Add Dockerfile and targets to build and run the container

This adds the `image`, `push` and `runc` targets, which are for building, pushinng and running the container.
containers · Dec 17, 2020 · 7f2783b · 7f2783b
1 parent c4dda54
commit 7f2783b
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 0 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1 @@
+bin/
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,48 @@
+# Copyright © 2020 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM registry.centos.org/centos:8 AS build
+USER root
+WORKDIR /work
+
+# Speed up build by leveraging docker layer caching
+COPY go.mod go.sum vendor/ ./
+RUN mkdir -p bin
+
+RUN dnf install -y --disableplugin=subscription-manager \
+    --enablerepo=powertools \
+    golang make libsemanage-devel
+
+ADD . /work
+
+RUN make
+
+FROM registry.centos.org/centos:8 AS build
+# TODO(jaosorior): Switch to UBI once we use static linking
+#FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
+
+# TODO(jaosorior): See if we can run this without root
+USER root
+
+LABEL name="selinuxd" \
+      description="selinuxd is a daemon that listens for files in /etc/selinux.d/ and installs the relevant policies."
+
+# TODO(jaosorior): Remove once we use static linking
+RUN dnf install -y --disableplugin=subscription-manager \
+    --enablerepo=powertools \
+    policycoreutils
+
+COPY --from=build /work/bin/selinuxdctl /usr/bin/
+
+ENTRYPOINT ["/usr/bin/selinuxdctl"]
diff --git a/Makefile b/Makefile
@@ -13,6 +13,14 @@ ifeq ($(OS_NAME), Darwin)
 endif
 GOLANGCI_LINT_URL=https://github.com/golangci/golangci-lint/releases/download/v$(GOLANGCI_LINT_VERSION)/golangci-lint-$(GOLANGCI_LINT_VERSION)-$(GOLANGCI_LINT_OS)-amd64.tar.gz
 
+CONTAINTER_RUNTIME?=podman
+
+IMAGE_NAME=selinuxd
+IMAGE_TAG=latest
+
+IMAGE_REF=$(IMAGE_NAME):$(IMAGE_TAG)
+
+IMAGE_REPO?=quay.io/jaosorior/$(IMAGE_REF)
 
 # Targets
 
@@ -33,6 +41,15 @@ test:
 run: $(BIN) $(POLICYDIR)
 	sudo $(BIN) daemon
 
+.PHONY: runc
+runc: image $(POLICYDIR)
+	sudo $(CONTAINTER_RUNTIME) run -ti \
+		--privileged \
+		-v /sys/fs/selinux:/sys/fs/selinux \
+		-v /var/lib/selinux:/var/lib/selinux \
+		-v /etc/selinux.d:/etc/selinux.d \
+		$(IMAGE_REPO) daemon
+
 $(BINDIR):
 	mkdir -p $(BINDIR)
 
@@ -60,3 +77,11 @@ $(GOPATH)/bin/golangci-lint:
 		(echo "curl returned $$? trying to fetch golangci-lint. please install golangci-lint and try again"; exit 1); \
 	GOLANGCI_LINT_CACHE=/tmp/golangci-cache $(GOPATH)/bin/golangci-lint version
 	GOLANGCI_LINT_CACHE=/tmp/golangci-cache $(GOPATH)/bin/golangci-lint linters
+
+.PHONY: image
+image:
+	$(CONTAINTER_RUNTIME) build -t $(IMAGE_REPO) .
+
+.PHONY: push
+push:
+	$(CONTAINTER_RUNTIME) push $(IMAGE_REPO)