adb-atomic-developer-bundle icon indicating copy to clipboard operation
adb-atomic-developer-bundle copied to clipboard

Published 20 hours ago verified publisher icon projectatomic

SELinux setting should be permissive for origin vagrantfile

Open praveenkumar opened this issue 9 years ago • 5 comments

If we have SELinux in enforcing mode then when we try to copy 'oc/oadm' binary then below response get from docker when execute origin vagrantfile.

==> default: [INFO] Copy the OpenShift 'oc' binary to host /usr/bin/oc...
==> default: permission denied
==> default: Error response from daemon: Cannot start container 569b1fa9335e496abbef793279ddc6175e8ea2244648ba3edf56ccbffec2ba3b: [8] System error: permission denied
==> default: [INFO] Copy the OpenShift 'oadm' binary to host /usr/bin/oadm...
==> default: permission denied
==> default: Error response from daemon: Cannot start container 24b724c9cb8d3cff1d46fe1759be5092e6215ac50fb5fe93229b186847299b68: [8] System error: permission denied

praveenkumar avatar Dec 15 '15 15:12 praveenkumar

We need to set selinux to permissive mode as I am seeing issue with normal docker run

[vagrant@centos7-adb ~]$ docker run -i -t centos bash
Unable to find image 'centos:latest' locally
Trying to pull repository docker.io/library/centos ... latest: Pulling from library/centos
47d44cb6f252: Pull complete 
168a69b62202: Pull complete 
812e9d9d677f: Pull complete 
4234bfdd88f8: Pull complete 
ce20c473cd8a: Pull complete 
Digest: sha256:c96eeb93f2590858b9e1396e808d817fa0ba4076c68b59395445cb957b524408
Status: Downloaded newer image for docker.io/centos:latest

permission denied
Error response from daemon: Cannot start container b5a03b77e9590b03d602ac6640fc972183b143c497bb1d7fcf440f6b814d79d2: [8] System error: permission denied
[vagrant@centos7-adb ~]$

The issue looked like https://bugzilla.redhat.com/show_bug.cgi?id=1281805, hence I have tried reinstall docker-selinux but it did not help. Needs more investigation

LalatenduMohanty avatar Dec 15 '15 19:12 LalatenduMohanty

@praveenkumar : stopping docker daemon -> reinstalling the docker-selinux pkg -> restarting the docker . fixes the issue . So it is exactly sounds like https://bugzilla.redhat.com/show_bug.cgi?id=1281805

LalatenduMohanty avatar Dec 16 '15 07:12 LalatenduMohanty

@LalatenduMohanty It mean same fix is not went to centos base. @kbsingh can you help us out here?

praveenkumar avatar Dec 16 '15 09:12 praveenkumar

@LalatenduMohanty looks like we still don't have solved it in base, can we ask from centos team to resolve this (we don't have this in CDK anymore). https://github.com/projectatomic/adb-atomic-developer-bundle/blob/master/build_tools/kickstarts/centos-7-adb-vagrant.ks#L69-L72

praveenkumar avatar Mar 21 '16 04:03 praveenkumar

Another bugzilla issue filled for it: https://bugzilla.redhat.com/show_bug.cgi?id=1336857

praveenkumar avatar Jun 03 '16 06:06 praveenkumar