New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
[1.12.x] depend on docker-selinux for centos-7.3+ #29377
Conversation
Use the policy files provided by CentOS for docker by depending on docker-selinux. Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Now that centos 7.3 has been released, this PR is ready for a second chance. I've successfully built this RPM and installed it on a centos 7 AMI on EC2. Yum install history show that the package pulled in
Configured docker daemon to run with selinux by setting {
"selinux-enabled": true
} See that the
|
LGTM |
LGTM Without selinux:
With selinux setting set in daemon.json:
|
- What I did
Changed the dependency in the
docker-engine
RPM built for CentOS to depend ondocker-selinux
.- How I did it
Added a conditional
Requires
in the spec file. Also refactored thehack/make/build-rpm
to only build adocker-engine-selinux
package if there exists a specific selinux policy directory in thecontrib
dir. In doing so, found that thecontrib/selinux
policy dir is only used byfedora-23
so renamed that policy dir.Note: this changes the default behaviour of building RPMs from using a generic selinux policy to only using one for the specificy distro version.
- How to verify it
Build a
docker-engine
centos-7 RPM package and install on centos 7.3 with selinux enabled:- Description for the changelog
Use the selinux policy provided by
docker-selinux
on CentOS.- A picture of a cute animal (not mandatory but encouraged)
馃悂