subject:"\[atomic\-devel\] docker optionsin \/etc\/sysconfig\/docker"

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-03 Thread arnaud gaboury

On Sun, Jun 3, 2018 at 12:31 PM Daniel Walsh  wrote:

> On 06/02/2018 12:29 PM, arnaud gaboury wrote:
>
>
>
> On Sat, Jun 2, 2018 at 4:21 PM Colin Walters  wrote:
>
>>
>>
>> On Sat, Jun 2, 2018, at 8:30 AM, arnaud gaboury wrote:
>> >
>> >  # systemctl edit docker.service
>> > [Service]
>> > Execstart=
>> > ExecStart=/usr/bin/dockerd --selinux-enabled
>> > # systemctl restart docker
>> > # docker run fedora cat /proc/self/attr/current
>> > system_u:system_r:container_t:s0:c81,c142#
>>
>> See:
>> /usr/lib/systemd/system/docker.service
>> You need all that stuff in the default ExecStart= to have the config
>> files work.
>>
>
> I am confused between /etc/sysconfig/docker and /etc/docker/daemon.json.
> It seems to me there is some redundancy. As a note, I run Arch and the
> /etc/sysconfig has been removed since long.
> After some tests:
>
> --
> 1- no /etc/docker/daemon.json, no /etc/sysconfig/docker, no docker.service
> override
> # docker run fedora cat /proc/self/attr/current
> system_u:system_r:spc_t:s0#
> 2- no /etc/docker/daemon.json, no /etc/sysconfig/docker, docker.service
> override
> # docker run fedora cat /proc/self/attr/current
> system_u:system_r:container_t:s0:c499,c950#
> 3- /etc/docker/daemon.json, no /etc/sysconfig/docker, no docker.service
> override
> # docker run fedora cat /proc/self/attr/current
> system_u:system_r:container_t:s0:c471,c600#
> 4- no /etc/docker/daemon.json, /etc/sysconfig/docker, no docker.service
> override
> # docker run fedora cat /proc/self/attr/current
> system_u:system_r:spc_t:s0#
> -
>
> As you can see, some settings will not work. As for my "test", solution 3
> (/etc/docker/daemon.json, no /etc/sysconfig/docker, no docker.service
> override) is the one I will use.
>
>
> Ok you can add the selinux-enabled field to /etc/docker/daemon.json
> (Although I am not aware of the syntax.)  I thought you were doing this
> testing with the Projectatomic/docker.  It looks like you are working with
> the upstream docker-ce, which I am sad to say seems to not enable selinux
> by default at least on Arch.
>

No, there is a misunderstood. My home box is an Arch and this distro has
removed the /etc/sysconfig directory since a while now. Nothing to do with
docker. Btw, Arch is not SELinux compatible. I just wanted to point this
directory is quite useless and can be removed.

My servers are for now Fedora28 , but I plan to install Atomic on all my
Kubernetes cluster nodes. Before going further, I am currently playing with
one VM with Atomic. Here are the rpm I used to install docker-ce:
docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm
docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm

I couldn't find 17.03 for Fedora on Docker page. I was able to create a
working Kubernetes cluster with 17.12, maybe shall I use it indeed.

---
# dnf list docker-ce  --showduplicates | sort -r

docker-ce.x86_64   18.03.1.ce-1.fc27
docker-ce-stable
docker-ce.x86_64   18.03.0.ce-1.fc27
docker-ce-stable
docker-ce.x86_64   17.12.1.ce-1.fc27
docker-ce-stable
docker-ce.x86_64   17.12.0.ce-1.fc27
docker-ce-stable
docker-ce.x86_64   17.12.0.ce-1.fc27
@docker-ce-stable
docker-ce.x86_64   17.12.0.ce-1.fc27
@docker-ce-stable
-

So to close this thread, I added the selinux option in my
/etc/docker/daemon.json as it seems to me the best place compared to
service file or /etc/sysconfig/docker.

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-03 Thread Daniel Walsh

On 06/02/2018 12:29 PM, arnaud gaboury wrote:

On Sat, Jun 2, 2018 at 4:21 PM Colin Walters > wrote:

On Sat, Jun 2, 2018, at 8:30 AM, arnaud gaboury wrote:
>
>  # systemctl edit docker.service
> [Service]
> Execstart=
> ExecStart=/usr/bin/dockerd --selinux-enabled
> # systemctl restart docker
> # docker run fedora cat /proc/self/attr/current
> system_u:system_r:container_t:s0:c81,c142#

See:
/usr/lib/systemd/system/docker.service
You need all that stuff in the default ExecStart= to have the
config files work.

I am confused between /etc/sysconfig/docker and 
/etc/docker/daemon.json. It seems to me there is some redundancy. As a 
note, I run Arch and the /etc/sysconfig has been removed since long.

After some tests:

--
1- no /etc/docker/daemon.json, no /etc/sysconfig/docker, no 
docker.service override

# docker run fedora cat /proc/self/attr/current
system_u:system_r:spc_t:s0#
2- no /etc/docker/daemon.json, no /etc/sysconfig/docker, 
docker.service override

# docker run fedora cat /proc/self/attr/current
system_u:system_r:container_t:s0:c499,c950#
3- /etc/docker/daemon.json, no /etc/sysconfig/docker, no 
docker.service override

# docker run fedora cat /proc/self/attr/current
system_u:system_r:container_t:s0:c471,c600#
4- no /etc/docker/daemon.json, /etc/sysconfig/docker, no 
docker.service override

# docker run fedora cat /proc/self/attr/current
system_u:system_r:spc_t:s0#
-

As you can see, some settings will not work. As for my "test", 
solution 3 (/etc/docker/daemon.json, no /etc/sysconfig/docker, no 
docker.service override) is the one I will use.

Ok you can add the selinux-enabled field to /etc/docker/daemon.json 
(Although I am not aware of the syntax.) I thought you were doing this 
testing with the Projectatomic/docker.  It looks like you are working 
with the upstream docker-ce, which I am sad to say seems to not enable 
selinux by default at least on Arch.

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-02 Thread arnaud gaboury

On Sat, Jun 2, 2018 at 4:21 PM Colin Walters  wrote:

>
>
> On Sat, Jun 2, 2018, at 8:30 AM, arnaud gaboury wrote:
> >
> >  # systemctl edit docker.service
> > [Service]
> > Execstart=
> > ExecStart=/usr/bin/dockerd --selinux-enabled
> > # systemctl restart docker
> > # docker run fedora cat /proc/self/attr/current
> > system_u:system_r:container_t:s0:c81,c142#
>
> See:
> /usr/lib/systemd/system/docker.service
> You need all that stuff in the default ExecStart= to have the config files
> work.
>

I am confused between /etc/sysconfig/docker and /etc/docker/daemon.json. It
seems to me there is some redundancy. As a note, I run Arch and the
/etc/sysconfig has been removed since long.
After some tests:

--
1- no /etc/docker/daemon.json, no /etc/sysconfig/docker, no docker.service
override
# docker run fedora cat /proc/self/attr/current
system_u:system_r:spc_t:s0#
2- no /etc/docker/daemon.json, no /etc/sysconfig/docker, docker.service
override
# docker run fedora cat /proc/self/attr/current
system_u:system_r:container_t:s0:c499,c950#
3- /etc/docker/daemon.json, no /etc/sysconfig/docker, no docker.service
override
# docker run fedora cat /proc/self/attr/current
system_u:system_r:container_t:s0:c471,c600#
4- no /etc/docker/daemon.json, /etc/sysconfig/docker, no docker.service
override
# docker run fedora cat /proc/self/attr/current
system_u:system_r:spc_t:s0#
-

As you can see, some settings will not work. As for my "test", solution 3
(/etc/docker/daemon.json, no /etc/sysconfig/docker, no docker.service
override) is the one I will use.

