selinux-dockersock icon indicating copy to clipboard operation
selinux-dockersock copied to clipboard

Published 20 hours ago verified publisher icon dpw

different policy in rhel/centos/sl7

Open wasphin opened this issue 5 years ago • 0 comments

In my case under ScientificLinux 7, which I think should be the same as RHEL/CentOS 7, the te should be:

module local 1.0;

require {
	type container_runtime_t;
	type container_t;
	class unix_stream_socket connectto;
}

#============= container_t ==============

#!!!! The file '/run/docker.sock' is mislabeled on your system.  
#!!!! Fix with $ restorecon -R -v /run/docker.sock
allow container_t container_runtime_t:unix_stream_socket connectto;

wasphin avatar Jun 20 '19 07:06 wasphin