SELinux does not permit coursera_autograder by default

[m-czernek]

By default, SELinux prevents accessing the mounted files to the Docker registry:

[vagrant@fedora DemoPythonGrader]$ sudo setenforce 1
[vagrant@fedora DemoPythonGrader]$ sudo coursera_autograder grade local pythongrader sample-submissions/sample-flipSign/ '{"partId":"5ShhY", "fileName":"flipSign.py"}' --dst-dir ~/test
ERROR:root:Problem when running command. Sorry!
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/docker/client.py", line 170, in _raise_for_status
    response.raise_for_status()
  File "/usr/lib/python3.9/site-packages/requests/models.py", line 943, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 404 Client Error: Not Found for url: http+docker://localunixsocket/v1.41/containers/1e3ce5127b91fde73b600edb7188955b8675fd9a8b8415b6ce4f5722dc05ffd2/archive?path=%2Fshared%2Ffeedback.json

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/coursera_autograder/main.py", line 113, in main
    return args.func(args)
  File "/usr/local/lib/python3.9/site-packages/coursera_autograder/commands/grade.py", line 182, in command_grade_local
    run_container(d, container, args)
  File "/usr/local/lib/python3.9/site-packages/coursera_autograder/commands/grade.py", line 54, in run_container
    get_feedback(docker, container, "feedback.json", args.dst_dir)
  File "/usr/local/lib/python3.9/site-packages/coursera_autograder/commands/grade.py", line 42, in get_feedback
    raw_stream, status = docker.get_archive(container, "/shared/" + file_name)
  File "/usr/local/lib/python3.9/site-packages/docker/utils/decorators.py", line 21, in wrapped
    return f(self, resource_id, *args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/docker/utils/decorators.py", line 35, in wrapper
    return f(self, *args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/docker/api/container.py", line 187, in get_archive
    self._raise_for_status(res)
  File "/usr/local/lib/python3.9/site-packages/docker/client.py", line 173, in _raise_for_status
    raise errors.NotFound(e, response, explanation=explanation)
docker.errors.NotFound: 404 Client Error: Not Found ("b'{"message":"Could not find the file /shared/feedback.json in container 1e3ce5127b91fde73b600edb7188955b8675fd9a8b8415b6ce4f5722dc05ffd2"}'")

When you turn SELinux off, Docker gets access to the mounted files:

[vagrant@fedora DemoPythonGrader]$ sudo setenforce 0
[vagrant@fedora DemoPythonGrader]$ sudo coursera_autograder grade local pythongrader sample-submissions/sample-flipSign/ '{"partId":"5ShhY", "fileName":"flipSign.py"}' --dst-dir ~/test
INFO:root:Start of standard error:
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
INFO:root:End of standard error
Grader output:
================================================================================
{"fractionalScore": 1.0, "feedback": "Great job! You passed all test cases."}
================================================================================

I suspect you're mounting a volume without proper SELinux labels. If you change the volume to use the :Z flag, like -v path:path:Z, that should fix the issue. This should not cause any issues on non-SELinux boxes (but of course please test that :) )