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-02 Thread Colin Walters




On Sat, Jun 2, 2018, at 8:30 AM, arnaud gaboury wrote:
> 
>  # systemctl edit docker.service
> [Service]
> Execstart=
> ExecStart=/usr/bin/dockerd --selinux-enabled
> # systemctl restart docker
> # docker run fedora cat /proc/self/attr/current
> system_u:system_r:container_t:s0:c81,c142#

See:
/usr/lib/systemd/system/docker.service
You need all that stuff in the default ExecStart= to have the config files work.

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-02 Thread arnaud gaboury

On Sat, Jun 2, 2018 at 2:24 PM arnaud gaboury 
wrote:

> On Sat, Jun 2, 2018 at 2:02 PM arnaud gaboury 
> wrote:
>
>> On Fri, Jun 1, 2018 at 10:36 PM Daniel Walsh  wrote:
>>
>>> On 06/01/2018 04:31 PM, arnaud gaboury wrote:
>>>
>>>
>>>
>>> On Fri, Jun 1, 2018 at 9:49 PM Daniel Walsh  wrote:
>>>
 On 06/01/2018 01:52 PM, arnaud gaboury wrote:



 On Fri, Jun 1, 2018 at 7:46 PM Daniel Walsh  wrote:

> On 06/01/2018 01:44 PM, arnaud gaboury wrote:
>
>
>
> On Fri, Jun 1, 2018 at 7:12 PM Daniel Walsh  wrote:
>
>> On 06/01/2018 01:08 PM, arnaud gaboury wrote:
>>
>>
>>
>> On Fri, Jun 1, 2018 at 6:53 PM Daniel Walsh 
>> wrote:
>>
>>> On 06/01/2018 12:33 PM, arnaud gaboury wrote:
>>>
>>>
>>>
>>> On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury <
>>> arnaud.gabo...@gmail.com> wrote:
>>>
 On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh 
 wrote:

> On 06/01/2018 12:07 PM, arnaud gaboury wrote:
>
>
>
> On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh 
> wrote:
>
>> On 06/01/2018 10:58 AM, arnaud gaboury wrote:
>> > I am switching from fedora server to Atomic.
>> >
>> > In the old world, my "/etc/sysconfig/docker" file had the
>> content:
>> > OPTIONS="--selinux-enable"
>> > Now, after running the script container-storage-setup to create
>> a thin
>> > pool volume, the file with options is now
>> > "/etc/sysconfig/docker-storage" and has the following content:
>> > -
>> > DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper
>> --storage-opt
>> > dm.fs=xfs --storage-opt
>> > dm.thinpooldev=/dev/mapper/vg--docker-docker--pool
>> --storage-opt
>> > dm.use_deferred_removal=true --storage-opt
>> dm.use_deferred_deletion=true "
>> > -
>> >
>> > Nothing about SELinux. Is it expected? Shall I write this
>> option
>> > somewhere else?
>> >
>> > Thank you.
>>
>> I think it should have that flag. If you run a container what
>> does cat
>> /proc/self/attr/current show?
>>
>
> 
> # docker run hello-world
> .
> # cat /proc/self/attr/current
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#
> 
>
> Should have been more clear
>
> docker run fedora cat /proc/self/attr/current
>
 What does this command show?
>>>
>>> Of course I would prefer
>
> podman run fedora cat /proc/self/attr/current
>

 I didn't know this command...so many new stuff to learn !

>>>
>>> --
>>>  % man podman
>>> No manual entry for podman
>>> 
>>>
>>> :-(   snif
>>>
>>>
 Thats weird.
>>>
>>> rpm -q podman
>>> podman-0.5.4-1.git1f2e2a2.fc28.x86_64
>>>
>>> Their should be man pages. You doing this on atomic host?
>>>
>>
>> YES.
>>
>> Atomic host excludes man pages.
>> You can read lots of docs on podman at
>> https://github.com/projectatomic/libpod/
>>
>> Man pages are here
>> https://github.com/projectatomic/libpod/blob/master/commands.md
>>
>> You never showed me the output of the docker command.
>>
>
 Sorry for this confusion

 
 root@control2➤➤ ~ # docker run fedora cat /proc/self/attr/current
 Unable to find image 'fedora:latest' locally
 latest: Pulling from library/fedora
 e71c36a80ba9: Pull complete
 Digest:
 sha256:7ae08e5637170eb47c01e315b6e64e0d48c6200d2942c695d0bee61b38c65b39
 Status: Downloaded newer image for fedora:latest
 system_u:system_r:spc_t:s0#

 Ok that indicates SELinux is disabled in the daemon.  Adding back the
 --selinux-enabled will fix this issue.

>>>
>>> where? In /etc/sysconfig/docker?  Or is there a new config file in
>>> Atomic to set this option?
>>>
>>> Still in /etc/sysconfig/docker, then restart docker service and the
>>> docker run line should show you container_t rather then spc_t.
>>>
>>
>> ---
>> # cat /etc/sysconfig/docker
>> OPTIONS='--selinux-enable'
>> # systemctl start docker
>>  # docker run fedora cat /proc/self/attr/current
>> ...
>> system_u:system_r:spc_t:s0#
>> -
>>
>> doesn't work.
>>
>
>  # systemctl edit docker.service
> [Service]
> Execstart=
> ExecStart=/usr/bin/dockerd --selinux-enabled
> # systemctl restart docker
> # docker run fedora cat /proc/self/attr/current
> system_u:system_r:container_t:s0:c81,c142#
>
> As a temporary worka
>

Sorry for

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-02 Thread arnaud gaboury

On Sat, Jun 2, 2018 at 2:02 PM arnaud gaboury 
wrote:

> On Fri, Jun 1, 2018 at 10:36 PM Daniel Walsh  wrote:
>
>> On 06/01/2018 04:31 PM, arnaud gaboury wrote:
>>
>>
>>
>> On Fri, Jun 1, 2018 at 9:49 PM Daniel Walsh  wrote:
>>
>>> On 06/01/2018 01:52 PM, arnaud gaboury wrote:
>>>
>>>
>>>
>>> On Fri, Jun 1, 2018 at 7:46 PM Daniel Walsh  wrote:
>>>
 On 06/01/2018 01:44 PM, arnaud gaboury wrote:



 On Fri, Jun 1, 2018 at 7:12 PM Daniel Walsh  wrote:

> On 06/01/2018 01:08 PM, arnaud gaboury wrote:
>
>
>
> On Fri, Jun 1, 2018 at 6:53 PM Daniel Walsh  wrote:
>
>> On 06/01/2018 12:33 PM, arnaud gaboury wrote:
>>
>>
>>
>> On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury <
>> arnaud.gabo...@gmail.com> wrote:
>>
>>> On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh 
>>> wrote:
>>>
 On 06/01/2018 12:07 PM, arnaud gaboury wrote:



 On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh 
 wrote:

