-
Notifications
You must be signed in to change notification settings - Fork 36
Conversation
08a8c3c
to
2853e14
Compare
718d119
to
2399efb
Compare
Build fails like that:
|
@dongsupark thanks, I forgot to remove this patch. Actually it has been moved from |
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
backported from CoreOS commits Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
5c464b3
to
9d7353f
Compare
Rebased with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. Code looks good in general.
My local test looks ok as well.
As for cosmetic issues, can you please rearrange commits, e.g.,
squash fixup commits, move Flatcar patch commits right next to their corresponding Gentoo sync commits, etc?
if use extra ; then | ||
S="${S2}" | ||
python_copy_sources | ||
fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just thought.
Ideally we should contribute to Gentoo code like that, making USE flags to exclude unnecessary parts.
Of course that would be a long term project. So for now it is ok.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not a big fan of this extra
USE flag - but yeah we could definitely try to provide more granular control on this kind of part.
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
- run sshd (and child) as unconfined_t - add init.patch to allow execute_no_trans,map and exec from init to unconfined - add AVC patch for local login and journald Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
from 4.x setools is a pure python script, we won't include it in Flatcar anymore Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
Updates to dbus-1.12.20-r1 Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
Signed-off-by: Sayan Chowdhury <sayan@kinvolk.io>
This reverts commit 956f975.
9d7353f
to
0cff4d9
Compare
@dongsupark thanks for the review - commits squash and rearranged :) |
this PR is based on #347 but it has been adapted to match flatcar git commit workflow and to clean the git history
as it's quite a big PR, we can split it into smaller ones
Note for reviewers
setools
upgrade from 3 to 4 is fun (https://github.com/SELinuxProject/setools/wiki/Changes-Since-SETools-v3) (rewrite from C to Python).IDK yet how we can include this scripts into the OS 🤔we won't ship it anymoreTodo
(according to selinux repository, this scripts should only be "helpers")
selinux-unconfined
seems to be able to move into::portage-stable
Testing done
closes flatcar/Flatcar#305, (and certainly other SELinux related issues - need to pass through)