On 06/01/2018 04:31 PM, arnaud gaboury wrote:
On Fri, Jun 1, 2018 at 9:49 PM Daniel Walsh <dwa...@redhat.com
<mailto:dwa...@redhat.com>> wrote:
On 06/01/2018 01:52 PM, arnaud gaboury wrote:
On Fri, Jun 1, 2018 at 7:46 PM Daniel Walsh <dwa...@redhat.com
<mailto:dwa...@redhat.com>> wrote:
On 06/01/2018 01:44 PM, arnaud gaboury wrote:
On Fri, Jun 1, 2018 at 7:12 PM Daniel Walsh
<dwa...@redhat.com <mailto:dwa...@redhat.com>> wrote:
On 06/01/2018 01:08 PM, arnaud gaboury wrote:
On Fri, Jun 1, 2018 at 6:53 PM Daniel Walsh
<dwa...@redhat.com <mailto:dwa...@redhat.com>> wrote:
On 06/01/2018 12:33 PM, arnaud gaboury wrote:
On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury
<arnaud.gabo...@gmail.com
<mailto:arnaud.gabo...@gmail.com>> wrote:
On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh
<dwa...@redhat.com <mailto:dwa...@redhat.com>>
wrote:
On 06/01/2018 12:07 PM, arnaud gaboury wrote:
On Fri, Jun 1, 2018 at 5:04 PM Daniel
Walsh <dwa...@redhat.com
<mailto:dwa...@redhat.com>> wrote:
On 06/01/2018 10:58 AM, arnaud
gaboury wrote:
> I am switching from fedora server
to Atomic.
>
> In the old world, my
"/etc/sysconfig/docker" file had the
content:
> OPTIONS="--selinux-enable"
> Now, after running the script
container-storage-setup to create a thin
> pool volume, the file with options
is now
> "/etc/sysconfig/docker-storage" and
has the following content:
> ---------------------
>
DOCKER_STORAGE_OPTIONS="--storage-driver
devicemapper --storage-opt
> dm.fs=xfs --storage-opt
>
dm.thinpooldev=/dev/mapper/vg--docker-docker--pool
--storage-opt
> dm.use_deferred_removal=true
--storage-opt
dm.use_deferred_deletion=true "
> ---------------------
>
> Nothing about SELinux. Is it
expected? Shall I write this option
> somewhere else?
>
> Thank you.
I think it should have that flag. If
you run a container what does cat
/proc/self/attr/current show?
------------------------
# docker run hello-world
.........
# cat /proc/self/attr/current
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#
----------------------------
Should have been more clear
docker run fedora cat /proc/self/attr/current
What does this command show?
Of course I would prefer
podman run fedora cat /proc/self/attr/current
I didn't know this command...so many new stuff
to learn !
------------------
% man podman
No manual entry for podman
--------------------
:-( snif
Thats weird.
rpm -q podman
podman-0.5.4-1.git1f2e2a2.fc28.x86_64
Their should be man pages. You doing this on atomic
host?
YES.
Atomic host excludes man pages.
You can read lots of docs on podman at
https://github.com/projectatomic/libpod/
Man pages are here
https://github.com/projectatomic/libpod/blob/master/commands.md
You never showed me the output of the docker command.
Sorry for this confusion
----------------------------
root@control2➤➤ ~ # docker run fedora cat /proc/self/attr/current
Unable to find image 'fedora:latest' locally
latest: Pulling from library/fedora
e71c36a80ba9: Pull complete
Digest:
sha256:7ae08e5637170eb47c01e315b6e64e0d48c6200d2942c695d0bee61b38c65b39
Status: Downloaded newer image for fedora:latest
system_u:system_r:spc_t:s0#
Ok that indicates SELinux is disabled in the daemon. Adding back
the --selinux-enabled will fix this issue.
where? In /etc/sysconfig/docker? Or is there a new config file in
Atomic to set this option?
Still in /etc/sysconfig/docker, then restart docker service and the
docker run line should show you container_t rather then spc_t.
Lokesh, Franticek, the docker we are shipping on atomic host does
not have SELinux enabled?
--------------------------------------------
I did in one previous email (06:25)
---------------------------------
# podman run fedora cat /proc/self/attr/current
Trying to pull docker.io/fedora:latest...Getting
<http://docker.io/fedora:latest...Getting> image source
signatures
Copying blob
sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
82.57 MB / 82.57 MB
[=====================================================] 20s
Copying config
sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
2.29 KB / 2.29 KB
[========================================================] 0s
Writing manifest to image destination
Storing signatures
system_u:system_r:container_t:s0:c377,c551#
---------------------------------------------
Thats the output of podman, I need docker.