> On 06/01/2018 10:58 AM, arnaud gaboury wrote:
> > I am switching from fedora server to Atomic.
> >
> > In the old world, my "/etc/sysconfig/docker" file had the
> content:
> > OPTIONS="--selinux-enable"
> > Now, after running the script container-storage-setup to create
> a thin
> > pool volume, the file with options is now
> > "/etc/sysconfig/docker-storage" and has the following content:
> > -
> > DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper
> --storage-opt
> > dm.fs=xfs --storage-opt
> > dm.thinpooldev=/dev/mapper/vg--docker-docker--pool --storage-opt
> > dm.use_deferred_removal=true --storage-opt
> dm.use_deferred_deletion=true "
> > -
> >
> > Nothing about SELinux. Is it expected? Shall I write this option
> > somewhere else?
> >
> > Thank you.
>
> I think it should have that flag. If you run a container what does
> cat
> /proc/self/attr/current show?
>

 
 # docker run hello-world
 .
 # cat /proc/self/attr/current
 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#
 

 Should have been more clear

 docker run fedora cat /proc/self/attr/current

>>> What does this command show?
>>
>> Of course I would prefer

 podman run fedora cat /proc/self/attr/current

>>>
>>> I didn't know this command...so many new stuff to learn !
>>>
>>
>> --
>>  % man podman
>> No manual entry for podman
>> 
>>
>> :-(   snif
>>
>>
>>> Thats weird.
>>
>> rpm -q podman
>> podman-0.5.4-1.git1f2e2a2.fc28.x86_64
>>
>> Their should be man pages. You doing this on atomic host?
>>
>
> YES.
>
> Atomic host excludes man pages.
> You can read lots of docs on podman at
> https://github.com/projectatomic/libpod/
>
> Man pages are here
> https://github.com/projectatomic/libpod/blob/master/commands.md
>
> You never showed me the output of the docker command.
>

>>> Sorry for this confusion
>>>
>>> 
>>> root@control2➤➤ ~ # docker run fedora cat /proc/self/attr/current
>>> Unable to find image 'fedora:latest' locally
>>> latest: Pulling from library/fedora
>>> e71c36a80ba9: Pull complete
>>> Digest:
>>> sha256:7ae08e5637170eb47c01e315b6e64e0d48c6200d2942c695d0bee61b38c65b39
>>> Status: Downloaded newer image for fedora:latest
>>> system_u:system_r:spc_t:s0#
>>>
>>> Ok that indicates SELinux is disabled in the daemon.  Adding back the
>>> --selinux-enabled will fix this issue.
>>>
>>
>> where? In /etc/sysconfig/docker?  Or is there a new config file in Atomic
>> to set this option?
>>
>> Still in /etc/sysconfig/docker, then restart docker service and the
>> docker run line should show you container_t rather then spc_t.
>>
>
> ---
> # cat /etc/sysconfig/docker
> OPTIONS='--selinux-enable'
> # systemctl start docker
>  # docker run fedora cat /proc/self/attr/current
> ...
> system_u:system_r:spc_t:s0#
> -
>
> doesn't work.
>

 # systemctl edit docker.service
[Service]
Execstart=
ExecStart=/usr/bin/dockerd --selinux-enabled
# systemctl restart docker
# docker run fedora cat /proc/self/attr/current
system_u:system_r:container_t:s0:c81,c142#

As a temporary worka

>
>
>
>
>>
>>
>>> Lokesh, Franticek, the docker we are shipping on atomic host does not
>>> have SELinux enabled?
>>>
>>>
>>> 
>>>

 I did in one previous email (06:25)

 -
   #

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-02 Thread arnaud gaboury

On Fri, Jun 1, 2018 at 10:36 PM Daniel Walsh  wrote:

> On 06/01/2018 04:31 PM, arnaud gaboury wrote:
>
>
>
> On Fri, Jun 1, 2018 at 9:49 PM Daniel Walsh  wrote:
>
>> On 06/01/2018 01:52 PM, arnaud gaboury wrote:
>>
>>
>>
>> On Fri, Jun 1, 2018 at 7:46 PM Daniel Walsh  wrote:
>>
>>> On 06/01/2018 01:44 PM, arnaud gaboury wrote:
>>>
>>>
>>>
>>> On Fri, Jun 1, 2018 at 7:12 PM Daniel Walsh  wrote:
>>>
 On 06/01/2018 01:08 PM, arnaud gaboury wrote:



 On Fri, Jun 1, 2018 at 6:53 PM Daniel Walsh  wrote:

> On 06/01/2018 12:33 PM, arnaud gaboury wrote:
>
>
>
> On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury <
> arnaud.gabo...@gmail.com> wrote:
>
>> On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh 
>> wrote:
>>
>>> On 06/01/2018 12:07 PM, arnaud gaboury wrote:
>>>
>>>
>>>
>>> On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh 
>>> wrote:
>>>
 On 06/01/2018 10:58 AM, arnaud gaboury wrote:
 > I am switching from fedora server to Atomic.
 >
 > In the old world, my "/etc/sysconfig/docker" file had the content:
 > OPTIONS="--selinux-enable"
 > Now, after running the script container-storage-setup to create a
 thin
 > pool volume, the file with options is now
 > "/etc/sysconfig/docker-storage" and has the following content:
 > -
 > DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper
 --storage-opt
 > dm.fs=xfs --storage-opt
 > dm.thinpooldev=/dev/mapper/vg--docker-docker--pool --storage-opt
 > dm.use_deferred_removal=true --storage-opt
 dm.use_deferred_deletion=true "
 > -
 >
 > Nothing about SELinux. Is it expected? Shall I write this option
 > somewhere else?
 >
 > Thank you.

 I think it should have that flag. If you run a container what does
 cat
 /proc/self/attr/current show?

>>>
>>> 
>>> # docker run hello-world
>>> .
>>> # cat /proc/self/attr/current
>>> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#
>>> 
>>>
>>> Should have been more clear
>>>
>>> docker run fedora cat /proc/self/attr/current
>>>
>> What does this command show?
>
> Of course I would prefer
>>>
>>> podman run fedora cat /proc/self/attr/current
>>>
>>
>> I didn't know this command...so many new stuff to learn !
>>
>
> --
>  % man podman
> No manual entry for podman
> 
>
> :-(   snif
>
>
>> Thats weird.
>
> rpm -q podman
> podman-0.5.4-1.git1f2e2a2.fc28.x86_64
>
> Their should be man pages. You doing this on atomic host?
>

 YES.

 Atomic host excludes man pages.
 You can read lots of docs on podman at
 https://github.com/projectatomic/libpod/

 Man pages are here
 https://github.com/projectatomic/libpod/blob/master/commands.md

 You never showed me the output of the docker command.

>>>
>> Sorry for this confusion
>>
>> 
>> root@control2➤➤ ~ # docker run fedora cat /proc/self/attr/current
>> Unable to find image 'fedora:latest' locally
>> latest: Pulling from library/fedora
>> e71c36a80ba9: Pull complete
>> Digest:
>> sha256:7ae08e5637170eb47c01e315b6e64e0d48c6200d2942c695d0bee61b38c65b39
>> Status: Downloaded newer image for fedora:latest
>> system_u:system_r:spc_t:s0#
>>
>> Ok that indicates SELinux is disabled in the daemon.  Adding back the
>> --selinux-enabled will fix this issue.
>>
>
> where? In /etc/sysconfig/docker?  Or is there a new config file in Atomic
> to set this option?
>
> Still in /etc/sysconfig/docker, then restart docker service and the docker
> run line should show you container_t rather then spc_t.
>

---
# cat /etc/sysconfig/docker
OPTIONS='--selinux-enable'
# systemctl start docker
 # docker run fedora cat /proc/self/attr/current
...
system_u:system_r:spc_t:s0#
-

doesn't work.




