Description of problem: SELinux is preventing docker from 'relabelfrom' accesses on the file COMMIT_EDITMSG. ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass es docker standardmässig erlaubt sein sollte, relabelfrom Zugriff auf COMMIT_EDITMSG file zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep docker /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:docker_t:s0 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects COMMIT_EDITMSG [ file ] Source docker Source Path docker Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-119.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.0.0-1.fc22.x86_64 #1 SMP Mon Apr 13 10:03:33 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-04-17 15:42:56 CEST Last Seen 2015-04-17 15:42:56 CEST Local ID 34032ee2-9f5f-4bf2-86ff-77acf353723f Raw Audit Messages type=AVC msg=audit(1429278176.555:1667): avc: denied { relabelfrom } for pid=10178 comm="docker" name="COMMIT_EDITMSG" dev="sda2" ino=268512558 scontext=system_u:system_r:docker_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 Hash: docker,docker_t,user_home_t,file,relabelfrom Version-Release number of selected component: selinux-policy-3.13.1-119.fc22.noarch Additional info: reporter: libreport-2.5.1 hashmarkername: setroubleshoot kernel: 4.0.1-300.fc22.x86_64 type: libreport
Lokesh can you push the latest docker-selinux package into f22. Autarch, could you make sure you docker and docker-selinux package are up2date dnf update docker*
*** Bug 1218132 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 1221379 ***