https://bugzilla.redhat.com/show_bug.cgi?id=1221688
Bug ID: 1221688
Summary: Docker fails mounting a volume as readonly on files
located under /usr
Product: Red Hat Enterprise Linux 7
Version: 7.1
Component: docker
Severity: high
Priority: high
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected], [email protected],
[email protected],
[email protected], [email protected],
[email protected], [email protected],
[email protected], [email protected],
[email protected], [email protected],
[email protected], [email protected],
[email protected], [email protected], [email protected],
[email protected], [email protected]
Depends On: 1216151
Group: redhat
+++ This bug was initially created as a clone of Bug #1216151 +++
Description of problem:
Docker fails to run a container with a volume on files located under /usr (or
on symbolic link to files located under /usr) if the ":ro" specification is
used to mount it as readonly
Version-Release number of selected component (if applicable):
docker-io-1.6.0-2.git3eac457.fc21.x86_64
How reproducible: 100%
Steps to Reproduce:
1. install docker package docker-io-1.6.0-2.git3eac457.fc21.x86_64
2. restart the docker service
3. run the following command
docker run -ti -v /etc/localtime:/etc/localtime:ro busybox echo hello
Actual results:
get exit code 1
and message FATA[0000] Error response from daemon: Cannot start container
4bb87515e4eb828b295eb4718a7159c958a1154ed839b29fd213a597b91a200e: [8] System
error: Relabeling content in /usr is not allowed.
Expected results:
get exit code 0
and message "hello"
Additional info:
please refer to initial bug report on docker repository at github
https://github.com/docker/docker/issues/12811
--- Additional comment from colin on 2015-05-12 17:48:40 EDT ---
I see this also on F22
[root@kvm124 ~]# rpm -q docker
docker-1.6.0-3.git9d26a07.fc22.x86_64
This no longer works
docker run -d --sig-proxy --name $CT_name --net=none \
-v /etc/localtime:/etc/localtime:ro \
Editing out the :ro stops the Failure
docker run -d --sig-proxy --name $CT_name --net=none \
-v /etc/localtime:/etc/localtime \
FATA[0000] Error response from daemon: Cannot start container
925387bd2b2988b1a10ff87e68e188f3a579e68d3d5fc1f31d40a648cd9cb6d2: [8] System
error: Relabeling content in /usr is not allowed.
-------------------------------------------
Cloning this to RHEL as I didn't see a RHEL BZ for this.
This also affects RHEL Atomic Host 7.1.2.
Version:
docker-1.6.0-11.el7.x86_64
How reproducible:
100%
Steps to reproduce:
1. Use the :ro parameter when volume mounting something like /etc/localtime to
a container
Actual results:
# docker run --rm -ti -v /etc/localtime:/etc/localtime:ro rhel7 /bin/bash
Timestamp: 2015-05-14 09:24:34.832162133 -0400 EDT
Code: System error
Message: Relabeling content in /usr is not allowed.
Frames:
---
0: setupRootfs
Package: github.com/docker/libcontainer
File: rootfs_linux.go@34
---
1: Init
Package: github.com/docker/libcontainer.(*linuxStandardInit)
File: standard_init_linux.go@52
---
2: StartInitialization
Package: github.com/docker/libcontainer.(*LinuxFactory)
File: factory_linux.go@223
---
3: initializer
Package: FATA[0002] Error response from daemon: Cannot start container
7be2ae04a120232345b5edbf18e487965b5418bb1ee9354e406d7b9f675c6091: [8] System
error: Relabeling content in /usr is not allowed.
Excepted results:
Container should start normally
Additional notes:
As mentioned in the Fedora bug, removing the :ro will allow the container to
start, however this is not desirable for things like /etc/localtime as we don't
want the container to be able to change that.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1216151
[Bug 1216151] Docker fails mounting a volume as readonly on files located
under /usr
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
golang mailing list
[email protected]
https://lists.fedoraproject.org/mailman/listinfo/golang
