Ask questionsrunc regression - EPERM running containers from selinux

Trying to run containers on centOS with selinux enforcing on, runc gets a denial trying to access /proc/self/attrs/keycreate.

This happens when selinux-enabled=false on dockerd, which is the default. When selinux-enabled=true all is OK.

Reverting runc to an older commit (which does not mess with this file), everything starts up properly.


Answer questions kolyshkin

Oh OK I got it!

yum downgrade container-selinux
  container-selinux.noarch 2:2.74-1.el7                                                                                                                                                                                                       

[root@kir-ce75-gd ~]# docker run hello-world
docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:430: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown.
ERRO[0000] error waiting for container: context canceled 

Related questions

Swarm restarts all containers hot 2
integration: "error reading the kernel parameter" errors during CI hot 2
can not successfully install docker-ce on ubuntu 16.04 ? why ,Can you help me? hot 1
OCI runtime exec failed: exec failed: cannot exec a container that has stopped: unknown hot 1
Allow COPY command's --chown to be dynamically populated via ENV or ARG hot 1
windowsRS1 and windowsRS5-process are failing due to "Unable to delete '\gopath\src\\docker\docker" hot 1
Panic: runtime error: invalid memory address or nil pointer dereference hot 1
Error response from daemon: rpc error: code = DeadlineExceeded desc = context deadline exceeded hot 1
one container in the overlay network not available hot 1
Containers on overlay network cannot reach other containers hot 1
[Windows] windowsfilter folder impossible to delete hot 1
swarm node lost leader status hot 1
New-SmbGlobalMapping don't continued working in Container hot 1
failed to export image: failed to create image: failed to get layer: layer does not exist hot 1
"docker stack deploy">"rpc error: code = 3 desc = name must be valid as a DNS name component" hot 1
Github User Rank List