I’ve run into a selinux problem when creating and accessing docker mount volumes for containers. Example:
$ docker run --mount source=ubuntu-home,target=/home/ ubuntu
/bin/bash: error while loading shared libraries: libtinfo.so.5: cannot change memory protections
From SETroubleshoot details:
Source Context system_u:system_r:container_t:s0:c770,c809
Target Context system_u:object_r:container_var_lib_t:s0
Target Objects /lib/x86_64-linux-gnu/libtinfo.so.5.9 [ file ]
What is the correct way to deal with this conflict between source and target contexts? container_t vs container_var_lib_t
I’m using moby-engine (i.e. docker-ce 18.06.3 packaged for Fedora) and have changed the root docker directory from the default /var/lib/docker location. This seems to be the source of the trouble. To get containers to launch, selinux context on the new location had to be changed from system_u:object_r:mnt_t:s0 to system_u:object_r:container_var_lib_t:s0, just like it is for /var/lib/docker
What else needs to be done, and is this going to be a recurring issue? Admittedly this is due to my ignorance of selinux, and this seems to be the fastest way to learn.