When testing issues in older versions of refpolicy (for example when
git-bisecting a regression), the newer policy modules are kept in
/usr/share/selinux/refpolicy/ and trigger errors when they fail to be
loaded by "semodule -s refpolicy -i /usr/share/selinux/refpolicy/*.pp".
Avoid this situation by removed old modules from
/usr/share/selinux/refpolicy/ before running "make install".
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Since commit 210b64f10a ("Remove shell automatic domain transitions to
unconfined_t from various pam login programs"), setting ssh_sysadm_login
is mandatory in order to allow vagrant user to use SSH while using
unconfined_u or sysadm_u.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
When using Vagrant to run virtual machines with SELinux enabled, several
specific accesses need to be allowed. It does not make much sense to add
the needed rules to the refpolicy, as they are very specific to the use
of Vagrant to provision a virtual machine to test a policy. Therefore,
create a dedicated module to allow the required accesses.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Configure a Debian 10 "buster" VM in order to use SELinux with
refpolicy.
This is useful in order to test refpolicy on a minimal Debian system,
for example to debug issues related to Debian patches such as the one
fixed in https://github.com/SELinuxProject/refpolicy/pull/78.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Use the official Fedora cloud image as a base for the virtual machine.
Allow defining other virual machines by putting the configuration of
Fedora's one into a sub-level.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Nicolas Iooss
Chris PeBenito
Naftuli Tzvi Kay