boom selinux wow
This commit is contained in:
Dan Buch
parent
3157d62682
commit
4143b4dd35
4
selinux/.vagrant-provision-as-vagrant.sh
Normal file
4
selinux/.vagrant-provision-as-vagrant.sh
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
whoami
|
||||||
|
echo woop
|
||||||
22
selinux/.vagrant-provision.sh
Normal file
22
selinux/.vagrant-provision.sh
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
emerge-webrsync
|
||||||
|
eselect profile set hardened/linux/amd64/no-multilib/selinux
|
||||||
|
emerge sys-kernel/hardened-sources
|
||||||
|
echo reboot required here?
|
||||||
|
source /etc/profile
|
||||||
|
emerge -1 checkpolicy policycoreutils
|
||||||
|
echo another reboot?
|
||||||
|
FEATURES="-selinux" emerge -1 selinux-base
|
||||||
|
FEATURES="-selinux" emerge selinux-base-policy
|
||||||
|
echo and another reboot?
|
||||||
|
rlpkg -a -r
|
||||||
|
rc-update add selinux_gentoo boot
|
||||||
|
echo yet another reboot maybe?
|
||||||
|
setsebool -P global_ssp on
|
||||||
|
semanage login -a -s staff_u vagrant
|
||||||
|
restorecon -R -F /home/vagrant
|
||||||
|
semanage user -m -R "staff_r sysadm_r system_r" root
|
||||||
|
semanage user -m -R "staff_r sysadm_r system_r" staff_u
|
||||||
10
selinux/Vagrantfile
vendored
Normal file
10
selinux/Vagrantfile
vendored
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
Vagrant.configure('2') do |config|
|
||||||
|
config.vm.box = 'meatballhat/gentoo-amd64'
|
||||||
|
config.vm.provision 'shell', path: '.vagrant-provision.sh'
|
||||||
|
config.vm.provision 'shell', path: '.vagrant-provision-as-vagrant.sh', privileged: false
|
||||||
|
|
||||||
|
config.vm.provider 'virtualbox' do |vbox|
|
||||||
|
vbox.cpus = 4
|
||||||
|
vbox.memory = 2048
|
||||||
|
end
|
||||||
|
end
|
||||||
Loading…
Reference in New Issue
Block a user