Update linuxguard config (microsoft#14355)

Add noexec mount option
Remove vim, wget, tardev-snapshotter, erofs-utils
Remove verity-signature files
Add cloud.cfg file
Make scripts executable

Author: dallasd1

toolkit/imageconfigs/files/linuxguard/cloud.cfg

@@ -0,0 +1,97 @@
+# The top level settings are used as module
+# and base configuration.
+
+# A set of users which may be applied and/or used by various modules
+# when a 'default' entry is found it will reference the 'default_user'
+# from the distro configuration specified below
+users:
+  - default
+
+# If this is set, 'root' will not be able to ssh in and they
+# will get a message to login instead as the default $user
+# disable_root: false
+
+# This will cause the set+update hostname module to not operate (if true)
+# preserve_hostname: false
+
+# If you use datasource_list array, keep array items in a single line.
+# If you use multi line array, ds-identify script won't read array items.
+# Example datasource config
+# datasource:
+#   Ec2:
+#     metadata_urls: [ 'blah.com' ]
+#     timeout: 5 # (defaults to 50 seconds)
+#     max_wait: 10 # (defaults to 120 seconds)
+
+# The modules that run in the 'init' stage
+cloud_init_modules:
+#   - seed_random
+#   - bootcmd
+#   - write_files
+#   - growpart
+#   - resizefs
+#   - disk_setup
+#   - mounts
+  - set_hostname
+#   - update_hostname
+#   - update_etc_hosts
+#   - ca_certs
+#   - rsyslog
+  - users_groups
+  - ssh
+#   - set_passwords
+
+# The modules that run in the 'config' stage
+# cloud_config_modules:
+#   - ssh_import_id
+#   - keyboard
+#   - locale
+#   - spacewalk
+#   - yum_add_repo
+#   - ntp
+#   - timezone
+#   - disable_ec2_metadata
+#   - runcmd
+
+# The modules that run in the 'final' stage
+# cloud_final_modules:
+#   - package_update_upgrade_install
+#   - write_files_deferred
+#   - puppet
+#   - chef
+#   - ansible
+#   - mcollective
+#   - salt_minion
+#   - reset_rmc
+#   - scripts_vendor
+#   - scripts_per_once
+#   - scripts_per_boot
+#   - scripts_per_instance
+#   - scripts_user
+#   - ssh_authkey_fingerprints
+#   - keys_to_console
+#   - install_hotplug
+#   - phone_home
+#   - final_message
+#   - power_state_change
+
+# System and/or distro specific settings
+# (not accessible to handlers/transforms)
+system_info:
+  # This will affect which distro class gets used
+  distro: azurelinux
+  # Default user name + that default users groups (if added/used)
+  default_user:
+    name: azurelinux
+    lock_passwd: True
+    gecos: Azure Linux
+    groups: [wheel]
+    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+    shell: /bin/bash
+  # network:
+  #   renderers: ['networkd']
+  # # Other config here will be given to the distro class and/or path classes
+  # paths:
+  #   cloud_dir: /var/lib/cloud/
+  #   templates_dir: /etc/cloud/templates/
+  ssh_svcname: sshd

toolkit/imageconfigs/files/linuxguard/selinux-ci-uki.semanage

@@ -21,3 +21,4 @@ fcontext -a -f f -t fsadm_exec_t -r 's0' '/usr/bin/lsblk'
 fcontext -a -f f -t dockerd_exec_t -r 's0' '/usr/bin/tardev-snapshotter'
 fcontext -a -f f -t bin_t -r 's0' '/usr/share/netplan/netplan\.script'
 fcontext -a -e / /rw
+fcontext -a -e /etc/selinux /usr/etc/selinux