From 196410e4f5665d4d2bf6c818d06f1c8d03cfa8cc Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Wed, 5 Sep 2018 12:50:53 +0200
Subject: dashboard/config: re-enable selinux

Upstream "selinux: fix mounting of cgroup2 under older policies"
commit fixes mounting of cgroup2 under wheezy selinux policy.
So don't disable selinux on start.
Create separate cmdline arguments that enable selinux and apparmor.
---
 dashboard/config/upstream-apparmor.cmdline | 9 +++++++++
 dashboard/config/upstream-selinux.cmdline  | 9 +++++++++
 dashboard/config/upstream.cmdline          | 8 --------
 3 files changed, 18 insertions(+), 8 deletions(-)
 create mode 100644 dashboard/config/upstream-apparmor.cmdline
 create mode 100644 dashboard/config/upstream-selinux.cmdline
 delete mode 100644 dashboard/config/upstream.cmdline

(limited to 'dashboard')

diff --git a/dashboard/config/upstream-apparmor.cmdline b/dashboard/config/upstream-apparmor.cmdline
new file mode 100644
index 000000000..1a85912cb
--- /dev/null
+++ b/dashboard/config/upstream-apparmor.cmdline
@@ -0,0 +1,9 @@
+security=apparmor
+workqueue.watchdog_thresh=140
+kvm-intel.nested=1
+nf-conntrack-ftp.ports=20000
+nf-conntrack-tftp.ports=20000
+nf-conntrack-sip.ports=20000
+nf-conntrack-irc.ports=20000
+nf-conntrack-sane.ports=20000
+nopcid
diff --git a/dashboard/config/upstream-selinux.cmdline b/dashboard/config/upstream-selinux.cmdline
new file mode 100644
index 000000000..fbfc9f6f9
--- /dev/null
+++ b/dashboard/config/upstream-selinux.cmdline
@@ -0,0 +1,9 @@
+security=selinux
+workqueue.watchdog_thresh=140
+kvm-intel.nested=1
+nf-conntrack-ftp.ports=20000
+nf-conntrack-tftp.ports=20000
+nf-conntrack-sip.ports=20000
+nf-conntrack-irc.ports=20000
+nf-conntrack-sane.ports=20000
+nopcid
diff --git a/dashboard/config/upstream.cmdline b/dashboard/config/upstream.cmdline
deleted file mode 100644
index b475f380a..000000000
--- a/dashboard/config/upstream.cmdline
+++ /dev/null
@@ -1,8 +0,0 @@
-workqueue.watchdog_thresh=140
-kvm-intel.nested=1
-nf-conntrack-ftp.ports=20000
-nf-conntrack-tftp.ports=20000
-nf-conntrack-sip.ports=20000
-nf-conntrack-irc.ports=20000
-nf-conntrack-sane.ports=20000
-nopcid
-- 
cgit mrf-deployment