Description of problem: Don't think this condition existed at the time of docker 1.2.0 update (though I could be wrong). HOST $ cat /etc/sysconfig/docker OPTIONS=--selinux-enabled CONTAINER bash-4.2# ls -aZ /etc/resolv.conf ls: cannot access /etc/resolv.conf: Permission denied --------------------------------- HOST $ cat /etc/sysconfig/docker OPTIONS= CONTAINER bash-4.2# ls -aZ /etc/resolv.conf -rw-r--r--. root root system_u:object_r:docker_var_lib_t:s0 /etc/resolv.conf NVRs: $ rpm -q docker-io docker-io-1.2.0-2.fc22.x86_64 $ rpm -q selinux-policy selinux-policy-3.13.1-81.fc22.noarch
11e67f0e6778328b23cd2677ffdc7277cbead41a fixes this in git for selinux-policy. Basically we want resolv.conf to be labeled docker_share_t just like /etc/hosts and /etc/hostname