Add support to fapolicyd in rke2-common (#51)

* Add support to fapolicyd in rke2-common Signed-off-by: galal-hussein <[email protected]> * Add support to fapolicyd in rke2-common Signed-off-by: galal-hussein <[email protected]> * Add support to fapolicyd in rke2-common Signed-off-by: galal-hussein <[email protected]> --------- Signed-off-by: galal-hussein <[email protected]>
rancher · Sep 16, 2024 · 96a3c46 · 96a3c46
1 parent 5d345d7
commit 96a3c46
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -3,6 +3,7 @@ ALL_ARCH = x86_64-amd64
 
 CENTOS7_TARGETS := $(addprefix centos7-,$(shell ls rpm/centos7/scripts))
 CENTOS8_TARGETS := $(addprefix centos8-,$(shell ls rpm/centos8/scripts))
+CENTOS9_TARGETS := $(addprefix centos9-,$(shell ls rpm/centos9/scripts))
 MICROOS_TARGETS := $(addprefix microos-,$(shell ls rpm/microos/scripts))
 SLEMICRO_TARGETS := $(addprefix slemicro-,$(shell ls rpm/slemicro/scripts))
 
@@ -19,6 +20,9 @@ $(CENTOS7_TARGETS): .dapper
 $(CENTOS8_TARGETS): .dapper
 	COMBARCH=${COMBARCH} ./.dapper -f Dockerfile.centos8.dapper $(@:centos8-%=%)
 
+$(CENTOS9_TARGETS): .dapper
+	COMBARCH=${COMBARCH} ./.dapper -f Dockerfile.centos9.dapper $(@:centos9-%=%)
+
 $(MICROOS_TARGETS): .dapper
 	COMBARCH=${COMBARCH} ./.dapper -f Dockerfile.microos.dapper $(@:microos-%=%)
 
@@ -35,6 +39,11 @@ all-centos8-build: $(addprefix sub-centos8-build-,$(ALL_ARCH))
 sub-centos8-build-%:
 	$(MAKE) COMBARCH=$* centos8-build
 
+all-centos9-build: $(addprefix sub-centos9-build-,$(ALL_ARCH))
+
+sub-centos9-build-%:
+	$(MAKE) COMBARCH=$* centos9-build
+
 all-microos-build: $(addprefix sub-microos-build-,$(ALL_ARCH))
 
 sub-microos-build-%:
@@ -45,4 +54,4 @@ all-slemicro-build: $(addprefix sub-slemicro-build-,$(ALL_ARCH))
 sub-slemicro-build-%:
 	$(MAKE) COMBARCH=$* slemicro-build
 
-.PHONY: $(CENTOS7_TARGETS) $(CENTOS8_TARGETS) $(MICROOS_TARGETS) $(SLEMICRO_TARGETS)
+.PHONY: $(CENTOS7_TARGETS) $(CENTOS8_TARGETS) $(CENTOS9_TARGETS) $(MICROOS_TARGETS) $(SLEMICRO_TARGETS)
diff --git a/rpm/centos7/common/80-rke2.rules b/rpm/centos7/common/80-rke2.rules
@@ -0,0 +1,4 @@
+allow perm=any all : dir=/var/lib/rancher/
+allow perm=any all : dir=/opt/cni/
+allow perm=any all : dir=/run/k3s/
+allow perm=any all : dir=/var/lib/kubelet/
diff --git a/rpm/centos7/common/rke2-common.spec b/rpm/centos7/common/rke2-common.spec
@@ -10,6 +10,7 @@ Group:   System Environment/Base
 License: ASL 2.0
 URL:     https://rancher.com
 Source0: https://github.com/rancher/rke2/releases/download/%{rke2_version}/rke2.linux-%{ARCH}.tar.gz
+Source1: 80-rke2.rules
 
 BuildRequires: systemd
 Requires(post): rke2-selinux >= %{rke2_policyver}
@@ -20,6 +21,7 @@ The Next Generation Rancher Labs Distribution of Kubernetes
 
 %prep
 tar -xzf %SOURCE0 -C %{_builddir}
+cp %SOURCE1 %{_builddir}
 
 %install
 install -m 755 -d %{buildroot}%{_bindir}
@@ -32,6 +34,8 @@ install -m 755 -d %{buildroot}%{_sharedstatedir}/rancher/rke2
 install -m 755 -d %{buildroot}%{_localstatedir}/run/k3s
 install -m 755 -t %{buildroot}%{_bindir}/ %{_builddir}/bin/rke2-killall.sh
 install -m 755 -t %{buildroot}%{_bindir}/ %{_builddir}/bin/rke2-uninstall.sh
+install -d -m 755 %{buildroot}%{_sysconfdir}/fapolicyd/rules.d
+install -m 644 -t %{buildroot}%{_sysconfdir}/fapolicyd/rules.d/ %{_builddir}/80-rke2.rules
 
 %files
 %{_bindir}/rke2
@@ -42,6 +46,7 @@ install -m 755 -t %{buildroot}%{_bindir}/ %{_builddir}/bin/rke2-uninstall.sh
 %{_localstatedir}/run/k3s
 %{_bindir}/rke2-killall.sh
 %{_bindir}/rke2-uninstall.sh
+%{_sysconfdir}/fapolicyd/rules.d/80-rke2.rules
 
 %changelog