Description of problem: `docker run httpd` Trying to run official docker container for apache. Same issue as https://bugzilla.redhat.com/show_bug.cgi?id=1456963 SELinux is preventing httpd from 'open' accesses on the fifo_file fifo_file. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that httpd should be allowed open access on the fifo_file fifo_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'httpd' --raw | audit2allow -M my-httpd # semodule -X 300 -i my-httpd.pp Additional Information: Source Context system_u:system_r:container_t:s0:c787,c949 Target Context system_u:system_r:container_runtime_t:s0-s0:c0.c10 23 Target Objects fifo_file [ fifo_file ] Source httpd Source Path httpd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-225.16.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.11.3-200.fc25.x86_64 #1 SMP Thu May 25 19:03:07 UTC 2017 x86_64 x86_64 Alert Count 1 First Seen 2017-06-04 12:11:56 EDT Last Seen 2017-06-04 12:11:56 EDT Local ID bf3d995f-8be2-47b5-8682-6e4ddf172082 Raw Audit Messages type=AVC msg=audit(1496592716.733:11405): avc: denied { open } for pid=3145 comm="httpd" path="pipe:[6674380]" dev="pipefs" ino=6674380 scontext=system_u:system_r:container_t:s0:c787,c949 tcontext=system_u:system_r:container_runtime_t:s0-s0:c0.c1023 tclass=fifo_file permissive=0 Hash: httpd,container_t,container_runtime_t,fifo_file,open Version-Release number of selected component: selinux-policy-3.13.1-225.16.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.11.3-200.fc25.x86_64 type: libreport
container-selinux-2.17-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-483d4b64eb
container-selinux-2.17-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-6d722cd191
container-selinux-2.17-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-6d722cd191
container-selinux-2.18-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-78ffa38344
container-selinux-2.18-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-e756e8fdde
container-selinux-2.18-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-78ffa38344
container-selinux-2.18-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-e756e8fdde
container-selinux-2.18-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
container-selinux-2.18-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.