You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On Flatcar, we have SELinux patches. Some of these are quite old and could be upstreamed or purely deleted. Let's gather the feedback we had from an interesting discussion with https://wiki.gentoo.org/wiki/Project:SELinux folks:
Current situation
On Flatcar, we have SELinux patches. Some of these are quite old and could be upstreamed or purely deleted. Let's gather the feedback we had from an interesting discussion with https://wiki.gentoo.org/wiki/Project:SELinux folks:
selinux-unconfined
: no customization -> let's move it to::portage-stable
: sec-policy/selinux-unconfined: move from ::coreos-overlay flatcar-archive/portage-stable#314icmp-bind
could be replaced withuser_ping boolean
? (@krnowak if you want to try it ?)unlabeled.patch
could be upstreamed to refpolicysshd.patch
is broken (unconfined_t is not a file type so you cant put it on fcontexts)logging.patch
seems fine, it has to use an interface (cant use kernel_t outside of kernel.te/if) could go upstreamlocallogin.patch
could go upstreamThis is required for #673
Thanks a lot @perfinion for your time and your feedback :)
The text was updated successfully, but these errors were encountered: