Hi everyone,
I just installed CoreOS for the first time and tried deploying a couple of docker containers.
However since I had some permission issues with mounts and the containers won’t run in production anyways I disabled SELinux in /etc/selinux/config.
After rebooting I noticed the containers were not starting anymore, dmesg shows this:
[ 17.613759] overlayfs: unrecognized mount option "context="system_u:object_r:container_file_t:s0:c123" or missing value
[ 17.613844] overlayfs: unrecognized mount option "context="system_u:object_r:container_file_t:s0:c25" or missing value
I tried removing --selinux-enabled from /etc/sysconfig/docker, but that didn’t help, only setting SELinux to permissive fixed the issue, which causes a lot of audit message spam in the logs however.
I only found this stale bug report 199257 – selinux options too optional describing the same issue, apparently since the selinux-context isn’t intercepted by SELinux anymore, the option is getting passed to the FS which is complaining about the unknown mount option.
Is there a way to fix this? I know I could just set up SELinux correctly, but for a quick and easy development VM it would still be nice to be able to just disable SELinux.
Update: To anyone coming here with a similar issue - maybe it’s just easiest to set it up correctly.
Run containers that need access to /var/run/docker.sock with --privileged (SELinux should and does BLOCK access to Docker socket: danwalsh — LiveJournal)
Mount other files/folders with :z and :Z according to Bind mounts