SELinux security labels are now supported on the OverlayFS file system
With this update, the OverlayFS file system now supports SELinux security labels. When using Docker containers with the OverlayFS storage driver, you no longer have to configure Docker to disable SELinux support for the containers.
The RHEL 7.2 recommend configuration is disable SELinux for the Docker daemon. Need to remove this restriction for Docker.
I know we have customers looking to use overlayfs and having to disable SELinux makes for a bad security story for us.
*** Bug 1178944 has been marked as a duplicate of this bug. ***
This won't make it to 7.3 as patches are not ready yet.
However things are progressing nicely and the feature should be ready for upstream kernel 4.8 or 4.9.
Patch(es) committed on kernel repository and an interim kernel build is undergoing testing
Patch(es) available on kernel-3.10.0-517.el7
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.