>
>
>> Lokesh, Franticek, the docker we are shipping on atomic host does not
>> have SELinux enabled?
>>
>>
>> 
>>
>>>
>>> I did in one previous email (06:25)
>>>
>>> -
>>>   # podman run fedora cat /proc/self/attr/current
>>> Trying to pull docker.io/fedora:latest...Getting image source signatures
>>> Copying blob
>>> sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
>>>  82.57 MB / 82.57 MB
>>> [=] 20s
>>> Copying config
>>> sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
>>>  2.29 KB / 2.29 KB
>>> [] 0s

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread Daniel Walsh

On 06/01/2018 04:31 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 9:49 PM Daniel Walsh > wrote:

On 06/01/2018 01:52 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 7:46 PM Daniel Walsh mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 01:44 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 7:12 PM Daniel Walsh
mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 01:08 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 6:53 PM Daniel Walsh
mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 12:33 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury
mailto:arnaud.gabo...@gmail.com>> wrote:

On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh
mailto:dwa...@redhat.com>>
wrote:

On 06/01/2018 12:07 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 5:04 PM Daniel
Walsh mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 10:58 AM, arnaud
gaboury wrote:
> I am switching from fedora server
to Atomic.
>
> In the old world, my
"/etc/sysconfig/docker" file had the
content:
> OPTIONS="--selinux-enable"
> Now, after running the script
container-storage-setup to create a thin
> pool volume, the file with options
is now
> "/etc/sysconfig/docker-storage" and
has the following content:
> -
>
DOCKER_STORAGE_OPTIONS="--storage-driver
devicemapper --storage-opt
> dm.fs=xfs --storage-opt
>
dm.thinpooldev=/dev/mapper/vg--docker-docker--pool
--storage-opt
> dm.use_deferred_removal=true
--storage-opt
dm.use_deferred_deletion=true "
> -
>
> Nothing about SELinux. Is it
expected? Shall I write this option
> somewhere else?
>
> Thank you.

I think it should have that flag. If
you run a container what does cat
/proc/self/attr/current show?

# docker run hello-world
.
# cat /proc/self/attr/current
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#

Should have been more clear

docker run fedora cat /proc/self/attr/current

What does this command show?

Of course I would prefer

podman run fedora cat /proc/self/attr/current

I didn't know this command...so many new stuff
to learn !

--
 % man podman
No manual entry for podman

:-(   snif

Thats weird.

rpm -q podman
podman-0.5.4-1.git1f2e2a2.fc28.x86_64

Their should be man pages. You doing this on atomic
host?

YES.

Atomic host excludes man pages.
You can read lots of docs on podman at
https://github.com/projectatomic/libpod/

Man pages are here
https://github.com/projectatomic/libpod/blob/master/commands.md

You never showed me the output of the docker command.

Sorry for this confusion

root@control2➤➤ ~ # docker run fedora cat /proc/self/attr/current
Unable to find image 'fedora:latest' locally
latest: Pulling from library/fedora
e71c36a80ba9: Pull complete
Digest:
sha256:7ae08e5637170eb47c01e315b6e64e0d48c6200d2942c695d0bee61b38c65b39
Status: Downloaded newer image for fedora:latest
system_u:system_r:spc_t:s0#

Ok that indicates SELinux is disabled in the daemon.  Adding back
the --selinux-enabled will fix this issue.

where? In

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread arnaud gaboury

On Fri, Jun 1, 2018 at 9:49 PM Daniel Walsh  wrote:

> On 06/01/2018 01:52 PM, arnaud gaboury wrote:
>
>
>
> On Fri, Jun 1, 2018 at 7:46 PM Daniel Walsh  wrote:
>
>> On 06/01/2018 01:44 PM, arnaud gaboury wrote:
>>
>>
>>
>> On Fri, Jun 1, 2018 at 7:12 PM Daniel Walsh  wrote:
>>
>>> On 06/01/2018 01:08 PM, arnaud gaboury wrote:
>>>
>>>
>>>
>>> On Fri, Jun 1, 2018 at 6:53 PM Daniel Walsh  wrote:
>>>
 On 06/01/2018 12:33 PM, arnaud gaboury wrote:



 On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury 
 wrote:

> On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh  wrote:
>
>> On 06/01/2018 12:07 PM, arnaud gaboury wrote:
>>
>>
>>
>> On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh 
>> wrote:
>>
>>> On 06/01/2018 10:58 AM, arnaud gaboury wrote:
>>> > I am switching from fedora server to Atomic.
>>> >
>>> > In the old world, my "/etc/sysconfig/docker" file had the content:
>>> > OPTIONS="--selinux-enable"
>>> > Now, after running the script container-storage-setup to create a
>>> thin
>>> > pool volume, the file with options is now
>>> > "/etc/sysconfig/docker-storage" and has the following content:
>>> > -
>>> > DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper
>>> --storage-opt
>>> > dm.fs=xfs --storage-opt
>>> > dm.thinpooldev=/dev/mapper/vg--docker-docker--pool --storage-opt
>>> > dm.use_deferred_removal=true --storage-opt
>>> dm.use_deferred_deletion=true "
>>> > -
>>> >
>>> > Nothing about SELinux. Is it expected? Shall I write this option
>>> > somewhere else?
>>> >
>>> > Thank you.
>>>
>>> I think it should have that flag. If you run a container what does
>>> cat
>>> /proc/self/attr/current show?
>>>
>>
>> 
>> # docker run hello-world
>> .
>> # cat /proc/self/attr/current
>> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#
>> 
>>
>> Should have been more clear
>>
>> docker run fedora cat /proc/self/attr/current
>>
> What does this command show?

 Of course I would prefer
>>
>> podman run fedora cat /proc/self/attr/current
>>
>
> I didn't know this command...so many new stuff to learn !
>

 --
  % man podman
 No manual entry for podman
 

 :-(   snif


> Thats weird.

 rpm -q podman
 podman-0.5.4-1.git1f2e2a2.fc28.x86_64

 Their should be man pages. You doing this on atomic host?

>>>
>>> YES.
>>>
>>> Atomic host excludes man pages.
>>> You can read lots of docs on podman at
>>> https://github.com/projectatomic/libpod/
>>>
>>> Man pages are here
>>> https://github.com/projectatomic/libpod/blob/master/commands.md
>>>
>>> You never showed me the output of the docker command.
>>>
>>
> Sorry for this confusion
>
> 
> root@control2➤➤ ~ # docker run fedora cat /proc/self/attr/current
> Unable to find image 'fedora:latest' locally
> latest: Pulling from library/fedora
> e71c36a80ba9: Pull complete
> Digest:
> sha256:7ae08e5637170eb47c01e315b6e64e0d48c6200d2942c695d0bee61b38c65b39
> Status: Downloaded newer image for fedora:latest
> system_u:system_r:spc_t:s0#
>
> Ok that indicates SELinux is disabled in the daemon.  Adding back the
> --selinux-enabled will fix this issue.
>

where? In /etc/sysconfig/docker?  Or is there a new config file in Atomic
to set this option?



> Lokesh, Franticek, the docker we are shipping on atomic host does not have
> SELinux enabled?
>
>
> 
>
>>
>> I did in one previous email (06:25)
>>
>> -
>>   # podman run fedora cat /proc/self/attr/current
>> Trying to pull docker.io/fedora:latest...Getting image source signatures
>> Copying blob
>> sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
>>  82.57 MB / 82.57 MB
>> [=] 20s
>> Copying config
>> sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
>>  2.29 KB / 2.29 KB
>> [] 0s
>> Writing manifest to image destination
>> Storing signatures
>> system_u:system_r:container_t:s0:c377,c551#
>> -
>>
>> Thats the output of podman, I need docker.
>>
>
>

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread Daniel Walsh

On 06/01/2018 01:52 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 7:46 PM Daniel Walsh > wrote:

On 06/01/2018 01:44 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 7:12 PM Daniel Walsh mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 01:08 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 6:53 PM Daniel Walsh
mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 12:33 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury
mailto:arnaud.gabo...@gmail.com>> wrote:

On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh
mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 12:07 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh
mailto:dwa...@redhat.com>>
wrote:

On 06/01/2018 10:58 AM, arnaud gaboury wrote:
> I am switching from fedora server to Atomic.
>
> In the old world, my
"/etc/sysconfig/docker" file had the content:
> OPTIONS="--selinux-enable"
> Now, after running the script
container-storage-setup to create a thin
> pool volume, the file with options is now
> "/etc/sysconfig/docker-storage" and has
the following content:
> -
> DOCKER_STORAGE_OPTIONS="--storage-driver
devicemapper --storage-opt
> dm.fs=xfs --storage-opt
>
dm.thinpooldev=/dev/mapper/vg--docker-docker--pool
--storage-opt
> dm.use_deferred_removal=true
--storage-opt dm.use_deferred_deletion=true "
> -
>
> Nothing about SELinux. Is it expected?
Shall I write this option
> somewhere else?
>
> Thank you.

I think it should have that flag. If you
run a container what does cat
/proc/self/attr/current show?

# docker run hello-world
.
# cat /proc/self/attr/current
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#

Should have been more clear

docker run fedora cat /proc/self/attr/current

What does this command show?

Of course I would prefer

podman run fedora cat /proc/self/attr/current

I didn't know this command...so many new stuff to
learn !

--
 % man podman
No manual entry for podman

:-(   snif

Thats weird.

rpm -q podman
podman-0.5.4-1.git1f2e2a2.fc28.x86_64

Their should be man pages. You doing this on atomic host?

YES.

Atomic host excludes man pages.
You can read lots of docs on podman at
https://github.com/projectatomic/libpod/

Man pages are here
https://github.com/projectatomic/libpod/blob/master/commands.md

You never showed me the output of the docker command.

Sorry for this confusion

root@control2➤➤ ~ # docker run fedora cat /proc/self/attr/current
Unable to find image 'fedora:latest' locally
latest: Pulling from library/fedora
e71c36a80ba9: Pull complete
Digest: 
sha256:7ae08e5637170eb47c01e315b6e64e0d48c6200d2942c695d0bee61b38c65b39

Status: Downloaded newer image for fedora:latest
system_u:system_r:spc_t:s0#
Ok that indicates SELinux is disabled in the daemon.  Adding back the 
--selinux-enabled will fix this issue.

Lokesh, Franticek, the docker we are shipping on atomic host does not 
have SELinux enabled?

I did in one previous email (06:25)

-
  # podman run fedora cat /proc/self/attr/current
Trying to pull docker.io/fedora:latest...Getting
 image source signatures
Copying blob
sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
 82.57 MB / 82.57 MB
[=] 20s
Copying config
sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
 2.29

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread arnaud gaboury

On Fri, Jun 1, 2018 at 7:46 PM Daniel Walsh  wrote:

> On 06/01/2018 01:44 PM, arnaud gaboury wrote:
>
>
>
> On Fri, Jun 1, 2018 at 7:12 PM Daniel Walsh  wrote:
>
>> On 06/01/2018 01:08 PM, arnaud gaboury wrote:
>>
>>
>>
>> On Fri, Jun 1, 2018 at 6:53 PM Daniel Walsh  wrote:
>>
>>> On 06/01/2018 12:33 PM, arnaud gaboury wrote:
>>>
>>>
>>>
>>> On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury 
>>> wrote:
>>>
 On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh  wrote:

> On 06/01/2018 12:07 PM, arnaud gaboury wrote:
>
>
>
> On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh  wrote:
>
>> On 06/01/2018 10:58 AM, arnaud gaboury wrote:
>> > I am switching from fedora server to Atomic.
>> >
>> > In the old world, my "/etc/sysconfig/docker" file had the content:
>> > OPTIONS="--selinux-enable"
>> > Now, after running the script container-storage-setup to create a
>> thin
>> > pool volume, the file with options is now
>> > "/etc/sysconfig/docker-storage" and has the following content:
>> > -
>> > DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper --storage-opt
>> > dm.fs=xfs --storage-opt
>> > dm.thinpooldev=/dev/mapper/vg--docker-docker--pool --storage-opt
>> > dm.use_deferred_removal=true --storage-opt
>> dm.use_deferred_deletion=true "
>> > -
>> >
>> > Nothing about SELinux. Is it expected? Shall I write this option
>> > somewhere else?
>> >
>> > Thank you.
>>
>> I think it should have that flag. If you run a container what does
>> cat
>> /proc/self/attr/current show?
>>
>
> 
> # docker run hello-world
> .
> # cat /proc/self/attr/current
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#
> 
>
> Should have been more clear
>
> docker run fedora cat /proc/self/attr/current
>
 What does this command show?
>>>
>>> Of course I would prefer
>
> podman run fedora cat /proc/self/attr/current
>

 I didn't know this command...so many new stuff to learn !

>>>
>>> --
>>>  % man podman
>>> No manual entry for podman
>>> 
>>>
>>> :-(   snif
>>>
>>>
 Thats weird.
>>>
>>> rpm -q podman
>>> podman-0.5.4-1.git1f2e2a2.fc28.x86_64
>>>
>>> Their should be man pages. You doing this on atomic host?
>>>
>>
>> YES.
>>
>> Atomic host excludes man pages.
>> You can read lots of docs on podman at
>> https://github.com/projectatomic/libpod/
>>
>> Man pages are here
>> https://github.com/projectatomic/libpod/blob/master/commands.md
>>
>> You never showed me the output of the docker command.
>>
>
Sorry for this confusion


root@control2➤➤ ~ # docker run fedora cat /proc/self/attr/current
Unable to find image 'fedora:latest' locally
latest: Pulling from library/fedora
e71c36a80ba9: Pull complete
Digest:
sha256:7ae08e5637170eb47c01e315b6e64e0d48c6200d2942c695d0bee61b38c65b39
Status: Downloaded newer image for fedora:latest
system_u:system_r:spc_t:s0#


>
> I did in one previous email (06:25)
>
> -
>   # podman run fedora cat /proc/self/attr/current
> Trying to pull docker.io/fedora:latest...Getting image source signatures
> Copying blob
> sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
>  82.57 MB / 82.57 MB
> [=] 20s
> Copying config
> sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
>  2.29 KB / 2.29 KB
> [] 0s
> Writing manifest to image destination
> Storing signatures
> system_u:system_r:container_t:s0:c377,c551#
> -
>
> Thats the output of podman, I need docker.
>

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread Daniel Walsh

On 06/01/2018 01:44 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 7:12 PM Daniel Walsh > wrote:

On 06/01/2018 01:08 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 6:53 PM Daniel Walsh mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 12:33 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury
mailto:arnaud.gabo...@gmail.com>>
wrote:

On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh
mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 12:07 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh
mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 10:58 AM, arnaud gaboury wrote:
> I am switching from fedora server to Atomic.
>
> In the old world, my "/etc/sysconfig/docker"
file had the content:
> OPTIONS="--selinux-enable"
> Now, after running the script
container-storage-setup to create a thin
> pool volume, the file with options is now
> "/etc/sysconfig/docker-storage" and has the
following content:
> -
> DOCKER_STORAGE_OPTIONS="--storage-driver
devicemapper --storage-opt
> dm.fs=xfs --storage-opt
>
dm.thinpooldev=/dev/mapper/vg--docker-docker--pool
--storage-opt
> dm.use_deferred_removal=true --storage-opt
dm.use_deferred_deletion=true "
> -
>
> Nothing about SELinux. Is it expected? Shall
I write this option
> somewhere else?
>
> Thank you.

