[selinux-policy] Additional fixes for docker.te
Miroslav Grepl
mgrepl at fedoraproject.org
Mon Dec 16 11:39:04 UTC 2013
commit fa3915aa889f389d8f2209a8c660c249e20585d2
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Mon Dec 16 12:38:58 2013 +0100
Additional fixes for docker.te
policy-rawhide-contrib.patch | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 94d21eb..c8e9d8b 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -22509,7 +22509,7 @@ index 0000000..d856375
+')
diff --git a/docker.te b/docker.te
new file mode 100644
-index 0000000..c5b0dcd
+index 0000000..f156949
--- /dev/null
+++ b/docker.te
@@ -0,0 +1,145 @@
@@ -22610,8 +22610,8 @@ index 0000000..c5b0dcd
+
+allow docker_t self:capability { sys_admin sys_boot dac_override setpcap sys_ptrace };
+allow docker_t self:process { setpgid setsched signal_perms };
-+allow docker_t self:netlink_route_socket nlmsg_write;
-+allow docker_t self:netlink_audit_socket create_netlink_perms;
++allow docker_t self:netlink_route_socket rw_netlink_socket_perms;;
++allow docker_t self:netlink_audit_socket create_netlink_socket_perms;
+allow docker_t self:unix_dgram_socket create_socket_perms;
+allow docker_t self:unix_stream_socket { create_stream_socket_perms connectto };
+
More information about the scm-commits
mailing list