Bug 1279155
| Summary: | Can't start docker container, probably SELinux problem | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Mustafa Muhammad <mustafa1024m> |
| Component: | docker | Assignee: | Lokesh Mandvekar <lsm5> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | adimania, admiller, dwalsh, ichavero, jcajka, jchaloup, lsm5, miminar, vbatts |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-12-01 21:57:52 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Mustafa Muhammad
2015-11-08 08:08:29 UTC
#journalctl --since 11:05
-- Logs begin at Sun 2015-11-01 09:21:04 AST, end at Sun 2015-11-08 11:05:52 AST. --
Nov 08 11:05:47 localhost.localdomain docker[1067]: time="2015-11-08T11:05:47.372059236+03:00" level=info msg="POST /v1.21/containers/create"
Nov 08 11:05:47 localhost.localdomain kernel: EXT4-fs (dm-1): mounted filesystem with ordered data mode. Opts: (null)
Nov 08 11:05:48 localhost.localdomain kernel: EXT4-fs (dm-1): mounted filesystem with ordered data mode. Opts:
Nov 08 11:05:48 localhost.localdomain docker[1067]: time="2015-11-08T11:05:48.697695333+03:00" level=info msg="POST /v1.21/containers/77ea71dedae725407ffc7dc600f83160d8e2dee1eeef3541403f3a3277ad322d/attach?stderr=1&stdin=1&stdout=1&stream=1"
Nov 08 11:05:48 localhost.localdomain docker[1067]: time="2015-11-08T11:05:48.698554598+03:00" level=info msg="POST /v1.21/containers/77ea71dedae725407ffc7dc600f83160d8e2dee1eeef3541403f3a3277ad322d/start"
Nov 08 11:05:48 localhost.localdomain kernel: EXT4-fs (dm-1): mounted filesystem with ordered data mode. Opts:
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <warn> (veth202eb4b): failed to find device 14 'veth202eb4b' with udev
Nov 08 11:05:48 localhost.localdomain audit: ANOM_PROMISCUOUS dev=veth5f6f428 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <info> (veth202eb4b): new Veth device (carrier: OFF, driver: 'veth', ifindex: 14)
Nov 08 11:05:48 localhost.localdomain kernel: device veth5f6f428 entered promiscuous mode
Nov 08 11:05:48 localhost.localdomain kernel: IPv6: ADDRCONF(NETDEV_UP): veth5f6f428: link is not ready
Nov 08 11:05:48 localhost.localdomain audit: NETFILTER_CFG table=filter family=2 entries=0
Nov 08 11:05:48 localhost.localdomain audit: NETFILTER_CFG table=security family=2 entries=0
Nov 08 11:05:48 localhost.localdomain audit: NETFILTER_CFG table=mangle family=2 entries=0
Nov 08 11:05:48 localhost.localdomain audit: NETFILTER_CFG table=raw family=2 entries=0
Nov 08 11:05:48 localhost.localdomain audit: NETFILTER_CFG table=nat family=2 entries=0
Nov 08 11:05:48 localhost.localdomain audit: NETFILTER_CFG table=filter family=10 entries=0
Nov 08 11:05:48 localhost.localdomain systemd-udevd[2810]: Could not generate persistent MAC address for veth5f6f428: No such file or directory
Nov 08 11:05:48 localhost.localdomain audit: NETFILTER_CFG table=security family=10 entries=0
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <warn> (veth5f6f428): failed to find device 15 'veth5f6f428' with udev
Nov 08 11:05:48 localhost.localdomain audit: NETFILTER_CFG table=mangle family=10 entries=0
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <info> (veth5f6f428): new Ethernet device (carrier: OFF, driver: 'veth', ifindex: 15)
Nov 08 11:05:48 localhost.localdomain audit: NETFILTER_CFG table=raw family=10 entries=0
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <info> (docker0): bridge port veth5f6f428 was attached
Nov 08 11:05:48 localhost.localdomain audit: NETFILTER_CFG table=nat family=10 entries=0
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <info> (veth5f6f428): enslaved to docker0
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <warn> (veth202eb4b): failed to disable userspace IPv6LL address handling
Nov 08 11:05:48 localhost.localdomain kernel: eth0: renamed from veth202eb4b
Nov 08 11:05:48 localhost.localdomain kernel: IPv6: ADDRCONF(NETDEV_CHANGE): veth5f6f428: link becomes ready
Nov 08 11:05:48 localhost.localdomain kernel: docker0: port 1(veth5f6f428) entered forwarding state
Nov 08 11:05:48 localhost.localdomain kernel: docker0: port 1(veth5f6f428) entered forwarding state
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <info> (veth5f6f428): link connected
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <info> (docker0): link connected
Nov 08 11:05:48 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Nov 08 11:05:48 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Nov 08 11:05:48 localhost.localdomain systemd[1]: Started docker container 77ea71dedae725407ffc7dc600f83160d8e2dee1eeef3541403f3a3277ad322d.
