Description of problem: SELinux is preventing docker from 'getattr' accesses on the directory /etc/glusterfs. ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass es docker standardmässig erlaubt sein sollte, getattr Zugriff auf glusterfs directory zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep docker /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:docker_t:s0 Target Context system_u:object_r:glusterd_conf_t:s0 Target Objects /etc/glusterfs [ dir ] Source docker Source Path docker Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages glusterfs-server-3.6.2-2.fc22.x86_64 Policy RPM selinux-policy-3.13.1-119.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.0.0-0.rc4.git0.1.fc22.x86_64 #1 SMP Mon Mar 16 14:36:23 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-03-30 13:05:49 CEST Last Seen 2015-03-30 13:05:49 CEST Local ID 55b11c21-0504-48fe-8131-3a495527d130 Raw Audit Messages type=AVC msg=audit(1427713549.233:2573): avc: denied { getattr } for pid=664 comm="docker" path="/etc/glusterfs" dev="sdc1" ino=815839716 scontext=system_u:system_r:docker_t:s0 tcontext=system_u:object_r:glusterd_conf_t:s0 tclass=dir permissive=1 Hash: docker,docker_t,glusterd_conf_t,dir,getattr Version-Release number of selected component: selinux-policy-3.13.1-119.fc22.noarch Additional info: reporter: libreport-2.5.0 hashmarkername: setroubleshoot kernel: 4.0.0-0.rc5.git1.3.fc22.x86_64 type: libreport
What were you doing when this happened?
Lukas Probably will be fixed when we get an updated docker-selinux package.
*** This bug has been marked as a duplicate of bug 1221379 ***
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days