Bug 1295546

Summary: docker-selinux needs "allow svirt_lxc_net_t svirt_sandbox_file_t:file execmod;"
Product: [Fedora] Fedora Reporter: Matt Piermarini <mattpiermarini>
Component: selinux-policyAssignee: Lokesh Mandvekar <lsm5>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 23CC: adimania, admiller, dominick.grift, dustymabe, dwalsh, ichavero, jcajka, jchaloup, lsm5, lvrabec, mgrepl, miminar, plautrba, vbatts
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.13.1-159.fc23 selinux-policy-3.13.1-158.2.fc23 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1351609 (view as bug list) Environment:
Last Closed: 2016-01-22 02:21:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1351609    

Description Matt Piermarini 2016-01-04 19:35:44 UTC 
Description of problem:

Seems like this

https://bugzilla.redhat.com/show_bug.cgi?id=1129706

was not migrated from selinux-policy to docker-selinux

Version-Release number of selected component (if applicable):

dnf info docker-selinux
Last metadata expiration check performed 2:02:33 ago on Mon Jan  4 12:15:07 2016.
Installed Packages
Name        : docker-selinux
Arch        : x86_64
Epoch       : 1
Version     : 1.9.1
Release     : 4.git6ec29ef.fc23
Size        : 25 k
Repo        : @System
From repo   : updates
Summary     : SELinux policies for Docker
URL         : https://github.com/projectatomic/docker
License     : ASL 2.0
Description : SELinux policy modules for use with Docker.


How reproducible:

See bug 1129706, but try on Fedora 23.

Here is the fix for Fedora 21: https://github.com/fedora-selinux/selinux-policy/commit/00660273f83ee1cfb19365f761863760ac2ed3c0

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Daniel Walsh 2016-01-04 20:14:04 UTC 
docker-selinux does not have policy for svirt_lxc_net_t, this should be in the selinux-policy package.
Comment 2 Matt Piermarini 2016-01-04 20:26:21 UTC 
Sorry, bad assumption on my part on which package.  re-assign to selinux-policy
Comment 3 Miroslav Grepl 2016-01-06 11:18:32 UTC 
https://github.com/fedora-selinux/selinux-policy/commit/a5a4571167634d37762afbce78035f2696d33673
Comment 4 Fedora Update System 2016-01-14 13:15:27 UTC 
selinux-policy-3.13.1-158.2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-7cb7ac5cb9
Comment 5 Fedora Update System 2016-01-15 18:53:29 UTC 
selinux-policy-3.13.1-158.2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-7cb7ac5cb9
Comment 6 Fedora Update System 2016-01-22 02:20:37 UTC 
selinux-policy-3.13.1-158.2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.