docker: make rootlesskit optional
Avoid a potential build error and circular dependency by making rootlesskit optional. Note that rootlesskit is still required in order for rootless docker to function. Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
parent
dc2d89df05
commit
70836481d0
@ -178,8 +178,6 @@ template(`docker_user_role',`
|
||||
docker_run_user_daemon($3, $4)
|
||||
docker_run_user_cli($3, $4)
|
||||
|
||||
rootlesskit_role($1, $2, $3, $4)
|
||||
|
||||
ifdef(`init_systemd',`
|
||||
systemd_user_daemon_domain($1, dockerd_exec_t, dockerd_user_t)
|
||||
systemd_user_send_systemd_notify($1, dockerd_user_t)
|
||||
@ -188,6 +186,10 @@ template(`docker_user_role',`
|
||||
optional_policy(`
|
||||
dbus_spec_session_bus_client($1, dockerd_user_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
rootlesskit_role($1, $2, $3, $4)
|
||||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -229,5 +231,7 @@ interface(`docker_signal_user_daemon',`
|
||||
interface(`docker_admin',`
|
||||
docker_run_cli($1, $2)
|
||||
|
||||
rootlesskit_run($1, $2)
|
||||
optional_policy(`
|
||||
rootlesskit_run($1, $2)
|
||||
')
|
||||
')
|
||||
|
@ -125,8 +125,6 @@ mount_exec(dockerd_user_t)
|
||||
container_setattr_container_ptys(dockerd_user_t)
|
||||
container_use_container_ptys(dockerd_user_t)
|
||||
|
||||
rootlesskit_exec(dockerd_user_t)
|
||||
|
||||
ifdef(`init_systemd',`
|
||||
systemd_search_user_runtime(dockerd_user_t)
|
||||
systemd_write_user_runtime_socket(dockerd_user_t)
|
||||
@ -140,6 +138,10 @@ optional_policy(`
|
||||
dbus_write_session_runtime_socket(dockerd_user_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
rootlesskit_exec(dockerd_user_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# Rootless Docker CLI local policy
|
||||
|
Loading…
Reference in New Issue
Block a user