|
On 06/01/2018 04:31 PM, arnaud gaboury
wrote:
On
06/01/2018 01:52 PM, arnaud gaboury wrote:
On
06/01/2018 01:44 PM, arnaud gaboury wrote:
On
06/01/2018 01:08 PM, arnaud gaboury
wrote:
On
06/01/2018 12:33 PM,
arnaud gaboury wrote:
On
06/01/2018
12:07 PM,
arnaud gaboury
wrote:
On
06/01/2018
10:58 AM,
arnaud gaboury
wrote:
> I am
switching from
fedora server
to Atomic.
>
> In the
old world, my
"/etc/sysconfig/docker" file had the content:
>
OPTIONS="--selinux-enable"
> Now,
after running
the script
container-storage-setup
to create a
thin
> pool
volume, the
file with
options is now
>
"/etc/sysconfig/docker-storage"
and has the
following
content:
>
---------------------
>
DOCKER_STORAGE_OPTIONS="--storage-driver
devicemapper
--storage-opt
> dm.fs=xfs
--storage-opt
>
dm.thinpooldev=/dev/mapper/vg--docker-docker--pool
--storage-opt
>
dm.use_deferred_removal=true
--storage-opt
dm.use_deferred_deletion=true "
>
---------------------
>
> Nothing
about SELinux.
Is it
expected?
Shall I write
this option
> somewhere
else?
>
> Thank
you.
I think it
should have
that flag. If
you run a
container what
does cat
/proc/self/attr/current show?
------------------------
# docker
run
hello-world
.........
# cat
/proc/self/attr/current
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#
----------------------------
Should have
been more
clear
docker run
fedora cat
/proc/self/attr/current
What does
this command show?
Of course I
would prefer
podman run
fedora cat
/proc/self/attr/current
I didn't
know this
command...so
many new stuff
to learn !
------------------
% man podman
No manual entry for
podman
--------------------
:-( snif
Thats
weird.
rpm -q podman
podman-0.5.4-1.git1f2e2a2.fc28.x86_64
Their should be man pages.
You doing this on atomic
host?
YES.
Sorry for this confusion
----------------------------
root control2➤➤ ~ # docker run fedora cat
/proc/self/attr/current
Unable to find image 'fedora:latest' locally
latest: Pulling from library/fedora
e71c36a80ba9: Pull complete
Digest:
sha256:7ae08e5637170eb47c01e315b6e64e0d48c6200d2942c695d0bee61b38c65b39
Status: Downloaded newer image for fedora:latest
system_u:system_r:spc_t:s0#
Ok that indicates
SELinux is disabled in the daemon. Adding back the
--selinux-enabled will fix this issue.
where? In /etc/sysconfig/docker? Or is there a new
config file in Atomic to set this option?
Still in /etc/sysconfig/docker, then restart docker service and the
docker run line should show you container_t rather then spc_t.
Lokesh, Franticek, the docker we are shipping on atomic
host does not have SELinux enabled?
--------------------------------------------
I did in one previous email (06:25)
---------------------------------
# podman run fedora cat
/proc/self/attr/current
Trying to pull docker.io/fedora:latest...Getting
image source signatures
Copying blob
sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
82.57 MB / 82.57 MB
[=====================================================]
20s
Copying config
sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
2.29 KB / 2.29 KB
[========================================================]
0s
Writing manifest to image destination
Storing signatures
system_u:system_r:container_t:s0:c377,c551#
---------------------------------------------
Thats the
output of podman, I need docker.
|