Hide Forgot
Description of problem: It looks like we are encountering this since upgrading to RHEL 7.3. On my personal boxes, as well as our automation testing framework for Satellite 6, we are blocked by what appears to be this bug. If selinux is disabled, then containers run properly. [root@rhsm-qe-1 content-host-d]# docker run hello-world permission denied docker: Error response from daemon: Container command could not be invoked.. Version-Release number of selected component (if applicable): Red Hat Enterprise Linux Server release 7.3 (Maipo) How reproducible: Always Steps to Reproduce: 1. Ensure selinux is enabled. 2. Attempt to run a container Actual results: [root@rhsm-qe-1 content-host-d]# docker run hello-world permission denied docker: Error response from daemon: Container command could not be invoked.. Expected results: The container runs properly, without disabling selinux Additional info: It looks like this bug, which was closed, may be the same issue. https://bugzilla.redhat.com/show_bug.cgi?id=1327740
There seems to be a mismatch in the docker-selinux package. I am not sure if the right version was shipped. Simple fix is to do chcon -t docker_exec_t /usr/bin/docker* systemctl restart docker And everything should work.
That was indeed a simple fix! How soon can we get the proper version in? fyi [root@rhsm-qe-1 content-host-d]# rpm -qa | grep docker docker-selinux-1.10.3-46.el7.14.x86_64 python-pulp-docker-common-2.0.3-1.el7sat.noarch docker-rhel-push-plugin-1.10.3-46.el7.14.x86_64 docker-1.10.3-46.el7.14.x86_64 tfm-rubygem-hammer_cli_foreman_docker-0.0.6-1.el7sat.noarch docker-common-1.10.3-46.el7.14.x86_64 tfm-rubygem-docker-api-1.28.0-1.el7sat.noarch pulp-docker-plugins-2.0.3-1.el7sat.noarch tfm-rubygem-foreman_docker-2.0.1.11-1.el7sat.noarch
This is causing this issue: https://github.com/openshift/openshift-ansible/issues/2978