Systemd in docker (moby-engine) not running with SELinux enforced

Hello there,

I’m running a docker-compose file with the moby-engine provided by the fedora repositories. This container mounts /sys/fs/cgroup:/sys/fs/cgroup:ro in order to use systemd inside the container. Everything works fine if I issue a sudo setenforce 0 to disable SELinux. But if SELinux is running, I get a Failed to get D-Bus connection: Operation not permitted if I issue a systemctl status inside the container.

I think this was not happening with the docker engine provided by Docker. Am I missing anything ? Is there some SELinux options to be set with moby-engine ?

Please note that I’m running Kinoite if that’s any indication.

I just want to give my though. Yesterday actually my firs time trying docker after read your post here and I follow Fedora Magazine for step by step guide.

By only following the guide from Fedoram Magazine, I was able to run systemctl -a (since from the example only give me super minimal debian linux image, I need to install systemctl from the repos to be able to use it).

sudo docker exec -it <docker-id> su
root@<docker-di>:/# systemctl -a

Maybe what happen to you, if not running with su, you need coustomize the config related to permission inside the container.

By the way, I also check with sudo docker exec -it <docker-id> ls /sys/fs/, there already cgroup presented without any customization.

Update:

I use Fedora Workstation.

Hi @oprizal,

Thanks for taking the time to answer. I’ve taken a look at the Fedora Magazine article. Did you use the Fedora way or the Docker way ? Namely, did you install moby-engine or the RPM’s from Docker ?

I use Fedora Way, with moby-engine and docker-compose, also with lazydocker.