Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

manifests: add selinux-workaround.yaml for >= F41 #3127

Merged
merged 2 commits into from
Sep 4, 2024
Merged

manifests: add selinux-workaround.yaml for >= F41 #3127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
03d42bc
manifests: add selinux-workaround.yaml for >= F41
marmijo Sep 3, 2024
4cc0404
denylist: remove entries for kola-ISO tests
marmijo Sep 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 0 additions & 35 deletions kola-denylist.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,41 +16,6 @@
warn: true
arches:
- ppc64le
- pattern: iso-install.bios
tracker: https://github.com/coreos/fedora-coreos-tracker/issues/1779
warn: true
snooze: 2024-09-16
streams:
- rawhide
- branched
- pattern: iso-offline-*
tracker: https://github.com/coreos/fedora-coreos-tracker/issues/1779
warn: true
snooze: 2024-09-16
streams:
- rawhide
- branched
- pattern: miniso-install*
tracker: https://github.com/coreos/fedora-coreos-tracker/issues/1779
warn: true
snooze: 2024-09-16
streams:
- rawhide
- branched
- pattern: pxe-online-*
tracker: https://github.com/coreos/fedora-coreos-tracker/issues/1779
warn: true
snooze: 2024-09-16
streams:
- rawhide
- branched
- pattern: pxe-offline-*
tracker: https://github.com/coreos/fedora-coreos-tracker/issues/1779
warn: true
snooze: 2024-09-16
streams:
- rawhide
- branched
- pattern: ext.config.kdump.crash
tracker: https://bugzilla.redhat.com/show_bug.cgi?id=2284097
snooze: 2024-09-16
Expand Down
2 changes: 2 additions & 0 deletions manifests/fedora-coreos.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ conditional-include:
include: wifi-firmwares.yaml
- if: releasever >= 41
include: composefs.yaml
- if: releasever >= 41
include: selinux-workaround.yaml

ostree-layers:
- overlay/15fcos
Expand Down
23 changes: 23 additions & 0 deletions manifests/selinux-workaround.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Recent changes in the SELinux policy have broken a lot of our code.
# Revert the affected domains back to permissive mode so we can
# continue to build and test `releasever >= 41` until
# https://github.com/fedora-selinux/selinux-policy/pull/2257 merges
# and the domains are reverted upstream or until the issue is resolved
# altogether
postprocess:
- |
#!/usr/bin/env bash
set -xeuo pipefail
cat > /tmp/fcos-workarounds.cil << EOF
; https://bugzilla.redhat.com/show_bug.cgi?id=2300306
(typeattributeset cil_gen_require bootupd_t)
(typepermissive bootupd_t)
; https://bugzilla.redhat.com/show_bug.cgi?id=2305385
(typeattributeset cil_gen_require coreos_installer_t)
(typepermissive coreos_installer_t)
; https://bugzilla.redhat.com/show_bug.cgi?id=2306352
(typeattributeset cil_gen_require afterburn_t)
(typepermissive afterburn_t)
EOF
/usr/sbin/semodule -i /tmp/fcos-workarounds.cil
rm /tmp/fcos-workarounds.cil
Loading