-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
add selinux policy for centos-7 on 1.12.x branch #29188
Conversation
This policy is from commit lsm5/container-selinux@583a67f Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Resolved conflict of bringing in this patch originally committed to the 1.13.x branch. For this patch applied to the 1.12.x branch, did not keep the photon case statement in generate.sh and did not update to golang 1.7 in the centos-7/Dockerfile. Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Ok, this one really isn't working :( Using devmapper, selinux enabled.
|
Hmm...I'll have a look. |
if this is just for centos, can't you just |
@andrewhsu are you sure you're using the correct branch of container-selinux? 1.12 should work with this branch https://github.com/projectatomic/container-selinux/tree/RHEL-1.12 |
@runcom This PR is using the policy files from lsm5/container-selinux@583a67f which is what's used to build the latest docker-selinux Don't know why the In any case, the diff between that I may now have to seriously consider the route of |
Abandoning this approach in favor of PR #29194 which will simply require |
I've gone back to this to see if it can build and I was able to get it working (turns out I needed to clear out my On a RHEL7.3 instance of EC2 and selinux enabled in the
Whereas with selinux disabled (see
Which is all good and happening, but CentOS7.2 does not work with selinux enabled. The process bonks out when exited and goes |
Lesser of two weevils. |
Let's build RC1 with this patch. |
- What I did
Cherry picked commits from the PR #29081 which was originally applied to
master
and merged to1.13.x
branch. Had to resolve conflicts in commit bfe5cab.- How I did it
$ git cherry-pick e0852be # add selinux policy for centos-7
$ git cherry-pick 09e68fd # add extra docker.te lines from rhel7.3 docker.spec
$ git cherry-pick bfe5cab # get rhel7.3 selinux-policy-devel pkg for centos-7
- How to verify it
Same way to verify PR #29081.
- Description for the changelog
Update selinux policy for distros based on RHEL7.3.
- A picture of a cute animal (not mandatory but encouraged)
馃惔