Error if Docker daemon starts with BTRFS graph driver and SELinux enabled

The Docker btrfs graph driver does not interact well with SELinux at present. If btrfs mounts the same file in several locations, the same SELinux label will be applied to all mountpoints. In the context of the graph driver, things such as shared libraries become inaccessible to containers due to SELInux, causing all dynamically linked applications to fail when run in a container. Consequently, error when we detect the daemon is being run with SELinux enabled and the btrfs driver. Documentation has been added for this behavior. Docker-DCO-1.1-Signed-off-by: Matthew Heon <mheon@redhat.com> (github: mheon) Upstream-commit: 4318802f645cdd4fa63a894160f153a69a97af59 Component: engine
2014-06-04 16:38:06 -04:00
parent 3aeb3e2a4c
commit 9b1af46554
4 changed files with 8 additions and 3 deletions
--- a/components/engine/docs/sources/reference/commandline/cli.md
+++ b/components/engine/docs/sources/reference/commandline/cli.md
@ -73,7 +73,7 @@ expect an integer, and they can only be specified once.
      -p, --pidfile="/var/run/docker.pid"        Path to use for daemon PID file
      -r, --restart=true                         Restart previously running containers
      -s, --storage-driver=""                    Force the Docker runtime to use a specific storage driver
-      --selinux-enabled=false                    Enable selinux support
+      --selinux-enabled=false                    Enable selinux support. SELinux does not presently support the BTRFS storage driver
      --storage-opt=[]                           Set storage driver options
      --tls=false                                Use TLS; implied by tls-verify flags
      --tlscacert="/home/sven/.docker/ca.pem"    Trust only remotes providing a certificate signed by the CA given here