container-storage-setup Fix selinux file labels when set CONTAINER_ROOT_LV_MOUNT_PATH to a directory other than /var/lib/docker

Fix selinux file labels when set CONTAINER_ROOT_LV_MOUNT_PATH to a directory other than /var/lib/docker

Open ghost opened this issue 8 years ago • 3 comments

If people use CONTAINER_ROOT_LV_MOUNT_PATH for c-s-s to mount docker runtime storage into places other than /var/lib/docker, they expect that selinux file labels there are set correctly.

Aug 11 '17 18:08 ghost

@rhatdan Do you know what needs to be done here?

Aug 14 '17 14:08 rhvgoyal

We should set an equivalence label to the label in docker.

semanage fcontext -a -e /var/lib/docker DESTPATH restorecon -R -v DESTPATH

Aug 14 '17 15:08 rhatdan

You would also need to make sure that you use the context= in /etc/fstab to make sure the correct selinux context is applied when the volume is remounted, otherwise you'll wind up with tons of restorecond errors on remounts/reboots.

Oct 19 '17 20:10 LongLiveCHIEF

container-storage-setup container-storage-setup copied to clipboard

Fix selinux file labels when set CONTAINER_ROOT_LV_MOUNT_PATH to a directory other than /var/lib/docker

container-storage-setup
container-storage-setup copied to clipboard