Merge pull request #810 from imikushin/selinux-arm

Support SELinux on arm/arm64
2025-07-04 10:36:14 +00:00 · 2016-03-21 11:34:49 -07:00 · 2016-03-21 11:34:49 -07:00 · 8653a2cd8f
commit 8653a2cd8f
parent 96c3f3958b a8dfd7089e
15 changed files with 29 additions and 47 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -1,5 +1,5 @@
 build:
-  image: rancher/dapper:1.10.2
+  image: rancher/dapper:1.10.3
  volumes:
  - /var/run/docker.sock:/var/run/docker.sock
  commands:
--- a/Dockerfile.dapper
+++ b/Dockerfile.dapper
@ -40,7 +40,7 @@ RUN if [ "${TOOLCHAIN}" != "" ] && ! which ${TOOLCHAIN}-gcc; then \
 RUN if [ "${TOOLCHAIN}" != "" ]; then \
        cd /usr/local/src && \
-        for i in libselinux pcre3 util-linux; do \
+        for i in libselinux libsepol pcre3 util-linux; do \
            apt-get build-dep -y $i && \
            apt-get source -y $i \
        ;done \
@ -57,6 +57,9 @@ RUN if [ "${TOOLCHAIN}" != "" ]; then \
 RUN if [ "${TOOLCHAIN}" != "" ]; then \
        cd /usr/local/src/libselinux-* && \
        CC=${TOOLCHAIN}-gcc CXX=${TOOLCHAIN}-g++ make CFLAGS=-Wall && \
        make PREFIX=/usr/${TOOLCHAIN} DESTDIR=/usr/${TOOLCHAIN} install && \
        cd /usr/local/src/libsepol-* && \
        CC=${TOOLCHAIN}-gcc CXX=${TOOLCHAIN}-g++ make CFLAGS=-Wall && \
        make PREFIX=/usr/${TOOLCHAIN} DESTDIR=/usr/${TOOLCHAIN} install \
    ;fi
--- a/build.conf
+++ b/build.conf
@ -1,6 +1,6 @@
 IMAGE_NAME=rancher/os
 VERSION=v0.4.4-dev
-DFS_IMAGE=rancher/docker:v1.10.2-1
+DFS_IMAGE=rancher/docker:v1.10.3
 SELINUX_POLICY_URL=https://github.com/rancher/refpolicy/releases/download/v0.0.1/policy.29
 HOSTNAME_DEFAULT=rancher
--- a/build.conf.amd64
+++ b/build.conf.amd64
@ -2,4 +2,4 @@ DAPPER_BASE=ubuntu:16.04
 TOOLCHAIN= #empty
 COMPILED_KERNEL_URL=https://github.com/rancher/os-kernel/releases/download/Ubuntu-4.2.0-28.33-rancher/linux-4.2.8-ckt3-rancher-x86.tar.gz
-DOCKER_BINARY_URL=https://get.docker.com/builds/Linux/x86_64/docker-1.10.2
+DOCKER_BINARY_URL=https://get.docker.com/builds/Linux/x86_64/docker-1.10.3
--- a/build.conf.arm
+++ b/build.conf.arm
@ -2,4 +2,4 @@ DAPPER_BASE=armhf/ubuntu:16.04
 TOOLCHAIN=arm-linux-gnueabihf
 COMPILED_KERNEL_URL= #empty
-DOCKER_BINARY_URL=https://github.com/rancher/docker/releases/download/v1.10.2-arm2/docker-1.10.2_arm
+DOCKER_BINARY_URL=https://github.com/rancher/docker/releases/download/v1.10.3-ros1/docker-1.10.3_arm
--- a/build.conf.arm64
+++ b/build.conf.arm64
@ -1,5 +1,5 @@
 DAPPER_BASE=aarch64/ubuntu:16.04
 TOOLCHAIN=aarch64-linux-gnu
-COMPILED_KERNEL_URL=https://github.com/imikushin/os-kernel/releases/download/Estuary-4.1.18-arm64/linux-4.1.18-arm64.tar.gz
+COMPILED_KERNEL_URL=https://github.com/imikushin/os-kernel/releases/download/Estuary-4.1.18-arm64-3/linux-4.1.18-arm64.tar.gz
-DOCKER_BINARY_URL=https://github.com/rancher/docker/releases/download/v1.10.2-arm2/docker-1.10.2_arm64
+DOCKER_BINARY_URL=https://github.com/rancher/docker/releases/download/v1.10.3-ros1/docker-1.10.3_arm64
--- a/selinux/selinux_linux_amd64.go
+++ b/selinux/selinux_linux_amd64.go
--- a/selinux/selinux_linux_arm.go
+++ b/selinux/selinux_linux_arm.go
@ -1,6 +0,0 @@
 package selinux
 // InitializeSelinux is a stub for SELinux support on ARM
 func InitializeSelinux() (int, error) {
 	return 0, nil
 }
--- a/selinux/selinux_linux_arm64.go
+++ b/selinux/selinux_linux_arm64.go
@ -1,6 +0,0 @@
 package selinux
 // InitializeSelinux is a stub for SELinux support on ARM64
 func InitializeSelinux() (int, error) {
 	return 0, nil
 }
--- a/trash.yml
+++ b/trash.yml
@ -66,7 +66,7 @@ import:
  version: 1349b37bd56f4f5ce2690b5b2c0f53f88a261c67
 - package: github.com/rancher/docker-from-scratch
-  version: v1.10.2-1
+  version: v1.10.3
 - package: github.com/rancher/netconf
  version: d7d620ef4ea62a9d04b51c7b3d9dc83fe7ffaa1b
--- a/vendor/github.com/rancher/docker-from-scratch/.drone.yml
+++ b/vendor/github.com/rancher/docker-from-scratch/.drone.yml
@ -1,5 +1,5 @@
 build:
-  image: rancher/dapper:1.10.2
+  image: rancher/dapper:1.10.3
  volumes:
  - /var/run/docker.sock:/var/run/docker.sock
  commands:
--- a/vendor/github.com/rancher/docker-from-scratch/Dockerfile.dapper
+++ b/vendor/github.com/rancher/docker-from-scratch/Dockerfile.dapper
@ -1,16 +1,23 @@
-FROM golang:1.6
+FROM ubuntu:16.04
-RUN apt-get update && apt-get -y install libselinux-dev pkg-config
+RUN apt-get update && \
-RUN wget -O /usr/local/bin/docker -L https://get.docker.com/builds/Linux/x86_64/docker-1.10.2 && \
+    apt-get -y install locales sudo vim less curl wget git rsync build-essential isolinux xorriso gccgo \
        libblkid-dev libmount-dev libselinux1-dev cpio genisoimage qemu-kvm python-pip ca-certificates pkg-config tox
 RUN wget -O - https://storage.googleapis.com/golang/go1.6.linux-amd64.tar.gz | tar -xz -C /usr/local
 RUN wget -O /usr/local/bin/docker -L https://get.docker.com/builds/Linux/x86_64/docker-1.10.3 && \
    chmod +x /usr/local/bin/docker
 ENV PATH /usr/local/go/bin:$PATH
 RUN mkdir -p /go/src /go/bin && chmod -R 777 /go
 ENV GOPATH /go
 ENV PATH /go/bin:$PATH
 ENV DAPPER_SOURCE /go/src/github.com/rancher/docker-from-scratch
 ENV DAPPER_OUTPUT ""
 ENV DAPPER_DOCKER_SOCKET true
 ENV DAPPER_ENV NO_TEST ARCH
 ENV GO15VENDOREXPERIMENT 1
 RUN mkdir -p ${DAPPER_SOURCE} && ln -s ${DAPPER_SOURCE} /source
 WORKDIR ${DAPPER_SOURCE}
@ -22,20 +29,16 @@ RUN wget https://github.com/rancher/docker-from-scratch/releases/download/bin-v0
 RUN wget https://github.com/rancher/docker-from-scratch/releases/download/bin-v0.4.0/base-files_arm.tar.gz
 RUN wget https://github.com/rancher/docker-from-scratch/releases/download/bin-v0.4.0/base-files_arm64.tar.gz
-RUN wget -O ./docker_amd64 -L https://get.docker.com/builds/Linux/x86_64/docker-1.10.2 && \
+RUN wget -O ./docker_amd64 -L https://get.docker.com/builds/Linux/x86_64/docker-1.10.3 && \
    chmod +x ./docker_amd64
-RUN wget -O ./docker_arm -L https://github.com/rancher/docker/releases/download/v1.10.2-arm2/docker-1.10.2_arm && \
+RUN wget -O ./docker_arm -L https://github.com/rancher/docker/releases/download/v1.10.3-arm/docker-1.10.3_arm && \
    chmod +x ./docker_arm
-RUN wget -O ./docker_arm64 -L https://github.com/rancher/docker/releases/download/v1.10.2-arm2/docker-1.10.2_arm64 && \
+RUN wget -O ./docker_arm64 -L https://github.com/rancher/docker/releases/download/v1.10.3-arm/docker-1.10.3_arm64 && \
    chmod +x ./docker_arm64
 WORKDIR ${DAPPER_SOURCE}
-COPY ./scripts/crosstools.list /etc/apt/sources.list.d/
+COPY ./scripts/install-libs.sh /tmp/
-
+RUN /tmp/install-libs.sh
 RUN sh -c 'curl http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -' && \
    dpkg --add-architecture armhf && dpkg --add-architecture arm64 && \
    apt-get update && \
    apt-get install -y crossbuild-essential-armhf crossbuild-essential-arm64
 CMD ./scripts/ci
--- a/vendor/github.com/rancher/docker-from-scratch/selinux/selinux_arm.go
+++ b/vendor/github.com/rancher/docker-from-scratch/selinux/selinux_arm.go
@ -1,6 +0,0 @@
 package selinux
 // SetFileContext is a stub for SELinux support on ARM
 func SetFileContext(path string, context string) (int, error) {
 	return 0, nil
 }
--- a/vendor/github.com/rancher/docker-from-scratch/selinux/selinux_arm64.go
+++ b/vendor/github.com/rancher/docker-from-scratch/selinux/selinux_arm64.go
@ -1,6 +0,0 @@
 package selinux
 // SetFileContext is a stub for SELinux support on ARM
 func SetFileContext(path string, context string) (int, error) {
 	return 0, nil
 }
--- a/vendor/github.com/rancher/docker-from-scratch/selinux/selinux_linux.go
+++ b/vendor/github.com/rancher/docker-from-scratch/selinux/selinux_linux.go