SELinux module to allow Clear Containers to run
Run the following commands as root
Create the module
dnf install selinux-policy-devel rpm-build
make
Fix /run/cc-oci-runtime/proxy.sock
# restorecon -R -v /run/cc-oci-runtime/proxy.sock
Insert selinux module
# semodule -X 300 -i cc-proxy.pp.bz2
Start proxy-socket:
# systemctl start cc-proxy.socket
Check status on proxy-socket:
# systemctl status cc-proxy.socket
● cc-proxy.socket - Clear Containers Proxy Socket
Loaded: loaded (/usr/lib/systemd/system/cc-proxy.socket; disabled; vendor preset: disabled)
Active: active (listening) since Tue 2017-01-17 14:36:36 CST; 8min ago
Docs: https://github.com/clearcontainers/proxy
Listen: /var/run/cc-oci-runtime/proxy.sock (Stream)
Jan 17 14:36:36 foo.bar systemd[1]: Listening on Clear Containers Proxy Socket.
Jan 17 14:36:45 foo.bar systemd[1]: Listening on Clear Containers Proxy Socket.
Jan 17 14:44:39 foo.bar systemd[1]: Listening on Clear Containers Proxy Socket.
References: