[RFE] SELinux custom policies

[mnbro]

Is there a milestone for implementing SELinux custom policies for Flatcar Linux?

I saw some issues caused by this and I also see some stalled/unclear next steps like in #598 pending for a couple of years.

[tormath1]

Flatcar is shipped with policies from the refpolicy repository (similar to Gentoo) with the current policies:

sec-policy/selinux-base-2.20240226-r2::portage-stable
sec-policy/selinux-base-policy-2.20240226-r2::portage-stable
sec-policy/selinux-container-2.20240226-r2::portage-stable
sec-policy/selinux-dbus-2.20240226-r2::portage-stable
sec-policy/selinux-policykit-2.20240226-r2::portage-stable
sec-policy/selinux-sssd-2.20240226-r2::portage-stable
sec-policy/selinux-unconfined-2.20240226-r2::portage-stable

At this moment, I think it might be possible to load custom policies on Flatcar (via Ignition) but for projects like rke2-selinux it's a bit more complex as those policies rely on containers-selinux which diverges from the refpolicy container implementation.