SELinux docker.sock access module for jwilder/nginx-proxy container

docker_socketaccess.te

module docker_socketaccess 1.0;

require {
        type docker_var_run_t;
        type iptables_t;
        type docker_t;
        type svirt_lxc_net_t;
        class process { siginh noatsecure rlimitinh };
        class sock_file { write getattr };
        class unix_stream_socket connectto;
}

#============= docker_t ==============
allow docker_t iptables_t:process { siginh rlimitinh noatsecure };
allow docker_t svirt_lxc_net_t:process { siginh rlimitinh noatsecure };

#============= svirt_lxc_net_t ==============
allow svirt_lxc_net_t docker_t:unix_stream_socket connectto;
allow svirt_lxc_net_t docker_var_run_t:sock_file { write getattr };