mirror of
https://github.com/mirage/qubes-mirage-firewall.git
synced 2025-09-21 21:34:37 -04:00
comply with SELinux enforcement AppVM
This commit is contained in:
parent
700e03de85
commit
173832e053
2 changed files with 6 additions and 5 deletions
|
@ -14,15 +14,16 @@ See the [Deploy](#deploy) section below for installation instructions.
|
||||||
## Build from source
|
## Build from source
|
||||||
|
|
||||||
Note: The most reliable way to build is using Docker.
|
Note: The most reliable way to build is using Docker.
|
||||||
Fedora 35 works well for this and Debian 11 also works, but you'll need to follow the instructions at [docker.com][debian-docker] to get Docker
|
Fedora 38 works well for this, Debian 11 also works (and Debian 12 should), but you'll need to follow the instructions at [docker.com][debian-docker] to get Docker
|
||||||
(don't use Debian's version).
|
(don't use Debian's version).
|
||||||
|
|
||||||
Create a new Fedora-35 AppVM (or reuse an existing one). In the Qube's Settings (Basic / Disk storage), increase the private storage max size from the default 2048 MiB to 4096 MiB. Open a terminal.
|
Create a new Fedora-38 AppVM (or reuse an existing one). In the Qube's Settings (Basic / Disk storage), increase the private storage max size from the default 2048 MiB to 4096 MiB. Open a terminal.
|
||||||
|
|
||||||
Clone this Git repository and run the `build-with-docker.sh` script:
|
Clone this Git repository and run the `build-with-docker.sh` script (Note: The `chcon` call is mandatory with new SELinux policies which do not allow to standardly keep the images in homedir):
|
||||||
|
|
||||||
mkdir /home/user/docker
|
mkdir /home/user/docker
|
||||||
sudo ln -s /home/user/docker /var/lib/docker
|
sudo ln -s /home/user/docker /var/lib/docker
|
||||||
|
sudo chcon -Rt container_file_t /home/user/docker
|
||||||
sudo dnf install docker
|
sudo dnf install docker
|
||||||
sudo systemctl start docker
|
sudo systemctl start docker
|
||||||
git clone https://github.com/mirage/qubes-mirage-firewall.git
|
git clone https://github.com/mirage/qubes-mirage-firewall.git
|
||||||
|
@ -141,7 +142,7 @@ The boot process:
|
||||||
For development, use the [test-mirage][] scripts to deploy the unikernel (`qubes-firewall.xen`) from your development AppVM.
|
For development, use the [test-mirage][] scripts to deploy the unikernel (`qubes-firewall.xen`) from your development AppVM.
|
||||||
This takes a little more setting up the first time, but will be much quicker after that. e.g.
|
This takes a little more setting up the first time, but will be much quicker after that. e.g.
|
||||||
|
|
||||||
$ test-mirage dist/qubes-firewall.xen mirage-firewall
|
[user@dev ~]$ test-mirage dist/qubes-firewall.xen mirage-firewall
|
||||||
Waiting for 'Ready'... OK
|
Waiting for 'Ready'... OK
|
||||||
Uploading 'dist/qubes-firewall.xen' (7454880 bytes) to "mirage-test"
|
Uploading 'dist/qubes-firewall.xen' (7454880 bytes) to "mirage-test"
|
||||||
Waiting for 'Booting'... OK
|
Waiting for 'Booting'... OK
|
||||||
|
|
|
@ -3,7 +3,7 @@ set -eu
|
||||||
echo Building Docker image with dependencies..
|
echo Building Docker image with dependencies..
|
||||||
docker build -t qubes-mirage-firewall .
|
docker build -t qubes-mirage-firewall .
|
||||||
echo Building Firewall...
|
echo Building Firewall...
|
||||||
docker run --rm -i -v `pwd`:/tmp/orb-build qubes-mirage-firewall
|
docker run --rm -i -v `pwd`:/tmp/orb-build:Z qubes-mirage-firewall
|
||||||
echo "SHA2 of build: $(sha256sum ./dist/qubes-firewall.xen)"
|
echo "SHA2 of build: $(sha256sum ./dist/qubes-firewall.xen)"
|
||||||
echo "SHA2 last known: 8ae5314edf5b863b788c4b873e27bc4b206a2ff7ef1051c4c62ae41584ed3e14"
|
echo "SHA2 last known: 8ae5314edf5b863b788c4b873e27bc4b206a2ff7ef1051c4c62ae41584ed3e14"
|
||||||
echo "(hashes should match for released versions)"
|
echo "(hashes should match for released versions)"
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue