moby: SELinux relabeling of NFS volumes is not allowed since 1.12.3

Description

Using a NFS volume with SELinux enabled for Docker can return the following error when starting a container.

Steps to reproduce the issue:

  1. docker volume create -d local --name nfstest --opt type=nfs --opt o=addr=x.x.x.x,rw,actimeo=0,sync --opt device=:/nfs/test
  2. docker run --rm -ti -v nfstest:/mnt --name test alpine "/bin/sh"

Describe the results you received: Received the error docker: Error response from daemon: SELinux relabeling of /var/lib/docker/volumes/footest/_data is not allowed: "operation not supported".

Describe the results you expected: Successfully runs the container

Additional information you deem important (e.g. issue happens only occasionally): Seems to be caused by https://github.com/docker/docker/pull/23024 - only affects all Docker engines 1.12.4 onwards

Use nocopy for the volume as a workaround to this issue.

Error thrown originates from https://github.com/opencontainers/go-selinux/blob/master/label/label_selinux.go#L145

Additional environment details (AWS, VirtualBox, physical, etc.): RHEL 7.3, NetApp NFS storage.

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 18 (10 by maintainers)

Most upvoted comments

@cpuguy83 Volume options –mount type=volume,src=test,dst=/data,volume-driver=convoy.

+1
adityacs on Mar 13, 2017
Read more comments on GitHub
← moby: Segmentation Fault with docker 1.12.4 on Raspberry Pi
moby: ServeAPI error: is a directory →