Bug 1517831

Summary: unable to run systemd in non-privileged container
Product: [Fedora] Fedora Reporter: Micah Abbott <miabbott>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 27CC: dustymabe, dwalsh, lvrabec, mgrepl, plautrba, pmoore
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-27 20:45:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Micah Abbott 2017-11-27 14:46:32 UTC 
Over in BZ#1510139, it was reported that we were unable to to run systemd in a non-privileged container.

After some trial and error, it was discovered that in order to get the container running we had to enable the 'container_manage_cgroup' boolean.

Dan suggests we modify the SELinux policy to have this boolean enabled in comment #9 of the above mentioned bug.

We were seeing these issues using the following version of 'selinux-policy':

selinux-policy-3.13.1-283.16.fc27.noarch
Comment 1 Micah Abbott 2017-11-27 20:45:53 UTC 

*** This bug has been marked as a duplicate of bug 1510139 ***