Bug 1378822

Description of problem:

I was trying to create a docker image from a git repo and was getting permission denied. 
After looking at the logs I determined it may be caused by selinux and disabled it and indeed the issue was resolved. 

Version-Release number of selected component (if applicable):
[root@localhost ~]# rpm -qa |grep docker
docker-1.10.3-46.el7.14.x86_64
docker-common-1.10.3-46.el7.14.x86_64
docker-rhel-push-plugin-1.10.3-46.el7.14.x86_64
docker-selinux-1.10.3-46.el7.14.x86_64


How reproducible:

100%

Steps to Reproduce:
1. Install a rhel7 vm and subscribe to these channels: rhel-7-server-rpms, rhel-7-server-extras-rpms 
2. yum update -y ; reboot; yum install docker
3. systemctl start docker.service
4. groupadd docker; chown root:docker /var/run/docker.sock
5. useradd <username>  
6. usermod -G docker <user>
7. systemctl restart docker.service
8. add your user to sudoer and make it passwordless
9. su - <my_user>;  ssh-keygen -t rsa -b 4096 -C <your_email>@redhat.com
10. add key to github
11. git clone https://github.com/ManageIQ/manageiq
12. git checkout origin/master
13. docker build -t <name of Image> <location> . 

**make sure selinux is in enforcing mode**
** the full pod create procedure I am using is in Mojo: https://mojo.redhat.com/docs/DOC-1088558**

Actual results:

we fail with permission denied error due to selinux configuration . 
if you run setenfore 0 and run docker build again you should be able to create the image 

Expected results:

selinux should not block docker build. 


Additional info:


Dependencies Resolved

==============================================================================================================================================================================================================================================
 Package                                                      Arch                                        Version                                                        Repository                                                      Size
==============================================================================================================================================================================================================================================
Installing:
 docker                                                       x86_64                                      1.10.3-46.el7.14                                               rhel-7-server-extras-rpms                                      9.5 M
Installing for dependencies:
 audit-libs-python                                            x86_64                                      2.6.5-3.el7                                                    rhel-7-server-htb-rpms                                          70 k
 checkpolicy                                                  x86_64                                      2.5-4.el7                                                      rhel-7-server-htb-rpms                                         290 k
 docker-common                                                x86_64                                      1.10.3-46.el7.14                                               rhel-7-server-extras-rpms                                       61 k
 docker-rhel-push-plugin                                      x86_64                                      1.10.3-46.el7.14                                               rhel-7-server-extras-rpms                                      2.3 M
 docker-selinux                                               x86_64                                      1.10.3-46.el7.14                                               rhel-7-server-extras-rpms                                       79 k
 libseccomp                                                   x86_64                                      2.3.1-2.el7                                                    rhel-7-server-htb-rpms                                          56 k
 libsemanage-python                                           x86_64                                      2.5-4.el7                                                      rhel-7-server-htb-rpms                                         103 k
 oci-register-machine                                         x86_64                                      1:0-1.8.gitaf6c129.el7                                         rhel-7-server-extras-rpms                                      1.1 M
 oci-systemd-hook                                             x86_64                                      1:0.1.4-4.git41491a3.el7                                       rhel-7-server-extras-rpms                                       27 k
 policycoreutils-python                                       x86_64                                      2.5-8.el7                                                      rhel-7-server-htb-rpms                                         444 k
 python-IPy                                                   noarch                                      0.75-6.el7                                                     rhel-7-server-aus-rpms                                          32 k
 setools-libs                                                 x86_64                                      3.3.8-1.1.el7                                                  rhel-7-server-htb-rpms                                         610 k


============================================================================


[dron1@localhost manageiq]$ docker build -t dafna_origin_docker_test1 .
Sending build context to Docker daemon 282.6 MB
Step 1 : FROM centos:7
 ---> 980e0e4c79ec
Step 2 : ENV container docker
 ---> Using cache
 ---> 734af3fd2567
Step 3 : MAINTAINER ManageIQ https://github.com/ManageIQ/manageiq-appliance-build
 ---> Using cache
 ---> 0479871e035b
Step 4 : ARG REF=master
 ---> Using cache
 ---> 16e74a86642d
Step 5 : ENV LANG en_US.UTF-8
 ---> Using cache
 ---> 50f45e6dea81
Step 6 : ENV TERM xterm
 ---> Using cache
 ---> ac1987df3c51
Step 7 : ENV RUBY_GEMS_ROOT /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0
 ---> Using cache
 ---> bc102bd0cc5a
Step 8 : ENV APP_ROOT /var/www/miq/vmdb
 ---> Using cache
 ---> b6fb3872a1ff
Step 9 : ENV APPLIANCE_ROOT /opt/manageiq/manageiq-appliance
 ---> Using cache
 ---> 33154cea5ec3
Step 10 : ENV SSUI_ROOT /opt/manageiq/manageiq-ui-self_service
 ---> Using cache
 ---> 996973459dd8
Step 11 : RUN curl -sSLko /etc/yum.repos.d/ncarboni-pglogical-SCL-epel-7.repo       https://copr.fedorainfracloud.org/coprs/ncarboni/pglogical-SCL/repo/epel-7/ncarboni-pglogical-SCL-epel-7.repo
 ---> Running in 5962aead1ec8
permission denied
Container command could not be invoked.
[dron1@localhost manageiq]$ sudo ausearch -m avc -ts recent 
----
time->Fri Sep 23 13:33:36 2016
type=SYSCALL msg=audit(1474626816.719:156): arch=c000003e syscall=59 success=no exit=-13 a0=c820595000 a1=c820577300 a2=c8200533e0 a3=0 items=0 ppid=11559 pid=12891 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="exe" exe="/usr/bin/docker-current" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
type=AVC msg=audit(1474626816.719:156): avc:  denied  { transition } for  pid=12891 comm="exe" path="/usr/bin/bash" dev="dm-3" ino=14680218 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=system_u:system_r:svirt_lxc_net_t:s0:c111,c453 tclass=process
----
time->Fri Sep 23 13:35:02 2016
type=SYSCALL msg=audit(1474626902.282:169): arch=c000003e syscall=59 success=no exit=-13 a0=c820630620 a1=c820664600 a2=c8206bb920 a3=0 items=0 ppid=11559 pid=13009 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="exe" exe="/usr/bin/docker-current" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
type=AVC msg=audit(1474626902.282:169): avc:  denied  { transition } for  pid=13009 comm="exe" path="/usr/bin/bash" dev="dm-3" ino=14680218 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=system_u:system_r:svirt_lxc_net_t:s0:c77,c796 tclass=process
[dron1@localhost manageiq]$