Running docker "exec -ti THE_ID /bin/bash" returns immediately back to calling shell because SELinux policy violation: Nov 12 09:18:02 dhcp-0-146 setroubleshoot: SELinux is preventing /usr/bin/bash from 'read, write' accesses on the chr_file /dev/pts/11. For complete SELinux messages. run sealert -l 1a3a4130-348a-4d1c-9f50-605b2b649f66 Nov 12 09:18:02 dhcp-0-146 python: SELinux is preventing /usr/bin/bash from 'read, write' accesses on the chr_file /dev/pts/11.#012#012***** Plugin leaks (86.2 confidence) suggests *****************************#012#012If you want to ignore bash trying to read write access the 11 chr_file, because you believe it should not need this access.#012Then you should report this as a bug. #012You can generate a local policy module to dontaudit this access.#012Do#012# grep /usr/bin/bash /var/log/audit/audit.log | audit2allow -D -M mypol#012# semodule -i mypol.pp#012#012***** Plugin catchall (14.7 confidence) suggests **************************#012#012If you believe that bash should be allowed read write access on the 11 chr_file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep bash /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012 Nov 12 09:18:02 dhcp-0-146 setroubleshoot: SELinux is preventing /usr/bin/bash from 'read, write' accesses on the chr_file /dev/pts/11. For complete SELinux messages. run sealert -l 1a3a4130-348a-4d1c-9f50-605b2b649f66 Nov 12 09:18:02 dhcp-0-146 python: SELinux is preventing /usr/bin/bash from 'read, write' accesses on the chr_file /dev/pts/11.#012#012***** Plugin leaks (86.2 confidence) suggests *****************************#012#012If you want to ignore bash trying to read write access the 11 chr_file, because you believe it should not need this access.#012Then you should report this as a bug. #012You can generate a local policy module to dontaudit this access.#012Do#012# grep /usr/bin/bash /var/log/audit/audit.log | audit2allow -D -M mypol#012# semodule -i mypol.pp#012#012***** Plugin catchall (14.7 confidence) suggests **************************#012#012If you believe that bash should be allowed read write access on the 11 chr_file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep bash /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012 Nov 12 09:18:02 dhcp-0-146 setroubleshoot: SELinux is preventing /usr/bin/bash from 'read, write' accesses on the chr_file /dev/pts/11. For complete SELinux messages. run sealert -l 1a3a4130-348a-4d1c-9f50-605b2b649f66 Nov 12 09:18:02 dhcp-0-146 python: SELinux is preventing /usr/bin/bash from 'read, write' accesses on the chr_file /dev/pts/11.#012#012***** Plugin leaks (86.2 confidence) suggests *****************************#012#012If you want to ignore bash trying to read write access the 11 chr_file, because you believe it should not need this access.#012Then you should report this as a bug. #012You can generate a local policy module to dontaudit this access.#012Do#012# grep /usr/bin/bash /var/log/audit/audit.log | audit2allow -D -M mypol#012# semodule -i mypol.pp#012#012***** Plugin catchall (14.7 confidence) suggests **************************#012#012If you believe that bash should be allowed read write access on the 11 chr_file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep bash /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012 Nov 12 09:18:02 dhcp-0-146 setroubleshoot: SELinux is preventing /usr/bin/bash from 'read, write' accesses on the chr_file /dev/pts/11. For complete SELinux messages. run sealert -l 1a3a4130-348a-4d1c-9f50-605b2b649f66 Nov 12 09:18:02 dhcp-0-146 python: SELinux is preventing /usr/bin/bash from 'read, write' accesses on the chr_file /dev/pts/11.#012#012***** Plugin leaks (86.2 confidence) suggests *****************************#012#012If you want to ignore bash trying to read write access the 11 chr_file, because you believe it should not need this access.#012Then you should report this as a bug. #012You can generate a local policy module to dontaudit this access.#012Do#012# grep /usr/bin/bash /var/log/audit/audit.log | audit2allow -D -M mypol#012# semodule -i mypol.pp#012#012***** Plugin catchall (14.7 confidence) suggests **************************#012#012If you believe that bash should be allowed read write access on the 11 chr_file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep bash /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012 Nov 12 09:21:40 dhcp-0-146 docker: time="2015-11-12T09:21:40.019022166+01:00" level=info msg="POST /v1.20/containers/f0401a4ef8d7/exec" Nov 12 09:21:40 dhcp-0-146 dbus[929]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper) Nov 12 09:21:40 dhcp-0-146 audit: <audit-1400> avc: denied { read write } for pid=12976 comm="bash" path="/dev/pts/12" dev="devpts" ino=15 scontext=system_u:system_r:svirt_lxc_net_t:s0:c369,c530 tcontext=system_u:object_r:docker_devpts_t:s0 tclass=chr_file permissive=0 Nov 12 09:21:40 dhcp-0-146 audit: <audit-1400> avc: denied { read write } for pid=12976 comm="bash" path="/dev/pts/12" dev="devpts" ino=15 scontext=system_u:system_r:svirt_lxc_net_t:s0:c369,c530 tcontext=system_u:object_r:docker_devpts_t:s0 tclass=chr_file permissive=0 Nov 12 09:21:40 dhcp-0-146 audit: <audit-1400> avc: denied { read write } for pid=12976 comm="bash" path="/dev/pts/12" dev="devpts" ino=15 scontext=system_u:system_r:svirt_lxc_net_t:s0:c369,c530 tcontext=system_u:object_r:docker_devpts_t:s0 tclass=chr_file permissive=0 Nov 12 09:21:40 dhcp-0-146 audit: <audit-1400> avc: denied { read write } for pid=12976 comm="bash" path="/dev/pts/12" dev="devpts" ino=15 scontext=system_u:system_r:svirt_lxc_net_t:s0:c369,c530 tcontext=system_u:object_r:docker_devpts_t:s0 tclass=chr_file permissive=0 Nov 12 09:21:40 dhcp-0-146 audit: <audit-1300> arch=c000003e syscall=59 success=yes exit=0 a0=c820151440 a1=c820151450 a2=c820015ec0 a3=0 items=0 ppid=12437 pid=12976 auid=4294967295 uid=1001 gid=0 euid=1001 suid=1001 fsuid=1001 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="bash" exe="/usr/bin/bash" subj=system_u:system_r:svirt_lxc_net_t:s0:c369,c530 key=(null) [...] I have docker-1.8.2-7.gitcb216be.fc22.x86_64. This looks like bug #1243172.
yum reinstall docker-selinux
That helped. Thank you.