7b95154474
With the latest OL7.2, selinux policy that is shipped
might not be the latest for it to work or build with
selinux policy for docker-1.12.
To be able to achieve that here is what is done:
1. Added systemd_machined policy which is part of systemd.
2. Temporarily comment out unconfined_typebounds because the
current OL7's selinux doesn't have unconfineduser selinux policy,
to include this will be too much. Will revisit this once we have
updated the selinux policy.
Fixes: #24612
Signed-off-by: Thomas Tanaka <thomas.tanaka@oracle.com>
(cherry picked from commit d6cae872c7
)
Signed-off-by: Tibor Vass <tibor@docker.com>
33 lines
1.9 KiB
Text
33 lines
1.9 KiB
Text
/root/\.docker gen_context(system_u:object_r:docker_home_t,s0)
|
|
|
|
/usr/bin/docker -- gen_context(system_u:object_r:docker_exec_t,s0)
|
|
/usr/bin/docker-novolume-plugin -- gen_context(system_u:object_r:docker_auth_exec_t,s0)
|
|
/usr/lib/docker/docker-novolume-plugin -- gen_context(system_u:object_r:docker_auth_exec_t,s0)
|
|
|
|
/usr/lib/systemd/system/docker.service -- gen_context(system_u:object_r:docker_unit_file_t,s0)
|
|
/usr/lib/systemd/system/docker-novolume-plugin.service -- gen_context(system_u:object_r:docker_unit_file_t,s0)
|
|
|
|
/etc/docker(/.*)? gen_context(system_u:object_r:docker_config_t,s0)
|
|
|
|
/var/lib/docker(/.*)? gen_context(system_u:object_r:docker_var_lib_t,s0)
|
|
/var/lib/kublet(/.*)? gen_context(system_u:object_r:docker_var_lib_t,s0)
|
|
/var/lib/docker/vfs(/.*)? gen_context(system_u:object_r:svirt_sandbox_file_t,s0)
|
|
|
|
/var/run/docker(/.*)? gen_context(system_u:object_r:docker_var_run_t,s0)
|
|
/var/run/docker\.pid -- gen_context(system_u:object_r:docker_var_run_t,s0)
|
|
/var/run/docker\.sock -s gen_context(system_u:object_r:docker_var_run_t,s0)
|
|
/var/run/docker-client(/.*)? gen_context(system_u:object_r:docker_var_run_t,s0)
|
|
/var/run/docker/plugins(/.*)? gen_context(system_u:object_r:docker_plugin_var_run_t,s0)
|
|
|
|
/var/lock/lxc(/.*)? gen_context(system_u:object_r:docker_lock_t,s0)
|
|
|
|
/var/log/lxc(/.*)? gen_context(system_u:object_r:docker_log_t,s0)
|
|
|
|
/var/lib/docker/init(/.*)? gen_context(system_u:object_r:docker_share_t,s0)
|
|
/var/lib/docker/containers/.*/hosts gen_context(system_u:object_r:docker_share_t,s0)
|
|
/var/lib/docker/containers/.*/hostname gen_context(system_u:object_r:docker_share_t,s0)
|
|
/var/lib/docker/.*/config\.env gen_context(system_u:object_r:docker_share_t,s0)
|
|
|
|
# OL7.2 systemd selinux update
|
|
/var/run/systemd/machines(/.*)? gen_context(system_u:object_r:systemd_machined_var_run_t,s0)
|
|
/var/lib/machines(/.*)? gen_context(system_u:object_r:systemd_machined_var_lib_t,s0)
|