Why docker daemon fails to start the container when --security-opt=no-new-privileges is passed ?

Solution Verified - Updated -

Issue

  • Why docker daemon fails to start the container when --security-opt=no-new-privileges is passed ?
  • When no-new-privileges option is used, docker fails to start the container and results in a panic
docker run -it --security-opt=no-new-privileges rhel7 bash
panic: standard_init_linux.go:178: exec user process caused "operation not permitted" [recovered]
        panic: standard_init_linux.go:178: exec user process caused "operation not permitted"

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux Atomic Host
  • docker-1.12.5-14.el7.x86_64 and later
  • container-selinux-1.12.5-14.el7.x86_64 and later
  • Option --security-opt=no-new-privileges passed with docker run

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In