Created
April 1, 2015 03:19
-
-
Save gabeos/2205f8e36dfa3d2f5b63 to your computer and use it in GitHub Desktop.
SELinux docker.sock access module for jwilder/nginx-proxy container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module docker_socketaccess 1.0; | |
require { | |
type docker_var_run_t; | |
type iptables_t; | |
type docker_t; | |
type svirt_lxc_net_t; | |
class process { siginh noatsecure rlimitinh }; | |
class sock_file { write getattr }; | |
class unix_stream_socket connectto; | |
} | |
#============= docker_t ============== | |
allow docker_t iptables_t:process { siginh rlimitinh noatsecure }; | |
allow docker_t svirt_lxc_net_t:process { siginh rlimitinh noatsecure }; | |
#============= svirt_lxc_net_t ============== | |
allow svirt_lxc_net_t docker_t:unix_stream_socket connectto; | |
allow svirt_lxc_net_t docker_var_run_t:sock_file { write getattr }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment