https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #5 from Paolo Antinori <pantinor(a)redhat.com> ---
(In reply to Daniel Walsh from comment #4)
The problem is the libselinux in the centos image is reporting that
SELinux
is enabled to processes running within the container. This is tools like
useradd and groupadd to attempt to write to /proc/self/attr/* files in order
to setup proper labeling for SELinux. Since /proc is now mounted read/only
within the container, the writes are denied and useradd/groupadd fail.
The fix is to get an updated version of libselinux into the Centos 6 images.
RHEL7/RHEL6 and Current Fedora images have the fix.
Privileged containers and systems with SELInux disabled will not have this
issue.
I believe the Fedora bugs reported are a separate issue, and it looks like
the postgresql user needs to be added.
Hi Daniel, thanks for your comment. I just trust every of your word about
selinux, but I think that the problem cannot be just inside Centos image, since
it builds fine on index.docker.io:
https://index.docker.io/u/pantinor/centos_httpd/build_id/5062/code/bhwqyc...
Here the full log if that link is private:
http://fpaste.org/103787/
I am not sure which linux flavour is in use on index.docker.io, I suspect
coreOs.
I was able to compile correctly even on a boot2docker images.
On my last test I have temporarely disable SElinux, built as root, and
obviously not enable --privileged since it's not an option for the build sub
command.
http://fpaste.org/103787/
And still seeing these lines that are not present while building on other
platforms:
groupadd: failure while writing changes to /etc/group
useradd: group 'apache' does not exist
warning: group apache does not exist - using root
warning: user apache does not exist - using root
warning: group apache does not exist - using root
warning: user apache does not exist - using root
warning: group apache does not exist - using root
warning: group apache does not exist - using root
thank you
paolo
--
You are receiving this mail because:
You are on the CC list for the bug.