+++ This bug was initially created as a clone of Bug #1200079 +++ Description of problem: Currently, we ship docker.pp policy module with SELinux policy for docker. We would like to move this policy out of the base policy and docker.pp would be shipped by docker-selinux.rpm. How to do it: 1. We need to ship a new version of selinux-policy pgks without shipping of docker.pp and docker policy files. The docker.pp module will stay in memory but this is not any issue. 2. docker-selinux needs to package source files from: https://github.com/fedora-selinux/selinux-policy/blob/rawhide-contrib/docker.fc https://github.com/fedora-selinux/selinux-policy/blob/rawhide-contrib/docker.if https://github.com/fedora-selinux/selinux-policy/blob/rawhide-contrib/docker.te and docker.pp. We won't ship these source policy files for docker.pp 3. docker-selinux needs to have a conflict with the policy without docker.pp.
Lokesh we have to work with Lukas to get the docker.pp file to be controlled by the docker package not to be shipped as part of the upstream selinux-policy package. I will also help with this.
Dan, yup, Lukas already sent me this rpm which I'll add as a subpackage to docker. Btw, my guess is this should be going into RHEL as well. WDYT?
Yes, it will give us greater flexibility.
Great, When Lokesh add subpackage, we must be first with new selinux-policy package build without docker module due to prevent conflicts, so please let me know when to make new build without docker module. Thanks.
release 21 takes care of this