----- Original Message ----- > From: "Lukas Vrabec" <lvrabec@xxxxxxxxxx> > To: selinux@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Tuesday, October 20, 2015 11:29:27 AM > Subject: [docker-selinux] Move docker interfaces from docker-selinux to selinux-policy dist-git repo. > > Hi! > > I would like to introduce the latest changes in the docker selinux policy. In > Fedora Rawhide and 23, selinux-policy for docker is shipped separately as a > docker sub-package. This is quite a problem when we want to add rule s like: > "docker_stream_connect(abrt_t)" to distro policy . The a brt policy is > shipped in the selinux-policy package but the docker_stream_connect > interface is shipped in the docker-selinux package. So we cannot add this > rule to the abrt policy because of the docker interface not being defined > during the selinux-policy build. > The s olution is that we move the docker selinux interfaces to the > selinux-policy package and the rest of the files is shipped in the > docker-selinux package. > The d isadvantage of this solution is that everytime we build a new > selinux-policy package we need to download the latest docker selinux-policy. > Th ese changes have been pushed to Fedora Rawhide, so please , if you find > any problem , let me know! Very good. Will do. Thanks! > Thank you! > -- > Lukas Vrabec > SELinux Solutions > Red Hat, Inc. > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- Simon Sekidde * Red Hat, Inc. * Westford, MA gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
