mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Fix conflicts with newly updated selinux policies
The base selinux policies on centos/rhel/oraclelinux have all been updated in a way that conflicts with the policies we install with `docker-engine-selinux`. This patch fixes these conflicts. In addition, removes special cases for old/unsupported versions of fedora in our selinux package, and change to use a single minimum version for the selinux base policy package, as this is the minimum version required to use our selinux policy package. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This commit is contained in:
parent
2e3a621523
commit
ec9a05e5e2
3 changed files with 2 additions and 24 deletions
|
@ -7,8 +7,6 @@
|
||||||
/etc/docker(/.*)? gen_context(system_u:object_r:docker_config_t,s0)
|
/etc/docker(/.*)? gen_context(system_u:object_r:docker_config_t,s0)
|
||||||
|
|
||||||
/var/lib/docker(/.*)? gen_context(system_u:object_r:docker_var_lib_t,s0)
|
/var/lib/docker(/.*)? gen_context(system_u:object_r:docker_var_lib_t,s0)
|
||||||
/var/lib/kublet(/.*)? gen_context(system_u:object_r:docker_var_lib_t,s0)
|
|
||||||
/var/lib/docker/vfs(/.*)? gen_context(system_u:object_r:svirt_sandbox_file_t,s0)
|
|
||||||
|
|
||||||
/var/run/docker\.pid -- gen_context(system_u:object_r:docker_var_run_t,s0)
|
/var/run/docker\.pid -- gen_context(system_u:object_r:docker_var_run_t,s0)
|
||||||
/var/run/docker\.sock -s gen_context(system_u:object_r:docker_var_run_t,s0)
|
/var/run/docker\.sock -s gen_context(system_u:object_r:docker_var_run_t,s0)
|
||||||
|
|
|
@ -5,13 +5,6 @@ policy_module(docker, 1.0.0)
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
|
|
||||||
## <desc>
|
|
||||||
## <p>
|
|
||||||
## Allow sandbox containers manage fuse files
|
|
||||||
## </p>
|
|
||||||
## </desc>
|
|
||||||
gen_tunable(virt_sandbox_use_fusefs, false)
|
|
||||||
|
|
||||||
## <desc>
|
## <desc>
|
||||||
## <p>
|
## <p>
|
||||||
## Determine whether docker can
|
## Determine whether docker can
|
||||||
|
|
|
@ -13,20 +13,7 @@ URL: https://dockerproject.org
|
||||||
Vendor: Docker
|
Vendor: Docker
|
||||||
Packager: Docker <support@docker.com>
|
Packager: Docker <support@docker.com>
|
||||||
|
|
||||||
# Version of SELinux we were using
|
%global selinux_policyver 3.13.1-102
|
||||||
%if 0%{?fedora} == 20
|
|
||||||
%global selinux_policyver 3.12.1-197
|
|
||||||
%endif # fedora 20
|
|
||||||
%if 0%{?fedora} == 21
|
|
||||||
%global selinux_policyver 3.13.1-105
|
|
||||||
%endif # fedora 21
|
|
||||||
%if 0%{?fedora} >= 22
|
|
||||||
%global selinux_policyver 3.13.1-128
|
|
||||||
%endif # fedora 22
|
|
||||||
%if 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?oraclelinux} >= 7
|
|
||||||
%global selinux_policyver 3.13.1-23
|
|
||||||
%endif # centos,rhel,oraclelinux 7
|
|
||||||
|
|
||||||
%global selinuxtype targeted
|
%global selinuxtype targeted
|
||||||
%global moduletype services
|
%global moduletype services
|
||||||
%global modulenames docker
|
%global modulenames docker
|
||||||
|
@ -84,7 +71,7 @@ if %{_sbindir}/selinuxenabled ; then
|
||||||
%{_sbindir}/load_policy
|
%{_sbindir}/load_policy
|
||||||
%relabel_files
|
%relabel_files
|
||||||
if [ $1 -eq 1 ]; then
|
if [ $1 -eq 1 ]; then
|
||||||
restorecon -R %{_sharedstatedir}/docker
|
restorecon -R %{_sharedstatedir}/docker
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue