[Bug 1335523] New: Docker run fails with "ApplyLayer exit status 1 stdout: stderr: invalid argument" and SELINUX alert is raised

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1335523

            Bug ID: 1335523
           Summary: Docker run fails with "ApplyLayer exit status 1
                    stdout:  stderr: invalid argument" and SELINUX alert
                    is raised
           Product: Fedora
           Version: 23
         Component: docker-distribution
          Assignee: l...@redhat.com
          Reporter: tmlc...@redhat.com
        QA Contact: extras...@fedoraproject.org
                CC: admil...@redhat.com, golang@lists.fedoraproject.org,
                    jchal...@redhat.com, l...@redhat.com,
                    maria...@tuxette.fr, ttome...@redhat.com



Description of problem:

When I try to use docker, it always fails with weird error and selinux alert:

The alert:

kvě 12 14:04:48 blackbox setroubleshoot[3720]: SELinux is preventing exe from
mac_admin access on the capability2 Unknown. For complete SELinux messages. run
sealert -l b8af2d9b-e0ca-45a6-89aa-1dd13f840c67

kvě 12 14:04:48 blackbox python3[3720]: SELinux is preventing exe from
mac_admin access on the capability2 Unknown.

                                         *****  Plugin catchall (100.
confidence) suggests   **************************

                                         If you believe that exe should be
allowed mac_admin access on the Unknown capability2 by default.
                                         Then you should report this as a bug.
                                         You can generate a local policy module
to allow this access.
                                         Do
                                         allow this access for now by
executing:
                                         # ausearch -c exe --raw | audit2allow
-M mypol
                                         # semodule -i mypol.pp

Reproducer:

$ sudo systemctl start docker
$ sudo docker run -ti registry.access.redhat.com/rhel6.7 bash 
Unable to find image 'registry.access.redhat.com/rhel6.7:latest' locally
0701b067a296: Error pulling image (latest) from
registry.access.redhat.com/rhel6.7, ApplyLayer exit status 1 stdout:  stderr:
invalid argument 
failed
Error pulling image (latest) from registry.access.redhat.com/rhel6.7,
ApplyLayer exit status 1 stdout:  stderr: invalid argument


Version-Release number of selected component (if applicable):

$ uname -a
Linux blackbox 4.4.8-300.fc23.x86_64 #1 SMP Wed Apr 20 16:59:27 UTC 2016 x86_64
x86_64 x86_64 GNU/Linux

$ rpm -q docker docker-selinux libselinux selinux-policy
selinux-policy-targeted
docker-1.9.1-9.gitee06d03.fc23.x86_64
docker-selinux-1.9.1-9.gitee06d03.fc23.x86_64
libselinux-2.4-4.fc23.x86_64
libselinux-2.4-4.fc23.i686
selinux-policy-3.13.1-158.14.fc23.noarch
selinux-policy-targeted-3.13.1-158.14.fc23.noarch

How reproducible:
Always

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
golang mailing list
golang@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/golang@lists.fedoraproject.org