https://bugzilla.redhat.com/show_bug.cgi?id=1098120
Bug ID: 1098120 Summary: Unable to buid an run an image using sshd. Product: Fedora Version: 20 Component: docker-io Assignee: lsm5@redhat.com Reporter: pantinor@redhat.com QA Contact: extras-qa@fedoraproject.org CC: admiller@redhat.com, golang@lists.fedoraproject.org, lsm5@redhat.com, mattdm@redhat.com, mgoldman@redhat.com, s@shk.io, vbatts@redhat.com
Description of problem:
Unable to succesfully build and run a fairly simple image that used to work.
Version-Release number of selected component (if applicable):
$ docker -v Docker version 0.11.1, build fb99f99/0.11.1
How reproducible:
Always
Steps to Reproduce:
mkdir docker_test cd docker_test wget http://pastebin.com/raw.php?i=ie8BRcC4 -O Dockerfile docker build -t sshd --no-cache
Actual results:
$ docker build -t sshd --no-cache . Uploading context 2.56 kB Uploading context Step 0 : FROM centos ---> 539c0211cd76 Step 1 : RUN yum install -y openssh-server ---> Running in 65f28c081323 Loaded plugins: fastestmirror Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package openssh-server.x86_64 0:5.3p1-94.el6 will be installed --> Processing Dependency: openssh = 5.3p1-94.el6 for package: openssh-server-5.3p1-94.el6.x86_64 --> Processing Dependency: libcrypto.so.10(libcrypto.so.10)(64bit) for package: openssh-server-5.3p1-94.el6.x86_64 --> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.1)(64bit) for package: openssh-server-5.3p1-94.el6.x86_64 --> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-5.3p1-94.el6.x86_64 --> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-server-5.3p1-94.el6.x86_64 --> Running transaction check ---> Package fipscheck-lib.x86_64 0:1.2.0-7.el6 will be installed --> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.2.0-7.el6.x86_64 ---> Package openssh.x86_64 0:5.3p1-94.el6 will be installed ---> Package openssl.x86_64 0:1.0.0-27.el6_4.2 will be updated ---> Package openssl.x86_64 0:1.0.1e-16.el6_5.7 will be an update --> Processing Dependency: make for package: openssl-1.0.1e-16.el6_5.7.x86_64 ---> Package tcp_wrappers-libs.x86_64 0:7.6-57.el6 will be installed --> Running transaction check ---> Package fipscheck.x86_64 0:1.2.0-7.el6 will be installed ---> Package make.x86_64 1:3.81-20.el6 will be installed --> Finished Dependency Resolution
Dependencies Resolved
================================================================================ Package Arch Version Repository Size ================================================================================ Installing: openssh-server x86_64 5.3p1-94.el6 base 311 k Installing for dependencies: fipscheck x86_64 1.2.0-7.el6 base 14 k fipscheck-lib x86_64 1.2.0-7.el6 base 8.3 k make x86_64 1:3.81-20.el6 base 389 k openssh x86_64 5.3p1-94.el6 base 258 k tcp_wrappers-libs x86_64 7.6-57.el6 base 62 k Updating for dependencies: openssl x86_64 1.0.1e-16.el6_5.7 updates 1.5 M
Transaction Summary ================================================================================ Install 6 Package(s) Upgrade 1 Package(s)
Total download size: 2.5 M Downloading Packages: -------------------------------------------------------------------------------- Total 569 kB/s | 2.5 MB 00:04 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Importing GPG key 0xC105B9DE: Userid : CentOS-6 Key (CentOS 6 Official Signing Key) centos-6-key@centos.org Package: centos-release-6-4.el6.centos.10.x86_64 (@febootstrap/$releasever) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : tcp_wrappers-libs-7.6-57.el6.x86_64 1/8 Installing : 1:make-3.81-20.el6.x86_64 2/8 Updating : openssl-1.0.1e-16.el6_5.7.x86_64 3/8 Installing : fipscheck-lib-1.2.0-7.el6.x86_64 4/8 Installing : fipscheck-1.2.0-7.el6.x86_64 5/8 Installing : openssh-5.3p1-94.el6.x86_64 6/8 Installing : openssh-server-5.3p1-94.el6.x86_64 7/8 groupadd: failure while writing changes to /etc/group Cleanup : openssl-1.0.0-27.el6_4.2.x86_64 8/8 Verifying : 1:make-3.81-20.el6.x86_64 1/8 Verifying : tcp_wrappers-libs-7.6-57.el6.x86_64 2/8 Verifying : fipscheck-1.2.0-7.el6.x86_64 3/8 Verifying : openssl-1.0.1e-16.el6_5.7.x86_64 4/8 Verifying : openssh-5.3p1-94.el6.x86_64 5/8 Verifying : openssh-server-5.3p1-94.el6.x86_64 6/8 Verifying : fipscheck-lib-1.2.0-7.el6.x86_64 7/8 Verifying : openssl-1.0.0-27.el6_4.2.x86_64 8/8
Installed: openssh-server.x86_64 0:5.3p1-94.el6
Dependency Installed: fipscheck.x86_64 0:1.2.0-7.el6 fipscheck-lib.x86_64 0:1.2.0-7.el6 make.x86_64 1:3.81-20.el6 openssh.x86_64 0:5.3p1-94.el6 tcp_wrappers-libs.x86_64 0:7.6-57.el6
Dependency Updated: openssl.x86_64 0:1.0.1e-16.el6_5.7
Complete! ---> e869dfd88b15 Removing intermediate container 65f28c081323 Step 2 : RUN sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords yes/;s/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config ---> Running in 8673e7861c41 sed: warning: failed to set default file creation context to system_u:object_r:file_t:s0: Read-only file system ---> f49ebe0bc026 Removing intermediate container 8673e7861c41 Step 3 : CMD service sshd start ; bash ---> Running in b4db6af6261e ---> b9d7e3852943 Removing intermediate container b4db6af6261e Successfully built b9d7e3852943
Expected results:
A build and run with no errors. Everything works as expected when run for instance in a boot2docker vm:
https://github.com/boot2docker/boot2docker/releases/download/v0.9.1/boot2doc...
Additional info:
$ getenforce Permissive
The error is recent. I am not sure if the problem is Docker, selinux, or Centos base files, but the full operation used to succed without any problem in past.
Note sed warning: sed: warning: failed to set default file creation context to system_u:object_r:file_t:s0: Read-only file system ---> f49ebe0bc026
When running a container from that image, the ssh fails:
$ docker run -t -i sshd Generating SSH1 RSA host key: No such file or directory [ OK ] Generating SSH2 RSA host key: No such file or directory [ OK ] Generating SSH2 DSA host key: No such file or directory [ OK ] Starting sshd: Privilege separation user sshd does not exist [FAILED] bash-4.1# exit
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
Paolo Antinori pantinor@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Unable to buid an run an |Unable to buid images that |image using sshd. |interact with /etc/groups
--- Comment #1 from Paolo Antinori pantinor@redhat.com --- Found some evidence that the problem is wider and not related just to sshd..
Building this simpla image:
FROM centos:latest
MAINTAINER Paolo Antinori paolo.antinori@gmail.com
RUN yum install -y httpd ; yum -y clean all
CMD service httpd start ; bash
EXPOSE 80
Gives this output and a not runnable httpd:
$ docker build --rm -t test . Uploading context 2.56 kB Uploading context Step 0 : FROM centos:latest ---> 0b443ba03958 Step 1 : MAINTAINER Paolo Antinori paolo.antinori@gmail.com ---> Using cache ---> 4f53ca7a4051 Step 2 : RUN yum install -y httpd ; yum -y clean all ---> Running in 783dae15dd6c Loaded plugins: fastestmirror http://centosh2.centos.org/centos/6.5/updates/x86_64/repodata/d488729553d7cb...: [Errno 12] Timeout on http://centosh2.centos.org/centos/6.5/updates/x86_64/repodata/d488729553d7cb...: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds') Trying other mirror. Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.2.15-30.el6.centos will be installed --> Processing Dependency: httpd-tools = 2.2.15-30.el6.centos for package: httpd-2.2.15-30.el6.centos.x86_64 --> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.2.15-30.el6.centos.x86_64 --> Processing Dependency: initscripts >= 8.36 for package: httpd-2.2.15-30.el6.centos.x86_64 --> Processing Dependency: apr-util-ldap for package: httpd-2.2.15-30.el6.centos.x86_64 --> Processing Dependency: /etc/mime.types for package: httpd-2.2.15-30.el6.centos.x86_64 --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.2.15-30.el6.centos.x86_64 --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.2.15-30.el6.centos.x86_64 --> Running transaction check ---> Package apr.x86_64 0:1.3.9-5.el6_2 will be installed ---> Package apr-util.x86_64 0:1.3.9-3.el6_0.1 will be installed ---> Package apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 will be installed ---> Package httpd-tools.x86_64 0:2.2.15-30.el6.centos will be installed ---> Package initscripts.x86_64 0:9.03.40-2.el6.centos.1 will be installed --> Processing Dependency: upstart >= 0.6.0 for package: initscripts-9.03.40-2.el6.centos.1.x86_64 --> Processing Dependency: ethtool >= 1.8-2 for package: initscripts-9.03.40-2.el6.centos.1.x86_64 --> Processing Dependency: /sbin/ip for package: initscripts-9.03.40-2.el6.centos.1.x86_64 --> Processing Dependency: /sbin/arping for package: initscripts-9.03.40-2.el6.centos.1.x86_64 ---> Package mailcap.noarch 0:2.1.31-2.el6 will be installed ---> Package redhat-logos.noarch 0:60.0.14-12.el6.centos will be installed --> Running transaction check ---> Package ethtool.x86_64 2:3.5-1.4.el6_5 will be installed ---> Package iproute.x86_64 0:2.6.32-31.el6 will be installed --> Processing Dependency: iptables >= 1.4.5 for package: iproute-2.6.32-31.el6.x86_64 --> Processing Dependency: libxtables.so.4()(64bit) for package: iproute-2.6.32-31.el6.x86_64 ---> Package iputils.x86_64 0:20071127-17.el6_4.2 will be installed ---> Package upstart.x86_64 0:0.6.5-13.el6_5.3 will be installed --> Running transaction check ---> Package iptables.x86_64 0:1.4.7-11.el6 will be installed --> Processing Dependency: policycoreutils for package: iptables-1.4.7-11.el6.x86_64 --> Running transaction check ---> Package policycoreutils.x86_64 0:2.0.83-19.39.el6 will be installed --> Finished Dependency Resolution
Dependencies Resolved
================================================================================ Package Arch Version Repository Size ================================================================================ Installing: httpd x86_64 2.2.15-30.el6.centos updates 821 k Installing for dependencies: apr x86_64 1.3.9-5.el6_2 base 123 k apr-util x86_64 1.3.9-3.el6_0.1 base 87 k apr-util-ldap x86_64 1.3.9-3.el6_0.1 base 15 k ethtool x86_64 2:3.5-1.4.el6_5 updates 101 k httpd-tools x86_64 2.2.15-30.el6.centos updates 73 k initscripts x86_64 9.03.40-2.el6.centos.1 updates 940 k iproute x86_64 2.6.32-31.el6 base 365 k iptables x86_64 1.4.7-11.el6 base 252 k iputils x86_64 20071127-17.el6_4.2 base 120 k mailcap noarch 2.1.31-2.el6 base 27 k policycoreutils x86_64 2.0.83-19.39.el6 base 648 k redhat-logos noarch 60.0.14-12.el6.centos base 15 M upstart x86_64 0.6.5-13.el6_5.3 updates 177 k
Transaction Summary ================================================================================ Install 14 Package(s)
Total download size: 18 M Installed size: 30 M Downloading Packages: -------------------------------------------------------------------------------- Total 536 kB/s | 18 MB 00:34 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Importing GPG key 0xC105B9DE: Userid : CentOS-6 Key (CentOS 6 Official Signing Key) centos-6-key@centos.org Package: centos-release-6-5.el6.centos.11.2.x86_64 (@CentOS-Updates/$releasever) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. ** Found 2 pre-existing rpmdb problem(s), 'yum check' output follows: udev-147-2.51.el6.x86_64 has missing requires of /sbin/service udev-147-2.51.el6.x86_64 has missing requires of MAKEDEV >= ('0', '3.11', None) Installing : apr-1.3.9-5.el6_2.x86_64 1/14 Installing : apr-util-1.3.9-3.el6_0.1.x86_64 2/14 Installing : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 3/14 Installing : httpd-tools-2.2.15-30.el6.centos.x86_64 4/14 Installing : mailcap-2.1.31-2.el6.noarch 5/14 Installing : upstart-0.6.5-13.el6_5.3.x86_64 6/14 Installing : redhat-logos-60.0.14-12.el6.centos.noarch 7/14 Installing : 2:ethtool-3.5-1.4.el6_5.x86_64 8/14 Installing : iputils-20071127-17.el6_4.2.x86_64 9/14 Installing : iproute-2.6.32-31.el6.x86_64 10/14 Installing : initscripts-9.03.40-2.el6.centos.1.x86_64 11/14 Installing : policycoreutils-2.0.83-19.39.el6.x86_64 12/14 Installing : iptables-1.4.7-11.el6.x86_64 13/14 Installing : httpd-2.2.15-30.el6.centos.x86_64 14/14 groupadd: failure while writing changes to /etc/group useradd: group 'apache' does not exist warning: group apache does not exist - using root warning: user apache does not exist - using root warning: group apache does not exist - using