selinux-dockersock icon indicating copy to clipboard operation
selinux-dockersock copied to clipboard

Published 20 hours ago verified publisher icon dpw

Alternative Installation Method

Open fifofonix opened this issue 4 years ago • 1 comments

Thanks for this repo because I'm new to SELinux and it helped me a lot.

Note however after starting with the method you have here for installation I actually simplified things by converting your policy to the human-readable CIL format cat dockersock.pp | /usr/libexec/selinux/hll/pp > dockersock.cil and this allowed me to install it in a single line semodule -I dockersock.cil.

For my use case which involves provisioning FedoraCoreOS (FCOS) boxes, which do not come with checkpolicy installed, this avoided layering a time consuming OS modification sudo rpm-ostree install checkpolicy to our boot processes.

fifofonix avatar Apr 02 '20 15:04 fifofonix

For those finding this issue in the future, here is the CIL produced so you don't need to run the compilation yourself:

(The types used here are for Fedora 32, these are probably different on other platforms, see #4)

(typeattributeset cil_gen_require container_runtime_t)
(typeattributeset cil_gen_require container_t)
(allow container_t container_runtime_t (unix_stream_socket (connectto)))

jmariondev avatar Jul 28 '20 23:07 jmariondev