Joined: 26 Dec 2018
|Posted: Wed Dec 26, 2018 8:49 pm Post subject: Docker and SELinux
I am running an MCS SELinux Policy and want to use SELinux enabled docker.
For the purposes of debugging, I have turned SELinux to Permissive mode, but I need to run it in Enforcing mode eventually.
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mcs
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: denied
Memory protection checking: requested (insecure)
Max kernel policy version: 31
~# equery l docker
* Searching for docker ...
[IP-] [ ] app-emulation/docker-18.09.0:0
~# emerge -p docker
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild R ] app-emulation/docker-18.09.0::gentoo USE="container-init hardened overlay seccomp -apparmor -aufs -btrfs -device-mapper -pkcs11" 0 KiB
Total: 1 package (1 reinstall), Size of downloads: 0 KiB
I am starting docker with the following command
|~# dockerd --selinux-enabled --storage-driver zfs --graph /var/lib/docker |
I get the error, even in Permissive mode:
WARN[2018-12-26T18:21:49.525616242Z] Docker could not enable SELinux on the host system
Has anyone else managed to get docker to run with SELinux enabled?
Do I need to install a particular security policy?