I think it should have that flag. If you run a
container what does cat
/proc/self/attr/current show?

# docker run hello-world
.
# cat /proc/self/attr/current
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#

Should have been more clear

docker run fedora cat /proc/self/attr/current

What does this command show?

Of course I would prefer

podman run fedora cat /proc/self/attr/current

I didn't know this command...so many new stuff to learn !

--
 % man podman
No manual entry for podman

:-(   snif

Thats weird.

rpm -q podman
podman-0.5.4-1.git1f2e2a2.fc28.x86_64

Their should be man pages. You doing this on atomic host?

YES.

Atomic host excludes man pages.
You can read lots of docs on podman at
https://github.com/projectatomic/libpod/

Man pages are here
https://github.com/projectatomic/libpod/blob/master/commands.md

You never showed me the output of the docker command.

I did in one previous email (06:25)

-
  # podman run fedora cat /proc/self/attr/current
Trying to pull docker.io/fedora:latest...Getting 
 image source signatures
Copying blob 
sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
 82.57 MB / 82.57 MB 
[=] 20s
Copying config 
sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
 2.29 KB / 2.29 KB 
[] 0s

Writing manifest to image destination
Storing signatures
system_u:system_r:container_t:s0:c377,c551#
-

Thats the output of podman, I need docker.

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread arnaud gaboury

On Fri, Jun 1, 2018 at 7:12 PM Daniel Walsh  wrote:

> On 06/01/2018 01:08 PM, arnaud gaboury wrote:
>
>
>
> On Fri, Jun 1, 2018 at 6:53 PM Daniel Walsh  wrote:
>
>> On 06/01/2018 12:33 PM, arnaud gaboury wrote:
>>
>>
>>
>> On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury 
>> wrote:
>>
>>> On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh  wrote:
>>>
 On 06/01/2018 12:07 PM, arnaud gaboury wrote:



 On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh  wrote:

> On 06/01/2018 10:58 AM, arnaud gaboury wrote:
> > I am switching from fedora server to Atomic.
> >
> > In the old world, my "/etc/sysconfig/docker" file had the content:
> > OPTIONS="--selinux-enable"
> > Now, after running the script container-storage-setup to create a
> thin
> > pool volume, the file with options is now
> > "/etc/sysconfig/docker-storage" and has the following content:
> > -
> > DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper --storage-opt
> > dm.fs=xfs --storage-opt
> > dm.thinpooldev=/dev/mapper/vg--docker-docker--pool --storage-opt
> > dm.use_deferred_removal=true --storage-opt
> dm.use_deferred_deletion=true "
> > -
> >
> > Nothing about SELinux. Is it expected? Shall I write this option
> > somewhere else?
> >
> > Thank you.
>
> I think it should have that flag. If you run a container what does cat
> /proc/self/attr/current show?
>

 
 # docker run hello-world
 .
 # cat /proc/self/attr/current
 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#
 

 Should have been more clear

 docker run fedora cat /proc/self/attr/current

>>> What does this command show?
>>
>> Of course I would prefer

 podman run fedora cat /proc/self/attr/current

>>>
>>> I didn't know this command...so many new stuff to learn !
>>>
>>
>> --
>>  % man podman
>> No manual entry for podman
>> 
>>
>> :-(   snif
>>
>>
>>> Thats weird.
>>
>> rpm -q podman
>> podman-0.5.4-1.git1f2e2a2.fc28.x86_64
>>
>> Their should be man pages. You doing this on atomic host?
>>
>
> YES.
>
> Atomic host excludes man pages.
> You can read lots of docs on podman at
> https://github.com/projectatomic/libpod/
>
> Man pages are here
> https://github.com/projectatomic/libpod/blob/master/commands.md
>
> You never showed me the output of the docker command.
>

I did in one previous email (06:25)

-
  # podman run fedora cat /proc/self/attr/current
Trying to pull docker.io/fedora:latest...Getting image source signatures
Copying blob
sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
 82.57 MB / 82.57 MB
[=] 20s
Copying config
sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
 2.29 KB / 2.29 KB
[] 0s
Writing manifest to image destination
Storing signatures
system_u:system_r:container_t:s0:c377,c551#
-



>
> docker run fedora cat /proc/self/attr/current
>
> BTW Podman is new container runtime for running pods and containers,
> modeled after the Docker CLI, but does not use a container daemon to do
> it's thing.
>
>
> ---
> root@control2➤➤ ~ # man podman
> No manual entry for podman
> root@control2➤➤ ~ # rpm -q podman
> podman-0.5.3-2.gitdc3f9df.fc28.x86_64
> root@control2➤➤ ~ # rpm -q man-pages
> man-pages-4.15-1.fc28.noarch
> root@control2➤➤ ~ # rpm -q man-db
> man-db-2.7.6.1-13.fc28.x86_64
> -
>
>
>>
>> 
>>>  # podman run fedora cat /proc/self/attr/current
>>> Trying to pull docker.io/fedora:latest...Getting image source signatures
>>> Copying blob
>>> sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
>>>  82.57 MB / 82.57 MB
>>> [=] 20s
>>> Copying config
>>> sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
>>>  2.29 KB / 2.29 KB
>>> [] 0s
>>> Writing manifest to image destination
>>> Storing signatures
>>> system_u:system_r:container_t:s0:c377,c551#
>>>  
>>>
>>>
>>
>

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread Daniel Walsh

On 06/01/2018 01:08 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 6:53 PM Daniel Walsh > wrote:

On 06/01/2018 12:33 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury
mailto:arnaud.gabo...@gmail.com>> wrote:

On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh
mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 12:07 PM, arnaud gaboury wrote:

On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh
mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 10:58 AM, arnaud gaboury wrote:
> I am switching from fedora server to Atomic.
>
> In the old world, my "/etc/sysconfig/docker" file
had the content:
> OPTIONS="--selinux-enable"
> Now, after running the script
container-storage-setup to create a thin
> pool volume, the file with options is now
> "/etc/sysconfig/docker-storage" and has the
following content:
> -
> DOCKER_STORAGE_OPTIONS="--storage-driver
devicemapper --storage-opt
> dm.fs=xfs --storage-opt
> dm.thinpooldev=/dev/mapper/vg--docker-docker--pool
--storage-opt
> dm.use_deferred_removal=true --storage-opt
dm.use_deferred_deletion=true "
> -
>
> Nothing about SELinux. Is it expected? Shall I
write this option
> somewhere else?
>
> Thank you.

I think it should have that flag. If you run a
container what does cat
/proc/self/attr/current show?

# docker run hello-world
.
# cat /proc/self/attr/current
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#

Should have been more clear

docker run fedora cat /proc/self/attr/current

What does this command show?

Of course I would prefer

podman run fedora cat /proc/self/attr/current

I didn't know this command...so many new stuff to learn !

--
 % man podman
No manual entry for podman

:-(   snif

Thats weird.

rpm -q podman
podman-0.5.4-1.git1f2e2a2.fc28.x86_64

Their should be man pages. You doing this on atomic host?

YES.

Atomic host excludes man pages.
You can read lots of docs on podman at
https://github.com/projectatomic/libpod/

Man pages are here
https://github.com/projectatomic/libpod/blob/master/commands.md

You never showed me the output of the docker command.

docker run fedora cat /proc/self/attr/current

BTW Podman is new container runtime for running pods and containers, 
modeled after the Docker CLI, but does not use a container daemon to do 
it's thing.

---
root@control2➤➤ ~ # man podman
No manual entry for podman
root@control2➤➤ ~ # rpm -q podman
podman-0.5.3-2.gitdc3f9df.fc28.x86_64
root@control2➤➤ ~ # rpm -q man-pages
man-pages-4.15-1.fc28.noarch
root@control2➤➤ ~ # rpm -q man-db
man-db-2.7.6.1-13.fc28.x86_64
-

 # podman run fedora cat /proc/self/attr/current
Trying to pull docker.io/fedora:latest...Getting
 image source
signatures
Copying blob
sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
 82.57 MB / 82.57 MB
[=] 20s
Copying config
sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
 2.29 KB / 2.29 KB
[] 0s
Writing manifest to image destination
Storing signatures
system_u:system_r:container_t:s0:c377,c551#

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread arnaud gaboury

On Fri, Jun 1, 2018 at 6:53 PM Daniel Walsh  wrote:

> On 06/01/2018 12:33 PM, arnaud gaboury wrote:
>
>
>
> On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury 
> wrote:
>
>> On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh  wrote:
>>
>>> On 06/01/2018 12:07 PM, arnaud gaboury wrote:
>>>
>>>
>>>
>>> On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh  wrote:
>>>
 On 06/01/2018 10:58 AM, arnaud gaboury wrote:
 > I am switching from fedora server to Atomic.
 >
 > In the old world, my "/etc/sysconfig/docker" file had the content:
 > OPTIONS="--selinux-enable"
 > Now, after running the script container-storage-setup to create a
 thin
 > pool volume, the file with options is now
 > "/etc/sysconfig/docker-storage" and has the following content:
 > -
 > DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper --storage-opt
 > dm.fs=xfs --storage-opt
 > dm.thinpooldev=/dev/mapper/vg--docker-docker--pool --storage-opt
 > dm.use_deferred_removal=true --storage-opt
 dm.use_deferred_deletion=true "
 > -
 >
 > Nothing about SELinux. Is it expected? Shall I write this option
 > somewhere else?
 >
 > Thank you.

 I think it should have that flag. If you run a container what does cat
 /proc/self/attr/current show?

>>>
>>> 
>>> # docker run hello-world
>>> .
>>> # cat /proc/self/attr/current
>>> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#
>>> 
>>>
>>> Should have been more clear
>>>
>>> docker run fedora cat /proc/self/attr/current
>>>
>> What does this command show?
>
> Of course I would prefer
>>>
>>> podman run fedora cat /proc/self/attr/current
>>>
>>
>> I didn't know this command...so many new stuff to learn !
>>
>
> --
>  % man podman
> No manual entry for podman
> 
>
> :-(   snif
>
>
>> Thats weird.
>
> rpm -q podman
> podman-0.5.4-1.git1f2e2a2.fc28.x86_64
>
> Their should be man pages. You doing this on atomic host?
>

YES.

---
root@control2➤➤ ~ # man podman
No manual entry for podman
root@control2➤➤ ~ # rpm -q podman
podman-0.5.3-2.gitdc3f9df.fc28.x86_64
root@control2➤➤ ~ # rpm -q man-pages
man-pages-4.15-1.fc28.noarch
root@control2➤➤ ~ # rpm -q man-db
man-db-2.7.6.1-13.fc28.x86_64
-


>
> 
>>  # podman run fedora cat /proc/self/attr/current
>> Trying to pull docker.io/fedora:latest...Getting image source signatures
>> Copying blob
>> sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
>>  82.57 MB / 82.57 MB
>> [=] 20s
>> Copying config
>> sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
>>  2.29 KB / 2.29 KB
>> [] 0s
>> Writing manifest to image destination
>> Storing signatures
>> system_u:system_r:container_t:s0:c377,c551#
>>  
>>
>>
>

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread Daniel Walsh


On 06/01/2018 12:33 PM, arnaud gaboury wrote:



On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury 
mailto:arnaud.gabo...@gmail.com>> wrote:


On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 12:07 PM, arnaud gaboury wrote:



On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh
mailto:dwa...@redhat.com>> wrote:

On 06/01/2018 10:58 AM, arnaud gaboury wrote:
> I am switching from fedora server to Atomic.
>
> In the old world, my "/etc/sysconfig/docker" file had
the content:
> OPTIONS="--selinux-enable"
> Now, after running the script container-storage-setup
to create a thin
> pool volume, the file with options is now
> "/etc/sysconfig/docker-storage" and has the following
content:
> -
> DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper
--storage-opt
> dm.fs=xfs --storage-opt
> dm.thinpooldev=/dev/mapper/vg--docker-docker--pool
--storage-opt
> dm.use_deferred_removal=true --storage-opt
dm.use_deferred_deletion=true "
> -
>
> Nothing about SELinux. Is it expected? Shall I write
this option
> somewhere else?
>
> Thank you.

I think it should have that flag. If you run a container
what does cat
/proc/self/attr/current show?



# docker run hello-world
.
# cat /proc/self/attr/current
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#



Should have been more clear

docker run fedora cat /proc/self/attr/current


What does this command show?


Of course I would prefer

podman run fedora cat /proc/self/attr/current


I didn't know this command...so many new stuff to learn !


--
 % man podman
No manual entry for podman


:-(   snif



Thats weird.

rpm -q podman
podman-0.5.4-1.git1f2e2a2.fc28.x86_64

Their should be man pages. You doing this on atomic host?



 # podman run fedora cat /proc/self/attr/current
Trying to pull docker.io/fedora:latest...Getting
 image source signatures
Copying blob
sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
 82.57 MB / 82.57 MB
[=] 20s
Copying config
sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
 2.29 KB / 2.29 KB
[] 0s
Writing manifest to image destination
Storing signatures
system_u:system_r:container_t:s0:c377,c551#

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread arnaud gaboury

On Fri, Jun 1, 2018 at 6:25 PM arnaud gaboury 
wrote:

