-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
girder_worker errors when dockerd is run with --selinux-enabled #116
Comments
I don't fully remember how SELinux works (or doesn't), but if we were planning on targeting RedHat platforms in the future it might make sense to distribute a policy module along with it. @mathstuf might know more. |
(Shot in the dark) The
|
Thanks @mathstuf , we indeed were not adding that option. Worth trying out to see if using that makes it work with SELinux enabled. |
If I change the relevant part of @@ -87,7 +87,7 @@ def task_cleanup(e):
if e.info['task']['mode'] == 'docker' and '_tempdir' in e.info['kwargs']:
tmpdir = e.info['kwargs']['_tempdir']
cmd = [
- 'docker', 'run', '--rm', '-v', '%s:%s' % (tmpdir, DATA_VOLUME),
+ 'docker', 'run', '--rm', '-v', '%s:%s:Z' % (tmpdir, DATA_VOLUME),
'busybox', 'chmod', '-R', 'a+rw', DATA_VOLUME
]
p = subprocess.Popen(args=cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
Running
girder_worker
with thedocker
plugin enabled whendockerd
was started with the flag--selinux-enabled
results in errors relating to file access and chmod when attempting to run a container. Cf. the output below. Startingdockerd
without this flag results in a clean run.The text was updated successfully, but these errors were encountered: