Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2025-09-21 21:34:37 -04:00
Code Issues Projects Releases Packages Wiki Activity

comply with SELinux enforcement AppVM

Browse source
This commit is contained in:
Pierre Alain 2023-10-13 09:21:40 +02:00
parent 700e03de85
commit 173832e053
2 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
README.md
View file

@ -14,15 +14,16 @@ See the [Deploy](#deploy) section below for installation instructions.
## Build from source ## Build from source
Note: The most reliable way to build is using Docker. Note: The most reliable way to build is using Docker.
Fedora 35 works well for this and Debian 11 also works, but you'll need to follow the instructions at [docker.com][debian-docker] to get Docker Fedora 38 works well for this, Debian 11 also works (and Debian 12 should), but you'll need to follow the instructions at [docker.com][debian-docker] to get Docker
(don't use Debian's version). (don't use Debian's version).
Create a new Fedora-35 AppVM (or reuse an existing one). In the Qube's Settings (Basic / Disk storage), increase the private storage max size from the default 2048 MiB to 4096 MiB. Open a terminal. Create a new Fedora-38 AppVM (or reuse an existing one). In the Qube's Settings (Basic / Disk storage), increase the private storage max size from the default 2048 MiB to 4096 MiB. Open a terminal.
Clone this Git repository and run the `build-with-docker.sh` script: Clone this Git repository and run the `build-with-docker.sh` script (Note: The `chcon` call is mandatory with new SELinux policies which do not allow to standardly keep the images in homedir):
mkdir /home/user/docker mkdir /home/user/docker
sudo ln -s /home/user/docker /var/lib/docker sudo ln -s /home/user/docker /var/lib/docker
sudo chcon -Rt container_file_t /home/user/docker
sudo dnf install docker sudo dnf install docker
sudo systemctl start docker sudo systemctl start docker
git clone https://github.com/mirage/qubes-mirage-firewall.git git clone https://github.com/mirage/qubes-mirage-firewall.git
@ -141,7 +142,7 @@ The boot process:
For development, use the [test-mirage][] scripts to deploy the unikernel (`qubes-firewall.xen`) from your development AppVM. For development, use the [test-mirage][] scripts to deploy the unikernel (`qubes-firewall.xen`) from your development AppVM.
This takes a little more setting up the first time, but will be much quicker after that. e.g. This takes a little more setting up the first time, but will be much quicker after that. e.g.
$ test-mirage dist/qubes-firewall.xen mirage-firewall [user@dev ~]$ test-mirage dist/qubes-firewall.xen mirage-firewall
Waiting for 'Ready'... OK Waiting for 'Ready'... OK
Uploading 'dist/qubes-firewall.xen' (7454880 bytes) to "mirage-test" Uploading 'dist/qubes-firewall.xen' (7454880 bytes) to "mirage-test"
Waiting for 'Booting'... OK Waiting for 'Booting'... OK

2
build-with-docker.sh
View file

@ -3,7 +3,7 @@ set -eu
echo Building Docker image with dependencies.. echo Building Docker image with dependencies..
docker build -t qubes-mirage-firewall . docker build -t qubes-mirage-firewall .
echo Building Firewall... echo Building Firewall...
docker run --rm -i -v `pwd`:/tmp/orb-build qubes-mirage-firewall docker run --rm -i -v `pwd`:/tmp/orb-build:Z qubes-mirage-firewall
echo "SHA2 of build: $(sha256sum ./dist/qubes-firewall.xen)" echo "SHA2 of build: $(sha256sum ./dist/qubes-firewall.xen)"
echo "SHA2 last known: 8ae5314edf5b863b788c4b873e27bc4b206a2ff7ef1051c4c62ae41584ed3e14" echo "SHA2 last known: 8ae5314edf5b863b788c4b873e27bc4b206a2ff7ef1051c4c62ae41584ed3e14"
echo "(hashes should match for released versions)" echo "(hashes should match for released versions)"