In my case under ScientificLinux 7, which I think should be the same as RHEL/CentOS 7, the te should be:
module local 1.0;
require {
type container_runtime_t;
type container_t;
class unix_stream_socket connectto;
}
#============= container_t ==============
#!!!! The file '/run/docker.sock' is mislabeled on your system.
#!!!! Fix with $ restorecon -R -v /run/docker.sock
allow container_t container_runtime_t:unix_stream_socket connectto;
In my case under ScientificLinux 7, which I think should be the same as RHEL/CentOS 7, the
teshould be: