Bug 1144636
| Summary: | Docker fails to start on systems with SELinux and btrfs | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Adam Hunt <voxadam> |
| Component: | docker-io | Assignee: | Lokesh Mandvekar <lsm5> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | urgent | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | admiller, bloch, dwalsh, fedoraproject, golang-updates, greg.martyn, hhorak, hushan.jia, ignatenko, jeff, jperrin, mattdm, mgoldman, michael.monreal, peter.meier, pip.jug.0u, robin, rocketraman, s, thrcka, ttomecek, vbatts, viz, voxadam |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-03-10 00:35:52 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Adam Hunt
2014-09-20 01:56:14 UTC
Suggested workaround by Dan Walsh: remove --selinux-enabled from /etc/sysconfig/docker https://github.com/docker/docker/issues/7952#issuecomment-56435657 (In reply to Tomas Tomecek from comment #1) > Suggested workaround by Dan Walsh: > > remove --selinux-enabled from /etc/sysconfig/docker > > https://github.com/docker/docker/issues/7952#issuecomment-56435657 Dan's patch: http://pkgs.fedoraproject.org/cgit/docker-io.git/tree/ignore-selinux-if-disabled.patch should ignore selinux if it's disabled. This patch has been added since docker-io-1.2.0-3 . Could you check if this issue still exists. Also, if --selinux-enabled has to be removed from /etc/sysconfig/docker, I'd guess that'd need to be done only on selinux-disabled systems, so that'd need no changes in the rpm itself. Let me know. Still not working for me: I had to go for workaround:
(alias sc="systemctl")
$ sc start docker
Job for docker.service failed. See 'systemctl status docker.service' and 'journalctl -xn' for details.
$ sc status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; static)
Active: failed (Result: exit-code) since Fri 2014-10-03 09:22:36 CEST; 9s ago
Docs: http://docs.docker.com
Process: 15807 ExecStart=/usr/bin/docker -d -H fd:// $OPTIONS $DOCKER_STORAGE_OPTIONS (code=exited, status=1/FAILURE)
Main PID: 15807 (code=exited, status=1/FAILURE)
Oct 03 09:22:36 quahog docker[15807]: 2014/10/03 09:22:36 docker daemon: 1.2.0 fa7b24f/1.2.0; execdriver: native; graphdriver:
Oct 03 09:22:36 quahog docker[15807]: [4d8d9691] +job serveapi(fd://)
Oct 03 09:22:36 quahog docker[15807]: 2014/10/03 09:22:36 SELinux is not supported with the BTRFS graph driver!
Oct 03 09:22:36 quahog systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Oct 03 09:22:36 quahog systemd[1]: Failed to start Docker Application Container Engine.
Oct 03 09:22:36 quahog systemd[1]: Unit docker.service entered failed state.
$ rpm -q docker-io
docker-io-1.2.0-3.fc21.x86_64
$ getenforce
Permissive
$ cat /etc/sysconfig/docker
OPTIONS=--selinux-enabled
Tomas, so I'd guess removing --selinux-enabled from /etc/sysconfig/docker works fine for you, correct? Yes So, will this never be supported? Time to re-install with another filesystem? :( Sadly unless some Kernel File System picks up the support, I am doubtful. Red Hat plans on concentrating on OverLayFS and DeviceMapper as the preferred docker backends. There seems to be an upstream patch for that: https://marc.info/?l=git-commits-head&m=141302939209611&w=2 From: https://github.com/docker/docker/issues/7952 |