root warning: user apache does not exist - using root warning: group apache does not exist - using root warning: group apache does not exist - using root Verifying : httpd-2.2.15-30.el6.centos.x86_64 1/14 Verifying : apr-1.3.9-5.el6_2.x86_64 2/14 Verifying : 2:ethtool-3.5-1.4.el6_5.x86_64 3/14 Verifying : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 4/14 Verifying : initscripts-9.03.40-2.el6.centos.1.x86_64 5/14 Verifying : iputils-20071127-17.el6_4.2.x86_64 6/14 Verifying : redhat-logos-60.0.14-12.el6.centos.noarch 7/14 Verifying : iptables-1.4.7-11.el6.x86_64 8/14 Verifying : upstart-0.6.5-13.el6_5.3.x86_64 9/14 Verifying : iproute-2.6.32-31.el6.x86_64 10/14 Verifying : mailcap-2.1.31-2.el6.noarch 11/14 Verifying : httpd-tools-2.2.15-30.el6.centos.x86_64 12/14 Verifying : apr-util-1.3.9-3.el6_0.1.x86_64 13/14 Verifying : policycoreutils-2.0.83-19.39.el6.x86_64 14/14
Installed: httpd.x86_64 0:2.2.15-30.el6.centos
Dependency Installed: apr.x86_64 0:1.3.9-5.el6_2 apr-util.x86_64 0:1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 ethtool.x86_64 2:3.5-1.4.el6_5 httpd-tools.x86_64 0:2.2.15-30.el6.centos initscripts.x86_64 0:9.03.40-2.el6.centos.1 iproute.x86_64 0:2.6.32-31.el6 iptables.x86_64 0:1.4.7-11.el6 iputils.x86_64 0:20071127-17.el6_4.2 mailcap.noarch 0:2.1.31-2.el6 policycoreutils.x86_64 0:2.0.83-19.39.el6 redhat-logos.noarch 0:60.0.14-12.el6.centos upstart.x86_64 0:0.6.5-13.el6_5.3
Complete! Loaded plugins: fastestmirror Cleaning repos: base extras updates Cleaning up Everything ---> 544b2a692924 Removing intermediate container 783dae15dd6c Step 3 : CMD service httpd start ; bash ---> Running in 0ede7efeb3cc ---> 140c0aaa7f53 Removing intermediate container 0ede7efeb3cc Step 4 : EXPOSE 80 ---> Running in 17025c7e85dc ---> 085199e5b898 Removing intermediate container 17025c7e85dc Successfully built 085199e5b898 17:03:37 (..ainers/centos/test)$ docker run --rm -it test Starting httpd: httpd: bad user name apache [FAILED]
while everything builds and then run just fine, from index.docker.io:
https://index.docker.io/u/pantinor/centos_httpd/
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
oarribas oarribas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |oarribas@redhat.com
--- Comment #2 from oarribas oarribas@redhat.com --- Similar error installing postgresql in a fedora based image.
Dockerfile:
FROM fedora RUN yum install -y postgresql-server postgresql postgresql-contrib USER postgres RUN /usr/bin/initdb -D /var/lib/pgsql/data
When installing postgres, the following warnings appear: . . Installing : postgresql-server-9.3.4-1.fc20.x86_64 6/6 warning: user postgres does not exist - using root warning: group postgres does not exist - using root . . .
And when running the initdb: . . Step 3 : RUN /usr/bin/initdb -D /var/lib/pgsql/data ---> Running in 9bb388ecf911
finalize namespace setup user get supplementary groups Unable to find user postgres The command [/bin/sh -c /usr/bin/initdb -D /var/lib/pgsql/data] returned a non-zero code: 1 . .
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #3 from oarribas oarribas@redhat.com --- In a container created with docker 0.9.1 and running with docker 0.11, if I try to do a "su - postgres" it fails:
bash-4.2# su - postgres su: System error
It runs in the same container, when running with docker 0.9.1
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #4 from Daniel Walsh dwalsh@redhat.com --- The problem is the libselinux in the centos image is reporting that SELinux is enabled to processes running within the container. This is tools like useradd and groupadd to attempt to write to /proc/self/attr/* files in order to setup proper labeling for SELinux. Since /proc is now mounted read/only within the container, the writes are denied and useradd/groupadd fail.
The fix is to get an updated version of libselinux into the Centos 6 images. RHEL7/RHEL6 and Current Fedora images have the fix.
Privileged containers and systems with SELInux disabled will not have this issue.
I believe the Fedora bugs reported are a separate issue, and it looks like the postgresql user needs to be added.
