Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix selinux file labels when set CONTAINER_ROOT_LV_MOUNT_PATH to a directory other than /var/lib/docker #251

Open
ghost opened this issue Aug 11, 2017 · 3 comments
Open

Fix selinux file labels when set CONTAINER_ROOT_LV_MOUNT_PATH to a directory other than /var/lib/docker #251

ghost opened this issue Aug 11, 2017 · 3 comments

Comments

@ghost
Copy link

ghost commented Aug 11, 2017

If people use CONTAINER_ROOT_LV_MOUNT_PATH for c-s-s to mount docker runtime storage into places other than /var/lib/docker, they expect that selinux file labels there are set correctly.
@rhvgoyal
Copy link
Collaborator

@rhatdan Do you know what needs to be done here?

@rhatdan
Copy link
Member

rhatdan commented Aug 14, 2017

We should set an equivalence label to the label in docker.

semanage fcontext -a -e /var/lib/docker DESTPATH
restorecon -R -v DESTPATH

@LongLiveCHIEF
Copy link

You would also need to make sure that you use the context= in /etc/fstab to make sure the correct selinux context is applied when the volume is remounted, otherwise you'll wind up with tons of restorecond errors on remounts/reboots.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rhatdan @LongLiveCHIEF @rhvgoyal