On Fri, Jun 1, 2018 at 9:49 PM Daniel Walsh <dwa...@redhat.com> wrote:
> On 06/01/2018 01:52 PM, arnaud gaboury wrote: > > > > On Fri, Jun 1, 2018 at 7:46 PM Daniel Walsh <dwa...@redhat.com> wrote: > >> On 06/01/2018 01:44 PM, arnaud gaboury wrote: >> >> >> >> On Fri, Jun 1, 2018 at 7:12 PM Daniel Walsh <dwa...@redhat.com> wrote: >> >>> On 06/01/2018 01:08 PM, arnaud gaboury wrote: >>> >>> >>> >>> On Fri, Jun 1, 2018 at 6:53 PM Daniel Walsh <dwa...@redhat.com> wrote: >>> >>>> On 06/01/2018 12:33 PM, arnaud gaboury wrote: >>>> >>>> >>>> >>>> On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury <arnaud.gabo...@gmail.com> >>>> wrote: >>>> >>>>> On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh <dwa...@redhat.com> wrote: >>>>> >>>>>> On 06/01/2018 12:07 PM, arnaud gaboury wrote: >>>>>> >>>>>> >>>>>> >>>>>> On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh <dwa...@redhat.com> >>>>>> wrote: >>>>>> >>>>>>> On 06/01/2018 10:58 AM, arnaud gaboury wrote: >>>>>>> > I am switching from fedora server to Atomic. >>>>>>> > >>>>>>> > In the old world, my "/etc/sysconfig/docker" file had the content: >>>>>>> > OPTIONS="--selinux-enable" >>>>>>> > Now, after running the script container-storage-setup to create a >>>>>>> thin >>>>>>> > pool volume, the file with options is now >>>>>>> > "/etc/sysconfig/docker-storage" and has the following content: >>>>>>> > --------------------- >>>>>>> > DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper >>>>>>> --storage-opt >>>>>>> > dm.fs=xfs --storage-opt >>>>>>> > dm.thinpooldev=/dev/mapper/vg--docker-docker--pool --storage-opt >>>>>>> > dm.use_deferred_removal=true --storage-opt >>>>>>> dm.use_deferred_deletion=true " >>>>>>> > --------------------- >>>>>>> > >>>>>>> > Nothing about SELinux. Is it expected? Shall I write this option >>>>>>> > somewhere else? >>>>>>> > >>>>>>> > Thank you. >>>>>>> >>>>>>> I think it should have that flag. If you run a container what does >>>>>>> cat >>>>>>> /proc/self/attr/current show? >>>>>>> >>>>>> >>>>>> ------------------------ >>>>>> # docker run hello-world >>>>>> ......... >>>>>> # cat /proc/self/attr/current >>>>>> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023# >>>>>> ---------------------------- >>>>>> >>>>>> Should have been more clear >>>>>> >>>>>> docker run fedora cat /proc/self/attr/current >>>>>> >>>>> What does this command show? >>>> >>>> Of course I would prefer >>>>>> >>>>>> podman run fedora cat /proc/self/attr/current >>>>>> >>>>> >>>>> I didn't know this command...so many new stuff to learn ! >>>>> >>>> >>>> ------------------ >>>> % man podman >>>> No manual entry for podman >>>> -------------------- >>>> >>>> :-( snif >>>> >>>> >>>>> Thats weird. >>>> >>>> rpm -q podman >>>> podman-0.5.4-1.git1f2e2a2.fc28.x86_64 >>>> >>>> Their should be man pages. You doing this on atomic host? >>>> >>> >>> YES. >>> >>> Atomic host excludes man pages. >>> You can read lots of docs on podman at >>> https://github.com/projectatomic/libpod/ >>> >>> Man pages are here >>> https://github.com/projectatomic/libpod/blob/master/commands.md >>> >>> You never showed me the output of the docker command. >>> >> > Sorry for this confusion > > ---------------------------- > root@control2➤➤ ~ # docker run fedora cat /proc/self/attr/current > Unable to find image 'fedora:latest' locally > latest: Pulling from library/fedora > e71c36a80ba9: Pull complete > Digest: > sha256:7ae08e5637170eb47c01e315b6e64e0d48c6200d2942c695d0bee61b38c65b39 > Status: Downloaded newer image for fedora:latest > system_u:system_r:spc_t:s0# > > Ok that indicates SELinux is disabled in the daemon. Adding back the > --selinux-enabled will fix this issue. > where? In /etc/sysconfig/docker? Or is there a new config file in Atomic to set this option? > Lokesh, Franticek, the docker we are shipping on atomic host does not have > SELinux enabled? > > > -------------------------------------------- > >> >> I did in one previous email (06:25) >> >> --------------------------------- >> # podman run fedora cat /proc/self/attr/current >> Trying to pull docker.io/fedora:latest...Getting image source signatures >> Copying blob >> sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774 >> 82.57 MB / 82.57 MB >> [=====================================================] 20s >> Copying config >> sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7 >> 2.29 KB / 2.29 KB >> [========================================================] 0s >> Writing manifest to image destination >> Storing signatures >> system_u:system_r:container_t:s0:c377,c551# >> --------------------------------------------- >> >> Thats the output of podman, I need docker. >> > >
