Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add aliases for container-selinux types #1316

Merged
merged 2 commits into from
Feb 12, 2021
Merged

add aliases for container-selinux types #1316

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
68cfdcf
selinux-policy: add aliases for container-selinux types
bcressey Feb 10, 2021
2e1fa38
kubernetes: drop patch for kubelet plugins label
bcressey Feb 10, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions packages/kubernetes-1.15/0001-always-set-relevant-variables-for-cross-compiling.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
From 43460991812f41748d2ebbb846e3d956b40b26ae Mon Sep 17 00:00:00 2001
From f655cc39ba3aef7792a013f765c429ede69cfd97 Mon Sep 17 00:00:00 2001
From: Ben Cressey <bcressey@amazon.com>
Date: Sat, 18 May 2019 16:57:12 +0000
Subject: [PATCH 1/4] always set relevant variables for cross compiling
Subject: [PATCH] always set relevant variables for cross compiling

Signed-off-by: Ben Cressey <bcressey@amazon.com>
---
Expand Down Expand Up @@ -73,5 +73,5 @@ index e9c3b066..14c15994 100755

kube::golang::unset_platform_envs() {
--
2.21.0
2.26.2

0 ...3-opt-out-of-module-mode-for-builds.patch → ...2-opt-out-of-module-mode-for-builds.patch
View file
Open in desktop
File renamed without changes.
24 changes: 0 additions & 24 deletions packages/kubernetes-1.15/0002-override-SELinux-label-for-kubelet-plugins.patch
View file
Open in desktop

This file was deleted.

0 ...kubelet-block-non-forwarded-packets.patch → ...kubelet-block-non-forwarded-packets.patch
View file
Open in desktop
File renamed without changes.
0 ...-include-etc-hosts-in-eviction-calc.patch → ...-include-etc-hosts-in-eviction-calc.patch
View file
Open in desktop
File renamed without changes.
7 changes: 3 additions & 4 deletions packages/kubernetes-1.15/kubernetes-1.15.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,13 @@ Source4: kubelet-kubeconfig
Source5: kubernetes-ca-crt
Source1000: clarify.toml
Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch
Patch2: 0002-override-SELinux-label-for-kubelet-plugins.patch

# Fix builds in $GOPATH when using Go 1.13 - drop when we catch up in v1.17.0
# /~https://github.com/kubernetes/kubernetes/commit/8618c09
Patch3: 0003-opt-out-of-module-mode-for-builds.patch
Patch2: 0002-opt-out-of-module-mode-for-builds.patch

Patch4: 0004-kubelet-block-non-forwarded-packets.patch
Patch5: 0005-include-etc-hosts-in-eviction-calc.patch
Patch3: 0003-kubelet-block-non-forwarded-packets.patch
Patch4: 0004-include-etc-hosts-in-eviction-calc.patch

BuildRequires: git
BuildRequires: rsync
Expand Down
10 changes: 5 additions & 5 deletions packages/kubernetes-1.16/0001-always-set-relevant-variables-for-cross-compiling.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
From 43460991812f41748d2ebbb846e3d956b40b26ae Mon Sep 17 00:00:00 2001
From 7b22b33975ae3134130d92e5a43a1cfed6e0f89c Mon Sep 17 00:00:00 2001
From: Ben Cressey <bcressey@amazon.com>
Date: Sat, 18 May 2019 16:57:12 +0000
Subject: [PATCH 1/4] always set relevant variables for cross compiling
Subject: [PATCH] always set relevant variables for cross compiling

Signed-off-by: Ben Cressey <bcressey@amazon.com>
---
hack/lib/golang.sh | 52 ++++++++++++++++++++++++++--------------------
1 file changed, 30 insertions(+), 22 deletions(-)

diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh
index e9c3b066..14c15994 100755
index 5d9b084f..9244b43e 100755
--- a/hack/lib/golang.sh
+++ b/hack/lib/golang.sh
@@ -394,29 +394,37 @@ kube::golang::set_platform_envs() {
@@ -393,29 +393,37 @@ kube::golang::set_platform_envs() {
export GOOS=${platform%/*}
export GOARCH=${platform##*/}

