Bug 1295546 - docker-selinux needs "allow svirt_lxc_net_t svirt_sandbox_file_t:file execmod;"
Summary: docker-selinux needs "allow svirt_lxc_net_t svirt_sandbox_file_t:file execmod;"
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 23
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Lokesh Mandvekar
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1351609
TreeView+ depends on / blocked
 
Reported: 2016-01-04 19:35 UTC by Matt Piermarini
Modified: 2016-06-30 12:32 UTC (History)
14 users (show)

Fixed In Version: selinux-policy-3.13.1-159.fc23 selinux-policy-3.13.1-158.2.fc23
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1351609 (view as bug list)
Environment:
Last Closed: 2016-01-22 02:21:20 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Matt Piermarini 2016-01-04 19:35:44 UTC
Description of problem:

Seems like this

https://bugzilla.redhat.com/show_bug.cgi?id=1129706

was not migrated from selinux-policy to docker-selinux

Version-Release number of selected component (if applicable):

dnf info docker-selinux
Last metadata expiration check performed 2:02:33 ago on Mon Jan  4 12:15:07 2016.
Installed Packages
Name        : docker-selinux
Arch        : x86_64
Epoch       : 1
Version     : 1.9.1
Release     : 4.git6ec29ef.fc23
Size        : 25 k
Repo        : @System
From repo   : updates
Summary     : SELinux policies for Docker
URL         : https://github.com/projectatomic/docker
License     : ASL 2.0
Description : SELinux policy modules for use with Docker.


How reproducible:

See bug 1129706, but try on Fedora 23.

Here is the fix for Fedora 21: https://github.com/fedora-selinux/selinux-policy/commit/00660273f83ee1cfb19365f761863760ac2ed3c0

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Daniel Walsh 2016-01-04 20:14:04 UTC
docker-selinux does not have policy for svirt_lxc_net_t, this should be in the selinux-policy package.

Comment 2 Matt Piermarini 2016-01-04 20:26:21 UTC
Sorry, bad assumption on my part on which package.  re-assign to selinux-policy

Comment 4 Fedora Update System 2016-01-14 13:15:27 UTC
selinux-policy-3.13.1-158.2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-7cb7ac5cb9

Comment 5 Fedora Update System 2016-01-15 18:53:29 UTC
selinux-policy-3.13.1-158.2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-7cb7ac5cb9

Comment 6 Fedora Update System 2016-01-22 02:20:37 UTC
selinux-policy-3.13.1-158.2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.