scripts icon indicating copy to clipboard operation
scripts copied to clipboard
verified publisher icon flatcar

Increase selinux coverage of the host system

Open krnowak opened this issue 8 months ago • 3 comments

CI: http://jenkins.infra.kinvolk.io:8080/job/container/job/sdk/2052/cldsv/

  • switch to selinux profiles
  • add more sec-policy packages
  • do some cleanups in profiles wrt selinux, audit, python, perl and caps USE flags

TODO:

  • mask python files from sys-libs/libselinux for generic images
  • drop systemd patch that removes selinux checks

krnowak avatar Apr 24 '25 16:04 krnowak

Interesting! Maybe we can do the correct labeling now and have a booting image: https://github.com/flatcar/scripts/pull/1517

pothos avatar Sep 01 '25 06:09 pothos

Build action triggered: https://github.com/flatcar/scripts/actions/runs/17375141650

github-actions[bot] avatar Sep 01 '25 06:09 github-actions[bot]

When ready we should also make kola enforce early and not at runtime: https://github.com/flatcar/mantle/pull/487

pothos avatar Sep 01 '25 10:09 pothos