Expand Down Expand Up @@ -73,5 +73,5 @@ index e9c3b066..14c15994 100755

kube::golang::unset_platform_envs() {
--
2.21.0
2.26.2

24 changes: 0 additions & 24 deletions packages/kubernetes-1.16/0002-override-SELinux-label-for-kubelet-plugins.patch
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion packages/kubernetes-1.16/kubernetes-1.16.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ Source4: kubelet-kubeconfig
Source5: kubernetes-ca-crt
Source1000: clarify.toml
Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch
Patch2: 0002-override-SELinux-label-for-kubelet-plugins.patch

# Update aws-sdk-go for IMDSv2 support
Patch100: aws-sdk-go-1.28.2.patch.bz2
Expand Down
10 changes: 5 additions & 5 deletions packages/kubernetes-1.17/0001-always-set-relevant-variables-for-cross-compiling.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
From 43460991812f41748d2ebbb846e3d956b40b26ae Mon Sep 17 00:00:00 2001
From eaeb0bf4e72f04f787ee3aa58499de19a31f5634 Mon Sep 17 00:00:00 2001
From: Ben Cressey <bcressey@amazon.com>
Date: Sat, 18 May 2019 16:57:12 +0000
Subject: [PATCH 1/4] always set relevant variables for cross compiling
Subject: [PATCH] always set relevant variables for cross compiling

Signed-off-by: Ben Cressey <bcressey@amazon.com>
---
hack/lib/golang.sh | 52 ++++++++++++++++++++++++++--------------------
1 file changed, 30 insertions(+), 22 deletions(-)

diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh
index e9c3b066..14c15994 100755
index b646bbe2..21067172 100755
--- a/hack/lib/golang.sh
+++ b/hack/lib/golang.sh
@@ -394,29 +394,37 @@ kube::golang::set_platform_envs() {
@@ -393,29 +393,37 @@ kube::golang::set_platform_envs() {
export GOOS=${platform%/*}
export GOARCH=${platform##*/}

Expand Down Expand Up @@ -73,5 +73,5 @@ index e9c3b066..14c15994 100755

kube::golang::unset_platform_envs() {
--
2.21.0
2.26.2

24 changes: 0 additions & 24 deletions packages/kubernetes-1.17/0002-override-SELinux-label-for-kubelet-plugins.patch
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion packages/kubernetes-1.17/kubernetes-1.17.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ Source4: kubelet-kubeconfig
Source5: kubernetes-ca-crt
Source1000: clarify.toml
Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch
Patch2: 0002-override-SELinux-label-for-kubelet-plugins.patch

# Update aws-sdk-go for IMDSv2 support
Patch100: aws-sdk-go-1.28.2_k8s-1.17.8.patch.bz2
Expand Down
10 changes: 5 additions & 5 deletions packages/kubernetes-1.18/0001-always-set-relevant-variables-for-cross-compiling.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
From 43460991812f41748d2ebbb846e3d956b40b26ae Mon Sep 17 00:00:00 2001
From 33d8f71872c51f189056d4e4aaa5427f7a09f0cf Mon Sep 17 00:00:00 2001
From: Ben Cressey <bcressey@amazon.com>
Date: Sat, 18 May 2019 16:57:12 +0000
Subject: [PATCH 1/4] always set relevant variables for cross compiling
Subject: [PATCH] always set relevant variables for cross compiling

Signed-off-by: Ben Cressey <bcressey@amazon.com>
---
hack/lib/golang.sh | 52 ++++++++++++++++++++++++++--------------------
1 file changed, 30 insertions(+), 22 deletions(-)

diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh
index e9c3b066..14c15994 100755
index b646bbe2..21067172 100755
--- a/hack/lib/golang.sh
+++ b/hack/lib/golang.sh
@@ -394,29 +394,37 @@ kube::golang::set_platform_envs() {
@@ -393,29 +393,37 @@ kube::golang::set_platform_envs() {
export GOOS=${platform%/*}
export GOARCH=${platform##*/}

