Bug 1494287
Summary: | SELinux is preventing portainer from 'connectto' accesses on the unix_stream_socket /run/docker.sock. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | thiagoahauck |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 26 | CC: | dwalsh, lsm5, lvrabec, mgrepl, plautrba, pmoore |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:1c5d4da524a6bfae27142ab02a76eec3594aa5b1de704d6f67a5bcecc3fe23be; | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-09-22 10:52:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
thiagoahauck
2017-09-21 23:41:59 UTC
You are running a confined container and giving it access to the docker.sock. Which SELinux is correctly blocking. Any process that can talk to the docker.sock, owns your system. So you might as well run with --privileged mode. If this is your intention. If not, then you have a container breakout... |