Description of problem:
The error is come, when I start my docker compose file. The file content is:
version: '2'
services:
mariadb:
image: mariadb
container_name: mariadb
environment:
MYSQL_ROOT_PASSWORD: password
ports:
- 3306:3306
volumes:
- mariadb:/var/lib/mysql
phpmyadmin:
image: phpmyadmin/phpmyadmin
container_name: phpmyadmin
ports:
- 80:80
links:
- mariadb:db
depends_on:
- mariadb
volumes:
- mariadb:/var/lib/mysql
- sessions:/sessions
volumes:
mariadb:
driver: local
sessions:
driver: local
After docker-compose up command:
Starting mariadb
Starting phpmyadmin
Attaching to mariadb, phpmyadmin
mariadb | chown: changing ownership of '/var/lib/mysql/performance_schema/db.opt': Permission denied
mariadb | chown: changing ownership of '/var/lib/mysql/performance_schema': Permission denied
mariadb | chown: changing ownership of '/var/lib/mysql/pps/received.ibd': Permission denied
mariadb | chown: changing ownership of '/var/lib/mysql/pps/devices.frm': Permission denied
mariadb | chown: changing ownership of '/var/lib/mysql/pps/users.ibd': Permission denied
...
SELinux is preventing chown from 'setattr' accesses on the directory _data.
***** Plugin catchall (100. confidence) suggests **************************
If ha úgy érzi, hogy chown számára engedélyezni kell setattr hozzáférést itt: _data directory alapértelmezésben.
Then ezt jelentenie kell, mint hibát.
Hogy engedélyezze ezt a hozzáférést előállíthat egy helyi szabálymodult.
Do
allow this access for now by executing:
# ausearch -c 'chown' --raw | audit2allow -M my-chown
# semodule -X 300 -i my-chown.pp
Additional Information:
Source Context system_u:system_r:svirt_lxc_net_t:s0:c498,c834
Target Context system_u:object_r:container_var_lib_t:s0
Target Objects _data [ dir ]
Source chown
Source Path chown
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-191.20.fc24.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 4.8.7-200.fc24.x86_64 #1 SMP Fri
Nov 11 15:44:18 UTC 2016 x86_64 x86_64
Alert Count 2
First Seen 2016-11-17 07:37:32 CET
Last Seen 2016-11-17 22:02:35 CET
Local ID 1d611aad-98e7-4eae-89c9-b74a134bbc7e
Raw Audit Messages
type=AVC msg=audit(1479416555.331:448): avc: denied { setattr } for pid=4303 comm="chown" name="_data" dev="dm-0" ino=2760732 scontext=system_u:system_r:svirt_lxc_net_t:s0:c498,c834 tcontext=system_u:object_r:container_var_lib_t:s0 tclass=dir permissive=0
Hash: chown,svirt_lxc_net_t,container_var_lib_t,dir,setattr
Version-Release number of selected component:
selinux-policy-3.13.1-191.20.fc24.noarch
Additional info:
reporter: libreport-2.7.2
hashmarkername: setroubleshoot
kernel: 4.8.7-200.fc24.x86_64
type: libreport
This could be a docker-compose issue. not sure how docker compose translates volume requests into docker. Or it could be something that is fixed in newer versions of docker.
(In reply to Daniel Walsh from comment #1)
> What container storage are you using? Can you specify :Z in the volumes
> section, to relabel the content?
>
> - mariadb:/var/lib/mysql:Z
Thank you for your answer, it works. It is not a bug. Solved.
Description of problem: The error is come, when I start my docker compose file. The file content is: version: '2' services: mariadb: image: mariadb container_name: mariadb environment: MYSQL_ROOT_PASSWORD: password ports: - 3306:3306 volumes: - mariadb:/var/lib/mysql phpmyadmin: image: phpmyadmin/phpmyadmin container_name: phpmyadmin ports: - 80:80 links: - mariadb:db depends_on: - mariadb volumes: - mariadb:/var/lib/mysql - sessions:/sessions volumes: mariadb: driver: local sessions: driver: local After docker-compose up command: Starting mariadb Starting phpmyadmin Attaching to mariadb, phpmyadmin mariadb | chown: changing ownership of '/var/lib/mysql/performance_schema/db.opt': Permission denied mariadb | chown: changing ownership of '/var/lib/mysql/performance_schema': Permission denied mariadb | chown: changing ownership of '/var/lib/mysql/pps/received.ibd': Permission denied mariadb | chown: changing ownership of '/var/lib/mysql/pps/devices.frm': Permission denied mariadb | chown: changing ownership of '/var/lib/mysql/pps/users.ibd': Permission denied ... SELinux is preventing chown from 'setattr' accesses on the directory _data. ***** Plugin catchall (100. confidence) suggests ************************** If ha úgy érzi, hogy chown számára engedélyezni kell setattr hozzáférést itt: _data directory alapértelmezésben. Then ezt jelentenie kell, mint hibát. Hogy engedélyezze ezt a hozzáférést előállíthat egy helyi szabálymodult. Do allow this access for now by executing: # ausearch -c 'chown' --raw | audit2allow -M my-chown # semodule -X 300 -i my-chown.pp Additional Information: Source Context system_u:system_r:svirt_lxc_net_t:s0:c498,c834 Target Context system_u:object_r:container_var_lib_t:s0 Target Objects _data [ dir ] Source chown Source Path chown Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-191.20.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.8.7-200.fc24.x86_64 #1 SMP Fri Nov 11 15:44:18 UTC 2016 x86_64 x86_64 Alert Count 2 First Seen 2016-11-17 07:37:32 CET Last Seen 2016-11-17 22:02:35 CET Local ID 1d611aad-98e7-4eae-89c9-b74a134bbc7e Raw Audit Messages type=AVC msg=audit(1479416555.331:448): avc: denied { setattr } for pid=4303 comm="chown" name="_data" dev="dm-0" ino=2760732 scontext=system_u:system_r:svirt_lxc_net_t:s0:c498,c834 tcontext=system_u:object_r:container_var_lib_t:s0 tclass=dir permissive=0 Hash: chown,svirt_lxc_net_t,container_var_lib_t,dir,setattr Version-Release number of selected component: selinux-policy-3.13.1-191.20.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.8.7-200.fc24.x86_64 type: libreport