• Stars
    star
    190
  • Rank 203,739 (Top 5 %)
  • Language Makefile
  • License
    Apache License 2.0
  • Created almost 10 years ago
  • Updated over 8 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Allow containers to access docker.sock under Fedora and RHEL

selinux-dockersock

A nice trick with docker is to mount the docker daemon's unix socket into a container, so that container can act as a client to the docker daemon it is running under, e.g.:

docker run ... -v /var/run/docker.sock:/var/run/docker.sock

But this doesn't work with Fedora or RHEL as the host because of their use of SELinux to harden containers. When the docker client attempts to access /var/run/docker.sock within the container, you'll get "Permission denied" errors.

This repo contains a small SELinux module that fixes this issue, allowing containers to access the socket.

Usage

Make sure you have the prerequisite SELinux utilities by doing (on RHEL/CentOS/Fedora/etc.):

yum install policycoreutils policycoreutils-python checkpolicy

Then as root, just do

make

Or if you are paranoid, without being root you can do

make dockersock.pp

to build the SELinux policy module package, and then load it as root with

semodule -i dockersock.pp

Should you ever wish to remove the module, do

semodule -r dockersock