diff --git a/policy/modules/services/docker.te b/policy/modules/services/docker.te index f40713d121..cf45fc1889 100644 --- a/policy/modules/services/docker.te +++ b/policy/modules/services/docker.te @@ -5,6 +5,15 @@ policy_module(docker) # Declarations # +## +##

+## Determine whether the Docker daemon can connect to user +## session services such as PulseAudio and Wayland over +## UNIX stream sockets. +##

+##
+gen_tunable(dockerd_connect_user_services, false) + container_engine_domain_template(dockerd) container_system_engine(dockerd_t) optional_policy(` @@ -77,6 +86,18 @@ ifdef(`init_systemd',` init_stop_generic_units(dockerd_t) ') +optional_policy(` + tunable_policy(`dockerd_connect_user_services',` + pulseaudio_stream_connect(dockerd_t) + ') +') + +optional_policy(` + tunable_policy(`dockerd_connect_user_services',` + wayland_stream_connect(dockerd_t) + ') +') + ######################################## # # Docker CLI local policy