> On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh  wrote:
>
>> On 06/01/2018 12:07 PM, arnaud gaboury wrote:
>>
>>
>>
>> On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh  wrote:
>>
>>> On 06/01/2018 10:58 AM, arnaud gaboury wrote:
>>> > I am switching from fedora server to Atomic.
>>> >
>>> > In the old world, my "/etc/sysconfig/docker" file had the content:
>>> > OPTIONS="--selinux-enable"
>>> > Now, after running the script container-storage-setup to create a thin
>>> > pool volume, the file with options is now
>>> > "/etc/sysconfig/docker-storage" and has the following content:
>>> > -
>>> > DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper --storage-opt
>>> > dm.fs=xfs --storage-opt
>>> > dm.thinpooldev=/dev/mapper/vg--docker-docker--pool --storage-opt
>>> > dm.use_deferred_removal=true --storage-opt
>>> dm.use_deferred_deletion=true "
>>> > -
>>> >
>>> > Nothing about SELinux. Is it expected? Shall I write this option
>>> > somewhere else?
>>> >
>>> > Thank you.
>>>
>>> I think it should have that flag. If you run a container what does cat
>>> /proc/self/attr/current show?
>>>
>>
>> 
>> # docker run hello-world
>> .
>> # cat /proc/self/attr/current
>> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#
>> 
>>
>> Should have been more clear
>>
>> docker run fedora cat /proc/self/attr/current
>>
>> Of course I would prefer
>>
>> podman run fedora cat /proc/self/attr/current
>>
>
> I didn't know this command...so many new stuff to learn !
>

--
 % man podman
No manual entry for podman


:-(   snif


> 
>  # podman run fedora cat /proc/self/attr/current
> Trying to pull docker.io/fedora:latest...Getting image source signatures
> Copying blob
> sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
>  82.57 MB / 82.57 MB
> [=] 20s
> Copying config
> sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
>  2.29 KB / 2.29 KB
> [] 0s
> Writing manifest to image destination
> Storing signatures
> system_u:system_r:container_t:s0:c377,c551#
>  
>
>

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread arnaud gaboury

On Fri, Jun 1, 2018 at 6:19 PM Daniel Walsh  wrote:

> On 06/01/2018 12:07 PM, arnaud gaboury wrote:
>
>
>
> On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh  wrote:
>
>> On 06/01/2018 10:58 AM, arnaud gaboury wrote:
>> > I am switching from fedora server to Atomic.
>> >
>> > In the old world, my "/etc/sysconfig/docker" file had the content:
>> > OPTIONS="--selinux-enable"
>> > Now, after running the script container-storage-setup to create a thin
>> > pool volume, the file with options is now
>> > "/etc/sysconfig/docker-storage" and has the following content:
>> > -
>> > DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper --storage-opt
>> > dm.fs=xfs --storage-opt
>> > dm.thinpooldev=/dev/mapper/vg--docker-docker--pool --storage-opt
>> > dm.use_deferred_removal=true --storage-opt
>> dm.use_deferred_deletion=true "
>> > -
>> >
>> > Nothing about SELinux. Is it expected? Shall I write this option
>> > somewhere else?
>> >
>> > Thank you.
>>
>> I think it should have that flag. If you run a container what does cat
>> /proc/self/attr/current show?
>>
>
> 
> # docker run hello-world
> .
> # cat /proc/self/attr/current
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#
> 
>
> Should have been more clear
>
> docker run fedora cat /proc/self/attr/current
>
> Of course I would prefer
>
> podman run fedora cat /proc/self/attr/current
>

I didn't know this command...so many new stuff to learn !


 # podman run fedora cat /proc/self/attr/current
Trying to pull docker.io/fedora:latest...Getting image source signatures
Copying blob
sha256:e71c36a80ba912dd7a5a9f2f2d6136c148afa19bc7d024bd616b74a0bc7a2774
 82.57 MB / 82.57 MB
[=] 20s
Copying config
sha256:cc510acfcd701a409014118d5f417f0022520802a26c650866b8a9594d75f3a7
 2.29 KB / 2.29 KB
[] 0s
Writing manifest to image destination
Storing signatures
system_u:system_r:container_t:s0:c377,c551#

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread Daniel Walsh


On 06/01/2018 12:07 PM, arnaud gaboury wrote:



On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh > wrote:


On 06/01/2018 10:58 AM, arnaud gaboury wrote:
> I am switching from fedora server to Atomic.
>
> In the old world, my "/etc/sysconfig/docker" file had the content:
> OPTIONS="--selinux-enable"
> Now, after running the script container-storage-setup to create
a thin
> pool volume, the file with options is now
> "/etc/sysconfig/docker-storage" and has the following content:
> -
> DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper --storage-opt
> dm.fs=xfs --storage-opt
> dm.thinpooldev=/dev/mapper/vg--docker-docker--pool --storage-opt
> dm.use_deferred_removal=true --storage-opt
dm.use_deferred_deletion=true "
> -
>
> Nothing about SELinux. Is it expected? Shall I write this option
> somewhere else?
>
> Thank you.

I think it should have that flag. If you run a container what does
cat
/proc/self/attr/current show?



# docker run hello-world
.
# cat /proc/self/attr/current
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#



Should have been more clear

docker run fedora cat /proc/self/attr/current

Of course I would prefer

podman run fedora cat /proc/self/attr/current

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread arnaud gaboury

On Fri, Jun 1, 2018 at 5:04 PM Daniel Walsh  wrote:

> On 06/01/2018 10:58 AM, arnaud gaboury wrote:
> > I am switching from fedora server to Atomic.
> >
> > In the old world, my "/etc/sysconfig/docker" file had the content:
> > OPTIONS="--selinux-enable"
> > Now, after running the script container-storage-setup to create a thin
> > pool volume, the file with options is now
> > "/etc/sysconfig/docker-storage" and has the following content:
> > -
> > DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper --storage-opt
> > dm.fs=xfs --storage-opt
> > dm.thinpooldev=/dev/mapper/vg--docker-docker--pool --storage-opt
> > dm.use_deferred_removal=true --storage-opt dm.use_deferred_deletion=true
> "
> > -
> >
> > Nothing about SELinux. Is it expected? Shall I write this option
> > somewhere else?
> >
> > Thank you.
>
> I think it should have that flag. If you run a container what does cat
> /proc/self/attr/current show?
>


# docker run hello-world
.
# cat /proc/self/attr/current
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023#

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread Daniel Walsh


On 06/01/2018 10:58 AM, arnaud gaboury wrote:

I am switching from fedora server to Atomic.

In the old world, my "/etc/sysconfig/docker" file had the content:
OPTIONS="--selinux-enable"
Now, after running the script container-storage-setup to create a thin 
pool volume, the file with options is now 
"/etc/sysconfig/docker-storage" and has the following content:

-
DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper --storage-opt 
dm.fs=xfs --storage-opt 
dm.thinpooldev=/dev/mapper/vg--docker-docker--pool --storage-opt 
dm.use_deferred_removal=true --storage-opt dm.use_deferred_deletion=true "

-

Nothing about SELinux. Is it expected? Shall I write this option 
somewhere else?


Thank you.


I think it should have that flag. If you run a container what does cat 
/proc/self/attr/current show?

[atomic-devel] docker optionsin /etc/sysconfig/docker

2018-06-01 Thread arnaud gaboury

I am switching from fedora server to Atomic.

In the old world, my "/etc/sysconfig/docker" file had the content:
OPTIONS="--selinux-enable"
Now, after running the script container-storage-setup to create a thin pool
volume, the file with options is now "/etc/sysconfig/docker-storage" and
has the following content:
-
DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper --storage-opt
dm.fs=xfs --storage-opt dm.thinpooldev=/dev/mapper/vg--docker-docker--pool
--storage-opt dm.use_deferred_removal=true --storage-opt
dm.use_deferred_deletion=true "
-

Nothing about SELinux. Is it expected? Shall I write this option somewhere
else?

Thank you.

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

Re: [atomic-devel] docker optionsin /etc/sysconfig/docker

[atomic-devel] docker optionsin /etc/sysconfig/docker

22 matches

Site Navigation

Mail list logo

Footer information