Bug 1278984

Summary: f23 - can't communicate with host's docker from within docker container
Product: [Fedora] Fedora Reporter: Dusty Mabe <dustymabe>
Component: dockerAssignee: Lokesh Mandvekar <lsm5>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 23CC: adimania, admiller, costan, dwalsh, hhorak, ichavero, jcajka, jchaloup, lsm5, me, miminar, steven.merrill, vbatts
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-16 17:22:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dusty Mabe 2015-11-06 23:04:29 UTC 
Description of problem:

For some reason now we can't communicate with the docker daemon (via the docker socket) from within a container. This worked on docker-1.8.2-7 but now doesn't in docker-selinux-1.8.2-10:

<<< 1.8.1-7 >>>
[root@f23rc9 ~]# dnf install -y -q --disablerepo=updates https://kojipkgs.fedoraproject.org//packages/docker/1.8.2/7.gitcb216be.fc23/x86_64/docker-1.8.2-7.gitcb216be.fc23.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/docker/1.8.2/7.gitcb216be.fc23/x86_64/docker-selinux-1.8.2-7.gitcb216be.fc23.x86_64.rpm
restorecon:  lstat(/var/lib/docker) failed:  No such file or directory
warning: %post(docker-selinux-1:1.8.2-7.gitcb216be.fc23.x86_64) scriptlet failed, exit status 255
Non-fatal POSTIN scriptlet failure in rpm package docker-selinux
Non-fatal POSTIN scriptlet failure in rpm package docker-selinux
[root@f23rc9 ~]# systemctl start docker
[root@f23rc9 ~]# docker run -it --rm  --privileged -v /run:/run -v /:/host --net=host --entrypoint=/bin/bash fedora:23 -c "chroot /host/ docker version"
Unable to find image 'fedora:23' locally
Trying to pull repository docker.io/library/fedora ... 23: Pulling from library/fedora
b0082ba983ef: Pull complete 
c7d2f0130dae: Pull complete 
library/fedora:23: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:a62ed896a44d74436c20b70e351cb2001122618a6097fe669d39f98fc5a49e61
Status: Downloaded newer image for docker.io/fedora:23

Client:
 Version:      1.8.2-fc23
 API version:  1.20
 Package Version: docker-1.8.2-7.gitcb216be.fc23.x86_64
 Go version:   go1.5.1
 Git commit:   77d0d91-dirty
 Built:        Mon Oct 12 16:58:35 UTC 2015
 OS/Arch:      linux/amd64

Server:
 Version:      1.8.2-fc23
 API version:  1.20
 Package Version: 
 Go version:   go1.5.1
 Git commit:   77d0d91-dirty
 Built:        Mon Oct 12 16:58:35 UTC 2015
 OS/Arch:      linux/amd64
[root@f23rc9 ~]# echo $?
0
<<< 1.8.1-7 >>>






<<< 1.8.1-10 >>>
[root@f23rc9 ~]# dnf install -y -q --disablerepo=updates https://kojipkgs.fedoraproject.org//packages/docker/1.8.2/10.git28c300f.fc23/x86_64/docker-1.8.2-10.git28c300f.fc23.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/docker/1.8.2/10.git28c300f.fc23/x86_64/docker-selinux-1.8.2-10.git28c300f.fc23.x86_64.rpm
[root@f23rc9 ~]# systemctl start docker
[root@f23rc9 ~]# docker run -it --rm  --privileged -v /run:/run -v /:/host --net=host --entrypoint=/bin/bash fedora:23 -c "chroot /host/ docker version"
Unable to find image 'fedora:23' locally
Trying to pull repository docker.io/library/fedora ... 23: Pulling from library/fedora
b0082ba983ef: Pull complete 
c7d2f0130dae: Pull complete 
library/fedora:23: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:a62ed896a44d74436c20b70e351cb2001122618a6097fe669d39f98fc5a49e61
Status: Downloaded newer image for docker.io/fedora:23

Client:
 Version:      1.8.2-fc23
 API version:  1.20
 Package Version: docker-1.8.2-10.git28c300f.fc23.x86_64
 Go version:   go1.5.1
 Git commit:   cc2d489-dirty
 Built:        Tue Nov  3 06:41:23 UTC 2015
 OS/Arch:      linux/amd64
Get http://%2Fvar%2Frun%2Fdocker.sock/v1.20/version: EOF.
* Are you trying to connect to a TLS-enabled daemon without TLS?
* Is your docker daemon up and running?
[root@f23rc9 ~]# echo $?
1
<<< 1.8.1-10 >>>
Comment 1 steven.merrill 2015-11-12 00:52:43 UTC 
I can confirm that this is happening with SELinux enforcing or permissive on F23.
Comment 2 Victor Costan 2015-11-12 05:39:54 UTC 
The EOF and the regression version make me think that this bug might be caused by the same issue as https://bugzilla.redhat.com/show_bug.cgi?id=1275593
Comment 3 Dusty Mabe 2015-11-12 17:39:44 UTC 
Victor.. Looks very similar to me. I would say they are probably the same issue.
Comment 4 Dusty Mabe 2015-11-16 17:22:58 UTC 

*** This bug has been marked as a duplicate of bug 1275593 ***