Skip to content

Commit 79a861b

Browse files
christophercochristopherco
authored
refactor: clean up osguard base definition (microsoft#14514)
Remove duplicate veritysetup entry. Remove commented-out packages. Create an selinux-ci-uki.semanage in osguard files and reference file from new location. Signed-off-by: Chris Co <[email protected]>
1 parent 4615c77 commit 79a861b

File tree

3 files changed

+23
-10
lines changed

3 files changed

+23
-10
lines changed

toolkit/imageconfigs/files/osguard/selinux-ci-uki.semanage

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
boolean -D
2+
login -D
3+
interface -D
4+
user -D
5+
port -D
6+
node -D
7+
fcontext -D
8+
module -D
9+
ibendport -D
10+
ibpkey -D
11+
permissive -D
12+
boolean -m -1 cloudinit_manage_non_security
13+
boolean -m -1 container_mounton_non_security
14+
boolean -m -1 init_mounton_non_security
15+
login -m -s ci_unconfined_u -r 's0' root
16+
login -m -s ci_unconfined_u -r 's0' __default__
17+
fcontext -a -f f -t bin_t -r 's0' '/etc/grub\.d/.*'
18+
fcontext -a -f f -t fsadm_exec_t -r 's0' '/usr/bin/lsblk'
19+
fcontext -a -f f -t dockerd_exec_t -r 's0' '/usr/bin/tardev-snapshotter'
20+
fcontext -a -f f -t bin_t -r 's0' '/usr/share/netplan/netplan\.script'
21+
fcontext -a -e /etc/selinux /usr/etc/selinux

toolkit/imageconfigs/osguard-amd64.yaml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,6 @@ os:
8484
- WALinuxAgent
8585
- device-mapper
8686
- kernel-ipe
87-
- veritysetup
8887
- cni
8988
- containerd2
9089
- cri-tools
@@ -150,7 +149,7 @@ os:
150149
destination: /etc/repart.d
151150
childFilePermissions: 644
152151
additionalFiles:
153-
- source: files/linuxguard/selinux-ci-uki.semanage
152+
- source: files/osguard/selinux-ci-uki.semanage
154153
destination: /etc/selinux/targeted/selinux-ci.semanage
155154
- source: files/osguard/cloud.cfg
156155
destination: /etc/cloud/cloud.cfg

toolkit/imageconfigs/templates/osguard-base.yaml

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -96,17 +96,10 @@ os:
9696
# OS
9797
- device-mapper
9898
- kernel-ipe
99-
# servicing
100-
# - trident
101-
# - trident-service
102-
- veritysetup
10399
# OCI
104100
- cni
105101
- containerd2
106102
- cri-tools
107-
# - erofs-utils
108-
# - notation
109-
# - tardev-snapshotter
110103
# UKI
111104
- systemd-boot
112105
# hyperv
@@ -179,7 +172,7 @@ os:
179172

180173
additionalFiles:
181174
# SELinux customizations
182-
- source: files/linuxguard/selinux-ci-uki.semanage
175+
- source: files/osguard/selinux-ci-uki.semanage
183176
destination: /etc/selinux/targeted/selinux-ci.semanage
184177
# Cloud-init configuration
185178
- source: files/osguard/cloud.cfg

0 commit comments

Comments
 (0)