Merge pull request #1639 from vcaputo/docker-disable-selinux-on-btrfs

app-emulation/docker: disable SELinux when using btrfs
2025-08-23 07:21:14 +02:00 · 2015-11-17 14:55:18 -08:00 · 2015-11-17 14:55:18 -08:00 · 925ed0adf9
commit 925ed0adf9
parent 8bf788a996 802de9e496
3 changed files with 17 additions and 2 deletions
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.8.3-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.8.3-r2.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
@ -9,7 +9,7 @@ EnvironmentFile=-/run/flannel_docker_opts.env
 MountFlags=slave
 LimitNOFILE=1048576
 LimitNPROC=1048576
-ExecStart=/usr/lib/coreos/dockerd daemon --selinux-enabled --host=fd:// $DOCKER_OPTS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
+ExecStart=/usr/lib/coreos/dockerd daemon --host=fd:// $DOCKER_OPTS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ

 [Install]
 WantedBy=multi-user.target
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd
@ -55,6 +55,17 @@ select_docker_driver() {
    esac
 }

+maybe_disable_selinux() {
+    case "${DOCKER_DRIVER}" in
+        btrfs)
+            USE_SELINUX=""
+            ;;
+        *)
+            # Leave enabled for everything else.
+            ;;
+    esac
+}
+
 ARG_ROOT="/var/lib/docker"
 ARG_DRIVER=""
 parse_docker_args "$@"
@ -64,4 +75,8 @@ if [[ -z "${ARG_DRIVER}" && -z "${DOCKER_DRIVER}" ]]; then
    select_docker_driver
 fi

-exec docker "$@"
+# Enable selinux except when known to be unsupported (btrfs).
+USE_SELINUX="--selinux-enabled"
+maybe_disable_selinux
+
+exec docker "$@" "${USE_SELINUX}"