mirror of
https://github.com/coreos/fedora-coreos-config.git
synced 2026-02-05 09:45:30 +01:00
32 lines
1.3 KiB
YAML
32 lines
1.3 KiB
YAML
# Shared with EL 10 (CentOS Stream 10 and RHCOS 10) only
|
|
packages:
|
|
# GPU Firmware files (not broken out into subpackage of linux-firmware in RHEL yet)
|
|
- amd-gpu-firmware intel-gpu-firmware nvidia-gpu-firmware
|
|
|
|
# Recent changes in the SELinux policy have broken a lot of our code.
|
|
# Revert the affected domains back to permissive mode so we can
|
|
# continue to build and test `releasever >= 41` until
|
|
# https://github.com/fedora-selinux/selinux-policy/pull/2257 merges
|
|
# and the domains are reverted upstream or until the issue is resolved
|
|
# altogether
|
|
postprocess:
|
|
- |
|
|
#!/usr/bin/bash
|
|
set -eux -o pipefail
|
|
cat > /tmp/fcos-workarounds.cil << EOF
|
|
; https://bugzilla.redhat.com/show_bug.cgi?id=2300306
|
|
(typeattributeset cil_gen_require bootupd_t)
|
|
(typepermissive bootupd_t)
|
|
; https://bugzilla.redhat.com/show_bug.cgi?id=2305385
|
|
(typeattributeset cil_gen_require coreos_installer_t)
|
|
(typepermissive coreos_installer_t)
|
|
; https://bugzilla.redhat.com/show_bug.cgi?id=2306352
|
|
(typeattributeset cil_gen_require afterburn_t)
|
|
(typepermissive afterburn_t)
|
|
EOF
|
|
/usr/sbin/semodule -i /tmp/fcos-workarounds.cil
|
|
rm /tmp/fcos-workarounds.cil
|
|
# Also remove created LOCK files as we don't want those
|
|
# to end up in /usr/etc
|
|
rm -f /etc/selinux/targeted/semanage.*.LOCK
|