Expand Down Expand Up @@ -73,5 +73,5 @@ index e9c3b066..14c15994 100755

kube::golang::unset_platform_envs() {
--
2.21.0
2.26.2

24 changes: 0 additions & 24 deletions packages/kubernetes-1.18/0002-override-SELinux-label-for-kubelet-plugins.patch
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion packages/kubernetes-1.18/kubernetes-1.18.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ Source4: kubelet-kubeconfig
Source5: kubernetes-ca-crt
Source1000: clarify.toml
Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch
Patch2: 0002-override-SELinux-label-for-kubelet-plugins.patch

BuildRequires: git
BuildRequires: rsync
Expand Down
10 changes: 5 additions & 5 deletions packages/kubernetes-1.19/0001-always-set-relevant-variables-for-cross-compiling.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
From 43460991812f41748d2ebbb846e3d956b40b26ae Mon Sep 17 00:00:00 2001
From 8b46abbb2f138096ec0f4237b8ce033c1fdc1d4d Mon Sep 17 00:00:00 2001
From: Ben Cressey <bcressey@amazon.com>
Date: Sat, 18 May 2019 16:57:12 +0000
Subject: [PATCH 1/4] always set relevant variables for cross compiling
Subject: [PATCH] always set relevant variables for cross compiling

Signed-off-by: Ben Cressey <bcressey@amazon.com>
---
hack/lib/golang.sh | 52 ++++++++++++++++++++++++++--------------------
1 file changed, 30 insertions(+), 22 deletions(-)

diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh
index e9c3b066..14c15994 100755
index 58bc090b..c3b0820e 100755
--- a/hack/lib/golang.sh
+++ b/hack/lib/golang.sh
@@ -394,29 +394,37 @@ kube::golang::set_platform_envs() {
@@ -393,29 +393,37 @@ kube::golang::set_platform_envs() {
export GOOS=${platform%/*}
export GOARCH=${platform##*/}

Expand Down Expand Up @@ -73,5 +73,5 @@ index e9c3b066..14c15994 100755

kube::golang::unset_platform_envs() {
--
2.21.0
2.26.2

24 changes: 0 additions & 24 deletions packages/kubernetes-1.19/0002-override-SELinux-label-for-kubelet-plugins.patch
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion packages/kubernetes-1.19/kubernetes-1.19.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ Source4: kubelet-kubeconfig
Source5: kubernetes-ca-crt
Source1000: clarify.toml
Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch
Patch2: 0002-override-SELinux-label-for-kubelet-plugins.patch

BuildRequires: git
BuildRequires: rsync
Expand Down
10 changes: 10 additions & 0 deletions packages/selinux-policy/object.cil
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,11 @@
(roletype object_r local_t)
(context local (system_u object_r local_t s0))

; Alias "container_file_t" to "local_t" for compatibility with
; the container-selinux policy.
(typealias container_file_t)
(typealiasactual container_file_t local_t)

; Files for the API components.
(type private_t)
(roletype object_r private_t)
Expand All @@ -75,6 +80,11 @@
(roletype object_r cache_t)
(context cache (system_u object_r cache_t s0))

; Alias "container_ro_file_t" to "cache_t" for compatibility with
; the container-selinux policy.
(typealias container_ro_file_t)
(typealiasactual container_ro_file_t cache_t)

; Files for saved DHCP leases.
(type lease_t)
(roletype object_r lease_t)
Expand Down
5 changes: 5 additions & 0 deletions packages/selinux-policy/subject.cil
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,11 @@
(roletype system_r control_t)
(context control (system_u system_r control_t s0))

; Alias "spc_t" to "control_t" for compatibility with the
; container-selinux policy.
(typealias spc_t)
(typealiasactual spc_t control_t)

; Processes that run inside highly privileged containers.
(type super_t)
(roletype system_r super_t)
Expand Down