Nov 08 11:05:48 localhost.localdomain audit[2823]: AVC avc: denied { transition } for pid=2823 comm="exe" path="/usr/bin/bash" dev="dm-1" ino=262502 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=system_u:system_r:svirt_lxc_net_t:s0:c157,c353 tclass=process permissive=0
Nov 08 11:05:48 localhost.localdomain docker[1067]: time="2015-11-08T11:05:48.886007241+03:00" level=warning msg="exit status 1"
Nov 08 11:05:48 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Nov 08 11:05:48 localhost.localdomain audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Nov 08 11:05:48 localhost.localdomain systemd[1]: Stopped docker container 77ea71dedae725407ffc7dc600f83160d8e2dee1eeef3541403f3a3277ad322d.
Nov 08 11:05:48 localhost.localdomain kernel: docker0: port 1(veth5f6f428) entered disabled state
Nov 08 11:05:48 localhost.localdomain kernel: veth202eb4b: renamed from eth0
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <info> (veth5f6f428): link disconnected
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <warn> (veth202eb4b): failed to find device 14 'veth202eb4b' with udev
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <info> (veth202eb4b): new Veth device (carrier: OFF, driver: 'veth', ifindex: 14)
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <info> (docker0): link disconnected (deferring action for 4 seconds)
Nov 08 11:05:48 localhost.localdomain kernel: docker0: port 1(veth5f6f428) entered disabled state
Nov 08 11:05:48 localhost.localdomain audit: ANOM_PROMISCUOUS dev=veth5f6f428 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
Nov 08 11:05:48 localhost.localdomain kernel: device veth5f6f428 left promiscuous mode
Nov 08 11:05:48 localhost.localdomain kernel: docker0: port 1(veth5f6f428) entered disabled state
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <warn> (veth202eb4b): failed to disable userspace IPv6LL address handling
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <info> (docker0): bridge port veth5f6f428 was detached
Nov 08 11:05:48 localhost.localdomain NetworkManager[942]: <info> (veth5f6f428): released from master docker0
Nov 08 11:05:49 localhost.localdomain NetworkManager[942]: <warn> (veth5f6f428): failed to disable userspace IPv6LL address handling
Nov 08 11:05:49 localhost.localdomain docker[1067]: time="2015-11-08T11:05:49.422224062+03:00" level=error msg="Error unmounting device 77ea71dedae725407ffc7dc600f83160d8e2dee1eeef3541403f3a3277ad322d: UnmountDevice: device not-mounted id 77ea71dedae725407ffc7dc600f83160d8e2dee1eeef3541403f3a3277ad322d"
Nov 08 11:05:49 localhost.localdomain docker[1067]: time="2015-11-08T11:05:49.422442996+03:00" level=error msg="Handler for POST /containers/{name:.*}/start returned error: Cannot start container 77ea71dedae725407ffc7dc600f83160d8e2dee1eeef3541403f3a3277ad322d: [8] System error: permission denied"
Nov 08 11:05:49 localhost.localdomain docker[1067]: time="2015-11-08T11:05:49.422467524+03:00" level=error msg="HTTP Error" err="Cannot start container 77ea71dedae725407ffc7dc600f83160d8e2dee1eeef3541403f3a3277ad322d: [8] System error: permission denied" statusCode=500
Nov 08 11:05:52 localhost.localdomain NetworkManager[942]: <info> (docker0): link disconnected (calling deferred action)
Lokesh this is caused by a bad docker-selinux being in rawhide. For some reason docker.fc was not in this build so docker is not labeled as docker_exec_t. Please update the docker package with the latest fedora-1.9 docker selinux stuff. Fixed in the current release |