Description of problem: Docker from the offical repo doesn't run - eg. $ sudo docker run -t -i mytest/fedora /bin/bash 2015/01/19 14:01:53 Error response from daemon: Cannot start container 027430776b9ee30f9b3333149be61cab3d7c5d4e3bf55cdf589f44c7ef3bddf4: SELinux policy denies access. $ sudo setenforce 0 $ sudo docker run -t -i mytest/fedora /bin/bash [root@08eff9e9bb97 /]# exit $ docker -v Docker version 1.3.2, build 39fa2fa/1.3.2 SELinux is preventing /usr/bin/bash from using the 'transition' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that bash should be allowed transition access on processes labeled svirt_lxc_net_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep bash /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:system_r:svirt_lxc_net_t:s0:c474,c924 Target Objects /usr/bin/bash [ process ] Source bash Source Path /usr/bin/bash Port <Unknown> Host (removed) Source RPM Packages bash-4.2.45-4.fc20.x86_64 Target RPM Packages bash-4.2.45-4.fc20.x86_64 Policy RPM selinux-policy-3.12.1-106.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5 14:01:17 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2015-01-19 14:01:59 SAST Last Seen 2015-01-19 14:01:59 SAST Local ID 132d033c-7a8a-4af5-b80d-66d1d43ee3f4 Raw Audit Messages type=AVC msg=audit(1421668919.3:782): avc: denied { transition } for pid=11686 comm="dockerinit-1.3." path="/usr/bin/bash" dev="dm-9" ino=132200 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:svirt_lxc_net_t:s0:c474,c924 tclass=process type=SYSCALL msg=audit(1421668919.3:782): arch=x86_64 syscall=execve success=yes exit=0 a0=c20809e000 a1=c20809e010 a2=c208084300 a3=0 items=0 ppid=0 pid=11686 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=pts10 comm=bash exe=/usr/bin/bash subj=system_u:system_r:svirt_lxc_net_t:s0:c474,c924 key=(null) Hash: bash,init_t,svirt_lxc_net_t,process,transition Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.10-301.fc20.x86_64 type: libreport
Looks like you have a lableing issue. Your docker is running as the init system # restorecon -R -v /usr # systemctl restart docker.service Should fix the problem. You might want to relabel your entire system. touch /.autorelabel; reboot