From f7392819942e745186292a9fc05fcdf36244332c Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 11 Aug 2016 09:41:26 -0400 Subject: [PATCH] Linux upstream kernel Overlay file systems support SELinux Remove checks that prevent overlay and SELinux from working together. Fixes are arriving in the 4.9 kernel. Signed-off-by: Dan Walsh Upstream-commit: b71cd179fa7651a48955d3879fae647d6d933bf0 Component: engine --- components/engine/daemon/daemon_unix.go | 8 +------- components/engine/man/dockerd.8.md | 2 +- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go index 12e0019a9b..0b2d36a51b 100644 --- a/components/engine/daemon/daemon_unix.go +++ b/components/engine/daemon/daemon_unix.go @@ -603,13 +603,7 @@ func configureMaxThreads(config *Config) error { // configureKernelSecuritySupport configures and validates security support for the kernel func configureKernelSecuritySupport(config *Config, driverName string) error { if config.EnableSelinuxSupport { - if selinuxEnabled() { - // As Docker on overlayFS and SELinux are incompatible at present, error on overlayfs being enabled - if driverName == "overlay" { - return fmt.Errorf("SELinux is not supported with the %s graph driver", driverName) - } - logrus.Debug("SELinux enabled successfully") - } else { + if !selinuxEnabled() { logrus.Warn("Docker could not enable SELinux on the host system") } } else { diff --git a/components/engine/man/dockerd.8.md b/components/engine/man/dockerd.8.md index a098a708a3..06c3820027 100644 --- a/components/engine/man/dockerd.8.md +++ b/components/engine/man/dockerd.8.md @@ -235,7 +235,7 @@ output otherwise. Force the Docker runtime to use a specific storage driver. **--selinux-enabled**=*true*|*false* - Enable selinux support. Default is false. SELinux does not presently support either of the overlay storage drivers. + Enable selinux support. Default is false. **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS.