1195804 – docker run fails on rawhide with setenforce 1

Bug 1195804 - docker run fails on rawhide with setenforce 1

Summary: docker run fails on rawhide with setenforce 1

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1194589
TreeView+	depends on / blocked

Reported:	2015-02-24 15:38 UTC by Lokesh Mandvekar
Modified:	2015-04-09 12:48 UTC (History)
CC List:	19 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-04-09 12:48:37 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Lokesh Mandvekar 2015-02-24 15:38:25 UTC

Description of problem:

On rawhide, docker run commands fail with selinux enforcing.

Feb 24 09:34:01 naruto kernel: [605832.428983] audit: type=1400 audit(1424792041.549:3572): avc:  denied  { entrypoint } for  pid=19015 comm="docker" path="/var/lib/docker/init/dockerinit-1.5.0-dev" dev="sda2" ino=134594 scontext=system_u:system_r:spc_t:s0 tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file permissive=0
Feb 24 09:34:01 naruto kernel: [605832.429083] audit: type=1300 audit(1424792041.549:3572): arch=c000003e syscall=59 success=no exit=-13 a0=c208b05290 a1=c208602500 a2=c2085ceb20 a3=0 items=0 ppid=7465 pid=19015 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="docker" exe="/usr/bin/docker" subj=system_u:system_r:docker_t:s0 key=(null)
Feb 24 09:34:01 naruto kernel: [605832.429110] audit: type=1327 audit(1424792041.549:3572): proctitle=2F7573722F62696E2F646F636B6572002D64002D2D73656C696E75782D656E61626C6564

Comment 1 Daniel Walsh 2015-02-24 15:48:18 UTC

I have checked in fixes for this into selinux-policy upstream.  We need a new build of selinux-policy for rawhide.

Comment 2 Lukas Vrabec 2015-02-25 19:23:56 UTC

New builds for Rawhide and F22 are available.
http://koji.fedoraproject.org/koji/buildinfo?buildID=615064
http://koji.fedoraproject.org/koji/buildinfo?buildID=615070

Comment 3 Pete Travis 2015-04-09 04:31:23 UTC

These builds have been shipped, with several updates since.  Is this bug open for testing still, or has it just missed a bodhi tag?

Comment 4 Lukas Vrabec 2015-04-09 09:36:18 UTC

Probably missed bodhi tag. 

I think this issue is resolved.

Comment 5 Lokesh Mandvekar 2015-04-09 12:48:37 UTC

ahh yes, this is resolved but no way to set bodhi for rawhide. I'll close this.

Note You need to log in before you can comment on or make changes to this bug.