Alternative Installation Method

[fifofonix]

Thanks for this repo because I'm new to SELinux and it helped me a lot.

Note however after starting with the method you have here for installation I actually simplified things by converting your policy to the human-readable CIL format cat dockersock.pp | /usr/libexec/selinux/hll/pp > dockersock.cil and this allowed me to install it in a single line semodule -I dockersock.cil.

For my use case which involves provisioning FedoraCoreOS (FCOS) boxes, which do not come with checkpolicy installed, this avoided layering a time consuming OS modification sudo rpm-ostree install checkpolicy to our boot processes.

[jmariondev]

For those finding this issue in the future, here is the CIL produced so you don't need to run the compilation yourself:

(The types used here are for Fedora 32, these are probably different on other platforms, see #4)

(typeattributeset cil_gen_require container_runtime_t)
(typeattributeset cil_gen_require container_t)
(allow container_t container_runtime_t (unix_stream_socket (connectto)))