https://bugzilla.redhat.com/show_bug.cgi?id=1186669
--- Comment #4 from colin <[email protected]> --- Hi Lokesh. So I did a yum-update and rebooted the VM upon login to the (SPICE) RemoteViewer MATE desktop I see 2 SELinux Alerts for openvswitch. [root@vm117 yum]# docker images FATA[0000] Cannot connect to the Docker daemon. Is 'docker -d' running on this host? [root@vm117 yum]# systemctl status -l docker.service ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled) Active: failed (Result: timeout) since Mon 2015-02-23 09:38:27 GMT; 22min ago Docs: http://docs.docker.com Process: 1612 ExecStart=/usr/bin/docker -d $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $INSECURE_REGISTRY (code=exited, status=0/SUCCESS) Main PID: 1612 (code=exited, status=0/SUCCESS) Feb 23 09:36:59 vm117 docker[1612]: time="2015-02-23T09:36:59Z" level="info" msg="+job serveapi(unix:///var/run/docker.sock)" Feb 23 09:36:59 vm117 docker[1612]: time="2015-02-23T09:36:59Z" level="info" msg="Listening for HTTP on unix (/var/run/docker.sock)" Feb 23 09:38:04 vm117 python[2253]: SELinux is preventing docker from getattr access on the directory /run/openvswitch. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that docker should be allowed getattr access on the openvswitch directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep docker /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Feb 23 09:38:04 vm117 python[2253]: SELinux is preventing docker from getattr access on the sock_file /run/openvswitch/db.sock. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that docker should be allowed getattr access on the db.sock sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep docker /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Feb 23 09:38:17 vm117 python[2253]: SELinux is preventing docker from getattr access on the directory /run/openvswitch. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that docker should be allowed getattr access on the openvswitch directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep docker /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Feb 23 09:38:27 vm117 systemd[1]: docker.service start operation timed out. Terminating. Feb 23 09:38:27 vm117 docker[1612]: time="2015-02-23T09:38:27Z" level="info" msg="Received signal 'terminated', starting shutdown of docker..." Feb 23 09:38:27 vm117 systemd[1]: Failed to start Docker Application Container Engine. Feb 23 09:38:27 vm117 systemd[1]: Unit docker.service entered failed state. Feb 23 09:38:27 vm117 systemd[1]: docker.service failed. I do a manual docker start now and this does work. [root@vm117 yum]# systemctl stop docker.service [root@vm117 yum]# systemctl start docker.service [root@vm117 yum]# systemctl status -l docker.service ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled) Active: active (running) since Mon 2015-02-23 10:03:28 GMT; 5s ago Docs: http://docs.docker.com Main PID: 2550 (docker) CGroup: /system.slice/docker.service └─2550 /usr/bin/docker -d --selinux-enabled Feb 23 10:03:27 vm117 python[2507]: SELinux is preventing docker from getattr access on the sock_file /run/openvswitch/db.sock. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that docker should be allowed getattr access on the db.sock sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep docker /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Feb 23 10:03:27 vm117 docker[2550]: time="2015-02-23T10:03:27Z" level="info" msg="-job init_networkdriver() = OK (0)" Feb 23 10:03:27 vm117 docker[2550]: time="2015-02-23T10:03:27Z" level="info" msg="Loading containers: start." Feb 23 10:03:28 vm117 docker[2550]: ........time="2015-02-23T10:03:28Z" level="error" msg="Warning: error unmounting device 66c4719685e9ca574429ebed6c16816efd3bba70b9cb19dd81209003a6f8d7b5: UnmountDevice: device not-mounted id 66c4719685e9ca574429ebed6c16816efd3bba70b9cb19dd81209003a6f8d7b5" Feb 23 10:03:28 vm117 docker[2550]: .time="2015-02-23T10:03:28Z" level="error" msg="Warning: error unmounting device 7d0bef932cf04222a6417685a64f8ed87b1af9a2ce962d4c7439937a671f00fd: UnmountDevice: device not-mounted id 7d0bef932cf04222a6417685a64f8ed87b1af9a2ce962d4c7439937a671f00fd" Feb 23 10:03:28 vm117 docker[2550]: .....time="2015-02-23T10:03:28Z" level="error" msg="Warning: error unmounting device d3123de348b17df04fc08607bf826ff1d18b3b4fe2c31f521e846749f2624c2f: UnmountDevice: device not-mounted id d3123de348b17df04fc08607bf826ff1d18b3b4fe2c31f521e846749f2624c2f" Feb 23 10:03:28 vm117 docker[2550]: time="2015-02-23T10:03:28Z" level="info" msg="Loading containers: done." Feb 23 10:03:28 vm117 docker[2550]: time="2015-02-23T10:03:28Z" level="info" msg="docker daemon: 1.5.0 a8a31ef/1.5.0; execdriver: native-0.2; graphdriver: devicemapper" Feb 23 10:03:28 vm117 docker[2550]: time="2015-02-23T10:03:28Z" level="info" msg="+job acceptconnections()" Feb 23 10:03:28 vm117 docker[2550]: time="2015-02-23T10:03:28Z" level="info" msg="-job acceptconnections() = OK (0)" [root@vm117 yum]# -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ golang mailing list [email protected] https://lists.fedoraproject.org/mailman/listinfo/golang
