]
changelog/
directory (user-facing change, bug fix, security fix, update)