Skip to content

Commit

Permalink
Merge pull request #15832 from jfrazelle/add-docker-seliux-policy-for…
Browse files Browse the repository at this point in the history 
…-rpm

Add docker seliux policy for rpm
  • Loading branch information
Arnaud Porterie committed Aug 29, 2015
2 parents 0b2cff3 + 8fe675d commit 626c050
Show file tree
Hide file tree
Showing 15 changed files with 1,574 additions and 6 deletions.
2 changes: 1 addition & 1 deletion contrib/builder/rpm/centos-7/Dockerfile
View file
Expand Up @@ -6,7 +6,7 @@ FROM centos:7

RUN yum groupinstall -y "Development Tools"
RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs
RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel sqlite-devel tar
RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel selinux-policy selinux-policy-devel sqlite-devel tar

ENV GO_VERSION 1.4.2
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
Expand Down
2 changes: 1 addition & 1 deletion contrib/builder/rpm/fedora-21/Dockerfile
View file
Expand Up @@ -5,7 +5,7 @@
FROM fedora:21

RUN yum install -y @development-tools fedora-packager
RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel sqlite-devel tar
RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel selinux-policy selinux-policy-devel sqlite-devel tar

ENV GO_VERSION 1.4.2
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
Expand Down
2 changes: 1 addition & 1 deletion contrib/builder/rpm/fedora-22/Dockerfile
View file
Expand Up @@ -5,7 +5,7 @@
FROM fedora:22

RUN yum install -y @development-tools fedora-packager
RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel sqlite-devel tar
RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel selinux-policy selinux-policy-devel sqlite-devel tar

ENV GO_VERSION 1.4.2
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
Expand Down
2 changes: 2 additions & 0 deletions contrib/builder/rpm/generate.sh
View file
Expand Up @@ -58,6 +58,8 @@ for version in "${versions[@]}"; do
device-mapper-devel # for "libdevmapper.h"
glibc-static
libselinux-devel # for "libselinux.so"
selinux-policy
selinux-policy-devel
sqlite-devel # for "sqlite3.h"
tar # older versions of dev-tools do not have tar
)
Expand Down
2 changes: 1 addition & 1 deletion contrib/builder/rpm/oraclelinux-6/Dockerfile
View file
Expand Up @@ -5,7 +5,7 @@
FROM oraclelinux:6

RUN yum groupinstall -y "Development Tools"
RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel sqlite-devel tar
RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel selinux-policy selinux-policy-devel sqlite-devel tar

ENV GO_VERSION 1.4.2
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
Expand Down
2 changes: 1 addition & 1 deletion contrib/builder/rpm/oraclelinux-7/Dockerfile
View file
Expand Up @@ -5,7 +5,7 @@
FROM oraclelinux:7

RUN yum groupinstall -y "Development Tools"
RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel sqlite-devel tar
RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel selinux-policy selinux-policy-devel sqlite-devel tar

ENV GO_VERSION 1.4.2
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
Expand Down
502 changes: 502 additions & 0 deletions contrib/docker-engine-selinux/LICENSE
View file

Large diffs are not rendered by default.

16 changes: 16 additions & 0 deletions contrib/docker-engine-selinux/Makefile
View file
@@ -0,0 +1,16 @@
TARGETS?=docker
MODULES?=${TARGETS:=.pp.bz2}
SHAREDIR?=/usr/share

all: ${TARGETS:=.pp.bz2}

%.pp.bz2: %.pp
@echo Compressing $^ -\> $@
bzip2 -9 $^

%.pp: %.te
make -f ${SHAREDIR}/selinux/devel/Makefile $@

clean:
rm -f *~ *.tc *.pp *.pp.bz2
rm -rf tmp *.tar.gz
24 changes: 24 additions & 0 deletions contrib/docker-engine-selinux/docker.fc
View file
@@ -0,0 +1,24 @@
/root/\.docker gen_context(system_u:object_r:docker_home_t,s0)

/usr/bin/docker -- gen_context(system_u:object_r:docker_exec_t,s0)

/usr/lib/systemd/system/docker.service -- gen_context(system_u:object_r:docker_unit_file_t,s0)

/etc/docker(/.*)? gen_context(system_u:object_r:docker_config_t,s0)

/var/lib/docker(/.*)? gen_context(system_u:object_r:docker_var_lib_t,s0)
/var/lib/kublet(/.*)? gen_context(system_u:object_r:docker_var_lib_t,s0)
/var/lib/docker/vfs(/.*)? gen_context(system_u:object_r:svirt_sandbox_file_t,s0)

/var/run/docker\.pid -- gen_context(system_u:object_r:docker_var_run_t,s0)
/var/run/docker\.sock -s gen_context(system_u:object_r:docker_var_run_t,s0)
/var/run/docker-client(/.*)? gen_context(system_u:object_r:docker_var_run_t,s0)

/var/lock/lxc(/.*)? gen_context(system_u:object_r:docker_lock_t,s0)

/var/log/lxc(/.*)? gen_context(system_u:object_r:docker_log_t,s0)

/var/lib/docker/init(/.*)? gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker/containers/.*/hosts gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker/containers/.*/hostname gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker/.*/config\.env gen_context(system_u:object_r:docker_share_t,s0)

0 comments on commit 626c050

Please sign in to comment.