Bug 1272848

Summary: Docker policy defines rules for distro types.
Product: [Fedora] Fedora Reporter: Miroslav Grepl <mgrepl>
Component: dockerAssignee: Lokesh Mandvekar <lsm5>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: high    
Version: rawhideCC: adimania, admiller, dominick.grift, dwalsh, extras-qa, ichavero, jcajka, jchaloup, lsm5, lvrabec, mgrepl, miminar, plautrba, vbatts, wibrown
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1272846 Environment:
Last Closed: 2016-02-16 17:22:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1272846    
Bug Blocks:    

Description Miroslav Grepl 2015-10-19 05:28:52 UTC 
+++ This bug was initially created as a clone of Bug #1272846 +++

Description of problem:

With the current policy, we need to define rules for types which are provided by distribution in docker-selinux policy which means we need to require private types.

https://github.com/fedora-cloud/docker-selinux/blob/master/docker.te

optional_policy(`
 gen_require(`
  type pcp_pmcd_t;
')
  docker_manage_lib_files(pcp_pmcd_t)
')


These rules should be a part of Fedora distro policy. We need to have a way how to provide docker.if which reflects docker.if shipped by docker-selinux.rpm.
Comment 1 Miroslav Grepl 2015-10-26 20:51:40 UTC 
Guys, what is a progress here? We really need to do a new rawhide build for another issues?

We need to add proper Conflicts to both packages.
Comment 2 Miroslav Grepl 2015-10-26 21:20:21 UTC 
Or docker-selinux probably will require the proper selinux-policy version

Requires: >= selinux-policy-3.13.1-155

But not sure against which docker-selinux version we should conflict. I mean we need to have a version where you removed docker.if.
Comment 3 Lukas Vrabec 2015-10-27 15:21:47 UTC 
Hi, 

I add conflicts against docker-selinux. You add fine version *-155 is where we added docker.if file. Waiting for docker-selinux package.
Comment 4 Daniel Walsh 2015-10-28 14:06:59 UTC 
Fixed in docker-1.9