[docker-selinux] Move docker interfaces from docker-selinux to selinux-policy dist-git repo.
Lukas Vrabec
lvrabec at redhat.com
Tue Oct 20 15:29:27 UTC 2015
Hi!
I would like to introduce the latestchanges inthe docker selinux policy.
In Fedora Rawhide and 23, selinux-policyfor dockeris shipped separately
as adocker sub-package. This is quite a problem when we want to add
ruleslike: /"docker_stream_connect(abrt_t)" /to distro policy/. /The
abrt policy is shipped in theselinux-policy package but
thedocker_stream_connectinterfaceis shipped in thedocker-selinux
package. So we cannot add this rule totheabrt policy because of the
docker interface notbeingdefined during the selinux-policy build.
The solution is that we movethe docker selinux interfaces
totheselinux-policy package and the rest ofthefiles isshipped in
thedocker-selinux package.
The disadvantage of this solution is that everytime we build a new
selinux-policy package we need to download the latestdocker selinux-policy.
Thesechanges have beenpushed to Fedora Rawhide, so please,if you find
any problem,let me know!
Thank you!
--
Lukas Vrabec
SELinux Solutions
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20151020/f9f76fdb/attachment.html>
More information about the selinux
mailing list