-
Notifications
You must be signed in to change notification settings - Fork 549
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: machined: initial SELinux bring-up #9617
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dsseng
commented
Oct 31, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is some potential to further reduce the amount of CIL code for the initial bring-up. I might try to do so. Also please take notes if anything from here needs to be moved into further commits from #9127
dsseng
force-pushed
the
selinux-processes
branch
from
October 31, 2024 15:44
e3ed6e0
to
84ad60f
Compare
|
frezbo
reviewed
Oct 31, 2024
smira
reviewed
Oct 31, 2024
smira
reviewed
Oct 31, 2024
smira
reviewed
Oct 31, 2024
smira
reviewed
Oct 31, 2024
smira
reviewed
Oct 31, 2024
smira
reviewed
Oct 31, 2024
frezbo
reviewed
Oct 31, 2024
frezbo
reviewed
Oct 31, 2024
frezbo
reviewed
Oct 31, 2024
smira
reviewed
Oct 31, 2024
smira
reviewed
Oct 31, 2024
smira
reviewed
Oct 31, 2024
smira
reviewed
Oct 31, 2024
dsseng
commented
Oct 31, 2024
smira
reviewed
Oct 31, 2024
smira
reviewed
Oct 31, 2024
smira
reviewed
Oct 31, 2024
frezbo
reviewed
Oct 31, 2024
dsseng
commented
Oct 31, 2024
internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go
Outdated
Show resolved
Hide resolved
dsseng
commented
Oct 31, 2024
dsseng
commented
Oct 31, 2024
dsseng
commented
Oct 31, 2024
dsseng
commented
Oct 31, 2024
dsseng
commented
Oct 31, 2024
dsseng
force-pushed
the
selinux-processes
branch
from
October 31, 2024 22:15
84ad60f
to
0825337
Compare
dsseng
commented
Nov 1, 2024
dsseng
commented
Nov 1, 2024
frezbo
reviewed
Nov 1, 2024
smira
approved these changes
Nov 1, 2024
frezbo
reviewed
Nov 1, 2024
frezbo
approved these changes
Nov 1, 2024
dsseng
force-pushed
the
selinux-processes
branch
2 times, most recently
from
November 2, 2024 20:24
55e22ec
to
8b09bdb
Compare
dsseng
commented
Nov 2, 2024
dsseng
commented
Nov 3, 2024
dsseng
force-pushed
the
selinux-processes
branch
2 times, most recently
from
November 4, 2024 15:43
4f5b33c
to
d3bc578
Compare
Part of: siderolabs#9127 Label executables and processes, build, load and manage SELinux policy, enable audit support. Labeling filesystems, devices and runtime files will be done in further changes, see the full PR. Signed-off-by: Dmitry Sharshakov <[email protected]>
dsseng
force-pushed
the
selinux-processes
branch
from
November 4, 2024 15:57
d3bc578
to
960a040
Compare
/m |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Part of: #9127
Label executables and processes, build, load and manage SELinux policy, enable audit support.
Labeling filesystems, devices and runtime files will be done in further changes, see the full PR.
TODO: label static pods
Signed-off-by: Dmitry Sharshakov [email protected]