SELinux prevents access to /var/run/docker.sock
Issue
After upgrading container-selinux from 2.77 to 2.95 accesses to /var/run/docker.sock from within a docker-container failed. In /var/log/audit/audit.log the following are logged:
type=AVC msg=audit(1559820489.750:15178): avc: denied { connectto } for pid=70154 comm="docker" path="/run/docker.sock" scontext=system_u:system_r:container_t:s0:c18,c1019 tcontext=system_u:system_r:container_runtime_t:s0 tclass=unix_stream_socket permissive=0
Environment
- docker
- container-selinux-2.95-2.el7_6 and newer
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.