Skip to content

Allow containers to access docker.sock under Fedora and RHEL

License

Notifications You must be signed in to change notification settings

fhaefemeier/selinux-dockersock

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

selinux-dockersock

A nice trick with docker is to mount the docker daemon's unix socket into a container, so that container can act as a client to the docker daemon it is running under, e.g.:

docker run ... -v /var/run/docker.sock:/var/run/docker.sock

But this doesn't work with Fedora or RHEL as the host because of their use of SELinux to harden containers. When the docker client attempts to access /var/run/docker.sock within the container, you'll get "Permission denied" errors.

This repo contains a small SELinux module that fixes this issue, allowing containers to access the socket.

Usage

Make sure you have the prerequisite SELinux utilities by doing (on RHEL/CentOS/Fedora/etc.):

yum install policycoreutils policycoreutils-python checkpolicy

Then as root, just do

make

Or if you are paranoid, without being root you can do

make dockersock.pp

to build the SELinux policy module package, and then load it as root with

semodule -i dockersock.pp

Should you ever wish to remove the module, do

semodule -r dockersock

About

Allow containers to access docker.sock under Fedora and RHEL

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Makefile 100.0%