Merge pull request #1632 from mjg59/master

Enable SELinux for Docker
2025-08-23 15:31:05 +02:00 · 2015-11-11 17:12:13 -08:00 · 2015-11-11 17:12:13 -08:00 · 1ce40e4ca1
commit 1ce40e4ca1
parent cff534fd0e 1911ea81e7
3 changed files with 6 additions and 2 deletions
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.8.3-r1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.8.3-r1.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild
@ -24,7 +24,7 @@ inherit bash-completion-r1 linux-info multilib systemd udev user cros-workon

 LICENSE="Apache-2.0"
 SLOT="0"
-IUSE="aufs +btrfs contrib +device-mapper doc experimental lxc +overlay vim-syntax zsh-completion"
+IUSE="aufs +btrfs contrib +device-mapper doc experimental lxc +overlay +selinux vim-syntax zsh-completion"

 # https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#build-dependencies
 CDEPEND="
@ -188,6 +188,10 @@ src_compile() {
 		fi
 	done

+	if use selinux; then
+		DOCKER_BUILDTAGS+=" selinux"
+	fi
+
 	# https://github.com/docker/docker/pull/13338
 	if use experimental; then
 		export DOCKER_EXPERIMENTAL=1
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
@ -9,7 +9,7 @@ EnvironmentFile=-/run/flannel_docker_opts.env
 MountFlags=slave
 LimitNOFILE=1048576
 LimitNPROC=1048576
-ExecStart=/usr/lib/coreos/dockerd daemon --host=fd:// $DOCKER_OPTS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
+ExecStart=/usr/lib/coreos/dockerd daemon --selinux-enabled --host=fd:// $DOCKER_OPTS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ

 [Install]
 WantedBy=multi-user.target