boom selinux wow

10 years ago · 4143b4dd35
parent 3157d62682
commit 4143b4dd35
3 changed files with 36 additions and 0 deletions
--- a/selinux/.vagrant-provision-as-vagrant.sh
+++ b/selinux/.vagrant-provision-as-vagrant.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+
+whoami
+echo woop
--- a/selinux/.vagrant-provision.sh
+++ b/selinux/.vagrant-provision.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -ex
+
+emerge-webrsync
+eselect profile set hardened/linux/amd64/no-multilib/selinux
+emerge sys-kernel/hardened-sources
+echo reboot required here?
+source /etc/profile
+emerge -1 checkpolicy policycoreutils
+echo another reboot?
+FEATURES="-selinux" emerge -1 selinux-base
+FEATURES="-selinux" emerge selinux-base-policy
+echo and another reboot?
+rlpkg -a -r
+rc-update add selinux_gentoo boot
+echo yet another reboot maybe?
+setsebool -P global_ssp on
+semanage login -a -s staff_u vagrant
+restorecon -R -F /home/vagrant
+semanage user -m -R "staff_r sysadm_r system_r" root
+semanage user -m -R "staff_r sysadm_r system_r" staff_u
--- a/selinux/Vagrantfile
+++ b/selinux/Vagrantfile
@ -0,0 +1,10 @@
+Vagrant.configure('2') do |config|
+  config.vm.box = 'meatballhat/gentoo-amd64'
+  config.vm.provision 'shell', path: '.vagrant-provision.sh'
+  config.vm.provision 'shell', path: '.vagrant-provision-as-vagrant.sh', privileged: false
+
+  config.vm.provider 'virtualbox' do |vbox|
+    vbox.cpus = 4
+    vbox.memory = 2048
+  end
+end