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #5 from Paolo Antinori pantinor@redhat.com --- (In reply to Daniel Walsh from comment #4)
The problem is the libselinux in the centos image is reporting that SELinux is enabled to processes running within the container. This is tools like useradd and groupadd to attempt to write to /proc/self/attr/* files in order to setup proper labeling for SELinux. Since /proc is now mounted read/only within the container, the writes are denied and useradd/groupadd fail.
The fix is to get an updated version of libselinux into the Centos 6 images. RHEL7/RHEL6 and Current Fedora images have the fix.
Privileged containers and systems with SELInux disabled will not have this issue.
I believe the Fedora bugs reported are a separate issue, and it looks like the postgresql user needs to be added.
Hi Daniel, thanks for your comment. I just trust every of your word about selinux, but I think that the problem cannot be just inside Centos image, since it builds fine on index.docker.io:
https://index.docker.io/u/pantinor/centos_httpd/build_id/5062/code/bhwqycbcp...
Here the full log if that link is private:
I am not sure which linux flavour is in use on index.docker.io, I suspect coreOs.
I was able to compile correctly even on a boot2docker images.
On my last test I have temporarely disable SElinux, built as root, and obviously not enable --privileged since it's not an option for the build sub command.
And still seeing these lines that are not present while building on other platforms:
groupadd: failure while writing changes to /etc/group useradd: group 'apache' does not exist warning: group apache does not exist - using root warning: user apache does not exist - using root warning: group apache does not exist - using root warning: user apache does not exist - using root warning: group apache does not exist - using root warning: group apache does not exist - using root
thank you
paolo
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #6 from Daniel Walsh dwalsh@redhat.com --- When you say you disabled it, did you just put it in permissive mode? In permissive mode the problem will continue, since it is not SELinux denying access it is actually the fact that /proc is mounted Read/Only. Previous versions of docker did not do this.
If you ran a container and just strace groupadd or useradd you will see it a permission denied while trying to write to /proc which is readonly.
It would build fine on any platform that did not have "selinux enabled" in permissive or enforcing mode.
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #7 from Paolo Antinori pantinor@redhat.com --- oh, I see. I was just putting it in permissive mode.
Thanks for explanation.
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #8 from oarribas oarribas@redhat.com --- Thanks Daniel, after an yum update of the host, postgresql runs again.
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #12 from Daniel Walsh dwalsh@redhat.com --- I have pushed an updated libselinux for rhel6.6 into
http://people.redhat.com/dwalsh/SELinux/RHEL6
If you install this version of libselinux into your rhel6 base image, I believe the useradd/groupadd problems will go away. We plan on adding this version to any docker images for rhel6 that we ship even prior to the release of rhel6.6.
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #13 from Marek Goldmann mgoldman@redhat.com --- (In reply to Daniel Walsh from comment #12)
I have pushed an updated libselinux for rhel6.6 into
http://people.redhat.com/dwalsh/SELinux/RHEL6
If you install this version of libselinux into your rhel6 base image, I believe the useradd/groupadd problems will go away. We plan on adding this version to any docker images for rhel6 that we ship even prior to the release of rhel6.6.
This fixes the issue for me.
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
michael.faille@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |michael.faille@gmail.com
--- Comment #14 from michael.faille@gmail.com --- I have same exactly problem but using Fedora 20 with Docker version 0.11.1, build fb99f99/0.11.1
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
Daniel Walsh dwalsh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Alias| |libselinux_disabled
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
Daniel Walsh dwalsh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NEXTRELEASE Last Closed| |2014-06-03 16:51:58
--- Comment #15 from Daniel Walsh dwalsh@redhat.com --- I have provided a fixed libselinux package which can be used to build your rhel6 image, We will soon be shipping a RHEL6 image with the newer libselinux package. I have also provided patches for libselinux to centos
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #16 from Paolo Antinori pantinor@redhat.com --- Thanks to Daniel half of my problem is solved.
I am now able to build successfully with Centos base image, adding his packages as the very first step:
FROM centos:latest
# keep this until these packages get into the official image with Cenots 6.6 # see http://bugs.centos.org/view.php?id=7126 RUN yum install -y http://mirror.centos.org/centos/6.5/centosplus/x86_64/Packages/libselinux-2.... http://mirror.centos.org/centos/6.5/centosplus/x86_64/Packages/libselinux-ut...
RUN yum install -y httpd ; yum -y clean all
CMD service httpd start ; bash
EXPOSE 80
https://bugzilla.redhat.com/show_bug.cgi?id=1098120
--- Comment #17 from Paolo Antinori pantinor@redhat.com --- Centos base image has been officially updated with the new packages, so the manual installation is no longer needed.
I still have problem connecting to sshd if I do not run the container as privileged, but I have open the ticket on Docker side now.
golang@lists.fedoraproject.org