This is a follow-up after my last post about pulling an selinux policy out of an rpm. It turns out, there's a policy in Docker's github at https://github.com/docker/docker/tree/master/contrib/docker-engine-selinux. Way! (Yes, that's a Wayne's World reference.)
So now I'm testing that out, to see if it gets me around the goroutine hangs (which then panic) I'm seeing if I have SELinux enabled/enforcing when I run the tests using gccgo (in my x86_64 Fedora 22 env).
To use:
# yum install selinux-policy-devel
# cd /path/to/local/docker/docker/tree/master/contrib/docker-engine-selinux
# make -f /path/to/local/docker/docker/tree/master/contrib/docker-engine-selinux/Makefile docker.pp
# sudo semodule -i docker.pp
But, I'm hitting https://bugzilla.redhat.com/show_bug.cgi?id=1177994, so that is a bummer. It took hours for the semodule command to finally fail, and my CPU was pegged at 99% until it finally return the error:
libsepol.check_assertion_helper: neverallow violated by allow restorecond_t semanage_store_t:file { relabelto };
libsemanage.semanage_expand_sandbox: Expand module failed
semodule: Failed!
Update: I added the rawhide repo, updated libsepol & selinux-policy, and the semodule command completed.
