dashboard/config: re-enable selinux

Upstream "selinux: fix mounting of cgroup2 under older policies" commit fixes mounting of cgroup2 under wheezy selinux policy. So don't disable selinux on start. Create separate cmdline arguments that enable selinux and apparmor.
author: Dmitry Vyukov <dvyukov@google.com> 2018-09-05 12:50:53 +0200
committer: Dmitry Vyukov <dvyukov@google.com> 2018-09-05 12:50:53 +0200
commit: 196410e4f5665d4d2bf6c818d06f1c8d03cfa8cc (patch)
tree: 265ed8521703c1f2faa86db345cb028dd53750e4 /dashboard
parent: 49312e6d5ef379cce29c1bb583008ac3b163b1ff (diff)
2 files changed, 10 insertions, 0 deletions
diff --git a/dashboard/config/upstream-apparmor.cmdline b/dashboard/config/upstream-apparmor.cmdline
new file mode 100644
index 000000000..1a85912cb
--- /dev/null
+++ b/dashboard/config/upstream-apparmor.cmdline
@@ -0,0 +1,9 @@
+security=apparmor
+workqueue.watchdog_thresh=140
+kvm-intel.nested=1
+nf-conntrack-ftp.ports=20000
+nf-conntrack-tftp.ports=20000
+nf-conntrack-sip.ports=20000
+nf-conntrack-irc.ports=20000
+nf-conntrack-sane.ports=20000
+nopcid
diff --git a/dashboard/config/upstream.cmdline b/dashboard/config/upstream-selinux.cmdline
index b475f380a..fbfc9f6f9 100644
--- a/dashboard/config/upstream.cmdline
+++ b/dashboard/config/upstream-selinux.cmdline
@@ -1,3 +1,4 @@
+security=selinux
 workqueue.watchdog_thresh=140
 kvm-intel.nested=1
 nf-conntrack-ftp.ports=20000
author	Dmitry Vyukov <dvyukov@google.com>	2018-09-05 12:50:53 +0200
committer	Dmitry Vyukov <dvyukov@google.com>	2018-09-05 12:50:53 +0200
commit	196410e4f5665d4d2bf6c818d06f1c8d03cfa8cc (patch)
tree	265ed8521703c1f2faa86db345cb028dd53750e4 /dashboard
parent	49312e6d5ef379cce29c1bb583008ac3b163b1ff (diff)