selinux denials when starting docker in F23
Dusty Mabe
dusty at dustymabe.com
Thu Oct 8 19:06:09 UTC 2015
Hey guys anybody seen these when starting
docker-1.8.2-5.gitcb216be.fc23.x86_64:
```
Oct 08 18:55:47 cloudhost.localdomain audit[1513]: AVC avc: denied {
read } for pid=1513 comm="iptables" path="net:[4026531957]" dev="nsfs"
ino=4026531957 scontext=system_u:system_r:iptables_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
```
Nevertheless the docker daemon is up and running but if I start a
container and then force remove it I see:
```
Error deleting container: Error response from daemon: Cannot destroy
container
710f834e316946a422a00fb3470b895b387519ecb01a5b195cc818b9764f82a7: Failed
to set container state to RemovalInProgress: Status is already
RemovalInProgress
```
and this is in the journal:
```
Oct 08 19:04:31 cloudhost.localdomain audit[1]: USER_AVC pid=1 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='Unknown permission stop for class system
exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Oct 08 19:04:31 cloudhost.localdomain audit[1]: USER_AVC pid=1 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='Unknown permission stop for class system
exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
```
More information about the cloud
mailing list