From afbd013493a8301b6fbd763a590eb37539ffd6ff Mon Sep 17 00:00:00 2001 From: Mathieu Tortuyaux Date: Tue, 26 Jul 2022 10:25:50 +0200 Subject: [PATCH] sec-policy/selinux-unconfined: add flatcar patch this patch set torcx-generator to unconfined type. Signed-off-by: Mathieu Tortuyaux --- sec-policy/selinux-unconfined/files/torcx.patch | 10 ++++++++++ .../selinux-unconfined-2.20220106-r3.ebuild | 2 ++ 2 files changed, 12 insertions(+) create mode 100644 sec-policy/selinux-unconfined/files/torcx.patch diff --git a/sec-policy/selinux-unconfined/files/torcx.patch b/sec-policy/selinux-unconfined/files/torcx.patch new file mode 100644 index 0000000000..f73427af88 --- /dev/null +++ b/sec-policy/selinux-unconfined/files/torcx.patch @@ -0,0 +1,10 @@ +diff --git a/policy/modules/system/unconfined.fc b/policy/modules/system/unconfined.fc +index 075d51aa3..cad3c8ab0 100644 +--- a/system/unconfined.fc ++++ b/system/unconfined.fc +@@ -24,3 +24,5 @@ ifdef(`distro_debian',` + ifdef(`distro_gentoo',` + /usr/lib/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) + ') ++ ++/usr/lib/systemd/system-generators/torcx-generator -- gen_context(system_u:object_r:unconfined_exec_t,s0) diff --git a/sec-policy/selinux-unconfined/selinux-unconfined-2.20220106-r3.ebuild b/sec-policy/selinux-unconfined/selinux-unconfined-2.20220106-r3.ebuild index ca2ad1523d..bb984c1306 100644 --- a/sec-policy/selinux-unconfined/selinux-unconfined-2.20220106-r3.ebuild +++ b/sec-policy/selinux-unconfined/selinux-unconfined-2.20220106-r3.ebuild @@ -8,6 +8,8 @@ MODS="unconfined" inherit selinux-policy-2 +POLICY_PATCH="${FILESDIR}/torcx.patch" + DESCRIPTION="SELinux policy for unconfined" if [[ ${PV} != 9999* ]] ; then