32b1f26c51
This adds the ability to have different profiles for individual distros
and versions of the distro because they all ship with and depend on
different versions of policy packages.
The `selinux` dir contains the unmodified policy that is being used
today. The `selinux-fedora` dir contains the new policy for fedora 24
with the changes for it to compile and work on the system.
The fedora policy is from commit
4a6ce94da5
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
29 lines
1.7 KiB
Text
29 lines
1.7 KiB
Text
/root/\.docker gen_context(system_u:object_r:docker_home_t,s0)
|
|
|
|
/usr/bin/docker -- gen_context(system_u:object_r:docker_exec_t,s0)
|
|
/usr/bin/docker-novolume-plugin -- gen_context(system_u:object_r:docker_auth_exec_t,s0)
|
|
/usr/lib/docker/docker-novolume-plugin -- gen_context(system_u:object_r:docker_auth_exec_t,s0)
|
|
|
|
/usr/lib/systemd/system/docker.service -- gen_context(system_u:object_r:docker_unit_file_t,s0)
|
|
/usr/lib/systemd/system/docker-novolume-plugin.service -- gen_context(system_u:object_r:docker_unit_file_t,s0)
|
|
|
|
/etc/docker(/.*)? gen_context(system_u:object_r:docker_config_t,s0)
|
|
|
|
/var/lib/docker(/.*)? gen_context(system_u:object_r:docker_var_lib_t,s0)
|
|
/var/lib/kublet(/.*)? gen_context(system_u:object_r:docker_var_lib_t,s0)
|
|
/var/lib/docker/vfs(/.*)? gen_context(system_u:object_r:svirt_sandbox_file_t,s0)
|
|
|
|
/var/run/docker(/.*)? gen_context(system_u:object_r:docker_var_run_t,s0)
|
|
/var/run/docker\.pid -- gen_context(system_u:object_r:docker_var_run_t,s0)
|
|
/var/run/docker\.sock -s gen_context(system_u:object_r:docker_var_run_t,s0)
|
|
/var/run/docker-client(/.*)? gen_context(system_u:object_r:docker_var_run_t,s0)
|
|
/var/run/docker/plugins(/.*)? gen_context(system_u:object_r:docker_plugin_var_run_t,s0)
|
|
|
|
/var/lock/lxc(/.*)? gen_context(system_u:object_r:docker_lock_t,s0)
|
|
|
|
/var/log/lxc(/.*)? gen_context(system_u:object_r:docker_log_t,s0)
|
|
|
|
/var/lib/docker/init(/.*)? gen_context(system_u:object_r:docker_share_t,s0)
|
|
/var/lib/docker/containers/.*/hosts gen_context(system_u:object_r:docker_share_t,s0)
|
|
/var/lib/docker/containers/.*/hostname gen_context(system_u:object_r:docker_share_t,s0)
|
|
/var/lib/docker/.*/config\.env gen_context(system_u:object_r:docker_share_t,s0)
|