++## Determine whether docker can ++## connect to all TCP ports. ++##
++##
+## Allow docker to transition to unconfined containers.
@@ -23528,6 +23537,12 @@ index 0000000..78644fe
+ virt_mounton_sandbox_file(docker_t)
+')
+
++tunable_policy(`docker_connect_any',`
++ corenet_tcp_connect_all_ports(docker_t)
++ corenet_sendrecv_all_packets(docker_t)
++ corenet_tcp_sendrecv_all_ports(docker_t)
++')
++
+optional_policy(`
+ tunable_policy(`docker_transition_unconfined',`
+ unconfined_transition(docker_t, docker_share_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index c55cd06..e6ab3c0 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.12.1
-Release: 134%{?dist}
+Release: 135%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -579,6 +579,9 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Tue Mar 11 2014 Miroslav Grepl