Description of problem: The Docker daemon fails to start on systems with SELinux and btrfs Version-Release number of selected component (if applicable): Kernel: 3.16.2-200.fc20.x86_64 #1 SMP Docker: 1.2.0 (2.fc20) libselinux: 2.2.1 (6.fc20) How reproducible: Incredibly so. Steps to Reproduce: 1. Install F20 on btrfs 2. systemctl start docker 3. Bang head against desk Actual results: adam@dekatron ~/bin sudo systemctl start docker [sudo] password for adam: Job for docker.service failed. See 'systemctl status docker.service' and 'journalctl -xn' for details. ✘ adam@dekatron ~/bin journalctl -xn -- Logs begin at Wed 2014-09-17 14:41:46 PDT, end at Fri 2014-09-19 18:18:26 PDT. -- Sep 19 18:18:18 dekatron.voxadam.com docker[7517]: 2014/09/19 18:18:18 SELinux is not supported with the BTRFS graph driver! Sep 19 18:18:18 dekatron.voxadam.com systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE Sep 19 18:18:18 dekatron.voxadam.com systemd[1]: Failed to start Docker Application Container Engine. -- Subject: Unit docker.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit docker.service has failed. -- -- The result is failed. Expected results: Docker should start. Additional info: https://bugzilla.redhat.com/show_bug.cgi?id=1128041 https://github.com/docker/docker/issues/7952
Suggested workaround by Dan Walsh: remove --selinux-enabled from /etc/sysconfig/docker https://github.com/docker/docker/issues/7952#issuecomment-56435657
(In reply to Tomas Tomecek from comment #1) > Suggested workaround by Dan Walsh: > > remove --selinux-enabled from /etc/sysconfig/docker > > https://github.com/docker/docker/issues/7952#issuecomment-56435657 Dan's patch: http://pkgs.fedoraproject.org/cgit/docker-io.git/tree/ignore-selinux-if-disabled.patch should ignore selinux if it's disabled. This patch has been added since docker-io-1.2.0-3 . Could you check if this issue still exists. Also, if --selinux-enabled has to be removed from /etc/sysconfig/docker, I'd guess that'd need to be done only on selinux-disabled systems, so that'd need no changes in the rpm itself. Let me know.
Still not working for me: I had to go for workaround: (alias sc="systemctl") $ sc start docker Job for docker.service failed. See 'systemctl status docker.service' and 'journalctl -xn' for details. $ sc status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; static) Active: failed (Result: exit-code) since Fri 2014-10-03 09:22:36 CEST; 9s ago Docs: http://docs.docker.com Process: 15807 ExecStart=/usr/bin/docker -d -H fd:// $OPTIONS $DOCKER_STORAGE_OPTIONS (code=exited, status=1/FAILURE) Main PID: 15807 (code=exited, status=1/FAILURE) Oct 03 09:22:36 quahog docker[15807]: 2014/10/03 09:22:36 docker daemon: 1.2.0 fa7b24f/1.2.0; execdriver: native; graphdriver: Oct 03 09:22:36 quahog docker[15807]: [4d8d9691] +job serveapi(fd://) Oct 03 09:22:36 quahog docker[15807]: 2014/10/03 09:22:36 SELinux is not supported with the BTRFS graph driver! Oct 03 09:22:36 quahog systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE Oct 03 09:22:36 quahog systemd[1]: Failed to start Docker Application Container Engine. Oct 03 09:22:36 quahog systemd[1]: Unit docker.service entered failed state. $ rpm -q docker-io docker-io-1.2.0-3.fc21.x86_64 $ getenforce Permissive $ cat /etc/sysconfig/docker OPTIONS=--selinux-enabled
Tomas, so I'd guess removing --selinux-enabled from /etc/sysconfig/docker works fine for you, correct?
Yes
So, will this never be supported? Time to re-install with another filesystem? :(
Sadly unless some Kernel File System picks up the support, I am doubtful. Red Hat plans on concentrating on OverLayFS and DeviceMapper as the preferred docker backends.
There seems to be an upstream patch for that: https://marc.info/?l=git-commits-head&m=141302939209611&w=2 From: https://github.com/docker/docker/issues/7952