I just installed CoreOS for the first time and tried deploying a couple of docker containers.
However since I had some permission issues with mounts and the containers won’t run in production anyways I disabled SELinux in
After rebooting I noticed the containers were not starting anymore, dmesg shows this:
[ 17.613759] overlayfs: unrecognized mount option "context="system_u:object_r:container_file_t:s0:c123" or missing value
[ 17.613844] overlayfs: unrecognized mount option "context="system_u:object_r:container_file_t:s0:c25" or missing value
I tried removing
/etc/sysconfig/docker, but that didn’t help, only setting SELinux to permissive fixed the issue, which causes a lot of audit message spam in the logs however.
I only found this stale bug report https://bugzilla.kernel.org/show_bug.cgi?id=199257 describing the same issue, apparently since the selinux-context isn’t intercepted by SELinux anymore, the option is getting passed to the FS which is complaining about the unknown mount option.
Is there a way to fix this? I know I could just set up SELinux correctly, but for a quick and easy development VM it would still be nice to be able to just disable SELinux.
Update: To anyone coming here with a similar issue - maybe it’s just easiest to set it up correctly.
Run containers that need access to
Mount other files/folders with
:Z according to https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label