[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[atomic-devel] fedora 25 - overlayfs - docker error
- From: Dusty Mabe <dusty dustymabe com>
- To: atomic-devel <atomic-devel projectatomic io>
- Subject: [atomic-devel] fedora 25 - overlayfs - docker error
- Date: Sun, 11 Sep 2016 00:35:47 -0400
In Fedora 25 I grabbed the new kernel with overlayfs support [1] and I
configured docker to run with overlayfs by using DOCKER_STORAGE_OPTIONS="--storage-driver=overlay2"
in /etc/sysconfig/docker-storage.
[1] https://kojipkgs.fedoraproject.org//packages/kernel/4.8.0/0.rc5.git4.1.fc25/x86_64/kernel-core-4.8.0-0.rc5.git4.1.fc25.x86_64.rpm
Trying to start up some containers now and getting some errors:
```
[root cloudhost ~]# docker run -it --rm centos:7
standard_init_linux.go:175: exec user process caused "permission denied"
```
The journal output shows me:
```
Sep 11 03:28:53 cloudhost.localdomain systemd[1]: Started docker container 384a8d8b06c8895583b477a15bcfbe5864cdfa96c2c0f75efb752bb1022b562b.
Sep 11 03:28:53 cloudhost.localdomain kernel: SELinux: mount invalid. Same superblock, different security settings for (dev mqueue, type mqueue)
Sep 11 03:28:53 cloudhost.localdomain kernel: eth0: renamed from veth42eaf25
Sep 11 03:28:53 cloudhost.localdomain kernel: IPv6: ADDRCONF(NETDEV_CHANGE): veth67c0994: link becomes ready
Sep 11 03:28:53 cloudhost.localdomain kernel: docker0: port 1(veth67c0994) entered blocking state
Sep 11 03:28:53 cloudhost.localdomain kernel: docker0: port 1(veth67c0994) entered forwarding state
Sep 11 03:28:53 cloudhost.localdomain oci-register-machine[1353]: 2016/09/11 03:28:53 Register machine: prestart 384a8d8b06c8895583b477a15bcfbe5864cdfa96c2c0f75efb752bb1022b562b 1336 /var/lib/docker/overlay2/e282c2e4f395fc9146152525394f428a0e05d7bd23022411b9dec5372624ce8c/merged
Sep 11 03:28:53 cloudhost.localdomain systemd-machined[1102]: New machine 384a8d8b06c8895583b477a15bcfbe58.
Sep 11 03:28:53 cloudhost.localdomain oci-systemd-hook[1357]: systemdhook <debug>: Skipping as container command is /bin/bash, not init or systemd
Sep 11 03:28:53 cloudhost.localdomain systemd[1]: libcontainer-1360-systemd-test-default-dependencies.scope: Scope has no PIDs. Refusing.
Sep 11 03:28:53 cloudhost.localdomain systemd[1]: libcontainer-1360-systemd-test-default-dependencies.scope: Scope has no PIDs. Refusing.
Sep 11 03:28:53 cloudhost.localdomain audit[1336]: AVC avc: denied { entrypoint } for pid=1336 comm="exe" path="/usr/bin/bash" dev="overlay" ino=19026 scontext=system_u:system_r:svirt_lxc_net_t:s0:c130,c692 tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file permissive=0
Sep 11 03:28:53 cloudhost.localdomain dockerd[875]: [73B blob data]
Sep 11 03:28:53 cloudhost.localdomain systemd-machined[1102]: Machine 384a8d8b06c8895583b477a15bcfbe58 terminated.
```
some more information:
```
[root cloudhost ~]# rpm -q kernel-core docker selinux-policy
kernel-core-4.8.0-0.rc5.git4.1.fc25.x86_64
docker-1.12.1-10.git9a3752d.fc25.x86_64
selinux-policy-3.13.1-211.fc25.noarch
[root cloudhost ~]# docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 2
Server Version: 1.12.1
Storage Driver: overlay2
Backing Filesystem: extfs
Logging Driver: journald
Cgroup Driver: systemd
Plugins:
Volume: local
Network: null host bridge overlay
Swarm: inactive
Runtimes: oci runc
Default Runtime: oci
Security Options: seccomp selinux
Kernel Version: 4.8.0-0.rc5.git1.1.fc25.x86_64
Operating System: Fedora 25 (Cloud Edition)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 2
CPUs: 2
Total Memory: 3.859 GiB
Name: cloudhost.localdomain
ID: 4D6B:PZJU:4DF4:BUAW:3H3X:ILC3:MQ4V:2WWU:PWDQ:DMOA:TADT:EOKK
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Insecure Registries:
127.0.0.0/8
Registries: docker.io (secure)
```
If I setenforce 0, it works.
Can someone else confirm the behavior? Should I open a bug?
Dusty
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]