add commit#f12e6c1 from docker-selinux upstream
Turn on virt booleans for use with docker
I think we should default to virt_use_nfs to handle clustered
situations where selinux blocks nfs volumes. This makes docker
containers a little less secure, but improves usability.
Secondly we need to turn on virt_sandbox_use_all_caps to allod
docker run --cap-add to actually work. Having SELinux break this
out of the box kind of stinks. This gives slightly less security
since the kernel already controls the capabilities separately.
From: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>