GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → dpw → Selinux Dockersock

dpw / Selinux Dockersock

Licence: apache-2.0
Allow containers to access docker.sock under Fedora and RHEL

Labels

makefile

Projects that are alternatives of or similar to Selinux Dockersock

Apiproject
[https://www.sofineday.com], golang项目开发脚手架,集成最佳实践(gin+gorm+go-redis+mongo+cors+jwt+json日志库zap(支持日志收集到kafka或mongo)+消息队列kafka+微信支付宝支付gopay+api加密+api反向代理+go modules依赖管理+headless爬虫chromedp+makefile+二进制压缩+livereload热加载)
Stars: ✭ 124 (-5.34%)
Mutual labels:  makefile
Biscuitos
Common scripts to build BiscuitOS
Stars: ✭ 128 (-2.29%)
Mutual labels:  makefile
Killmesoftly
Kill processes The Right Way.
Stars: ✭ 128 (-2.29%)
Mutual labels:  makefile
Easymake
A handy makefile for simple C/C++ applications
Stars: ✭ 125 (-4.58%)
Mutual labels:  makefile
Webnn
🧠 Web Neural Network API
Stars: ✭ 126 (-3.82%)
Mutual labels:  makefile
Openelec.tv
OpenELEC - The living room PC for everyone
Stars: ✭ 1,595 (+1117.56%)
Mutual labels:  makefile
Pkgsrc
[Please switch to NetBSD/pkgsrc] Automatically updated conversion of the "pkgsrc" module from anoncvs.netbsd.org
Stars: ✭ 123 (-6.11%)
Mutual labels:  makefile
K8guard Start From Here
Build and deploy K8Guard. Run all Make commands from this repo.
Stars: ✭ 130 (-0.76%)
Mutual labels:  makefile
Hackable Consumer Hardware
List of hackable consumer hardware products
Stars: ✭ 127 (-3.05%)
Mutual labels:  makefile
Buildroot
Buildroot Environment for multiple TV WebKit ports using EGL and GLESv2, supporting WebGL, Canvas, HTML5 Video as a texture and more. One of the target devices supported is the Raspberry PI 2.
Stars: ✭ 127 (-3.05%)
Mutual labels:  makefile
Onl
Please visit the Open Compute Project repository
Stars: ✭ 125 (-4.58%)
Mutual labels:  makefile
Base
Minimal BusyBox Docker container
Stars: ✭ 126 (-3.82%)
Mutual labels:  makefile
Csvlint
library and command line tool that validates a CSV file
Stars: ✭ 127 (-3.05%)
Mutual labels:  makefile
Executors
A proposal for a executor programming model for ISO C++
Stars: ✭ 124 (-5.34%)
Mutual labels:  makefile
Wasmception
Minimal C/C++ language toolset for building wasm files
Stars: ✭ 129 (-1.53%)
Mutual labels:  makefile
Quickref.dev
Quickref.dev community sources
Stars: ✭ 124 (-5.34%)
Mutual labels:  makefile
Mls Protocol
MLS protocol
Stars: ✭ 127 (-3.05%)
Mutual labels:  makefile
Clashr
Stars: ✭ 131 (+0%)
Mutual labels:  makefile
Vscode of
openFrameworks empty example for visual studio code
Stars: ✭ 129 (-1.53%)
Mutual labels:  makefile
Embedded Ide
IDE for C embedded development centered on bare-metal ARM systems
Stars: ✭ 127 (-3.05%)
Mutual labels:  makefile
View All Similar Projects ➔

selinux-dockersock

A nice trick with docker is to mount the docker daemon's unix socket into a container, so that container can act as a client to the docker daemon it is running under, e.g.:

docker run ... -v /var/run/docker.sock:/var/run/docker.sock

But this doesn't work with Fedora or RHEL as the host because of their use of SELinux to harden containers. When the docker client attempts to access /var/run/docker.sock within the container, you'll get "Permission denied" errors.

This repo contains a small SELinux module that fixes this issue, allowing containers to access the socket.

Usage

Make sure you have the prerequisite SELinux utilities by doing (on RHEL/CentOS/Fedora/etc.):

yum install policycoreutils policycoreutils-python checkpolicy

Then as root, just do

make

Or if you are paranoid, without being root you can do

make dockersock.pp

to build the SELinux policy module package, and then load it as root with

semodule -i dockersock.pp

Should you ever wish to remove the module, do

semodule -r dockersock
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].