skip to Main Content

I’m trying to do an offline deployment of a docker image with RPM on CentOS.
My spec file is pretty simple :

Source1: myimage.tar.gz
...
%install
cp %{SOURCE1} ...
...
%post
docker load -i myimage.tar.gz
docker-compose up -d
docker image prune -af

I compress my image using docker save and gzip. Then, on another machine, I just load the image with docker and use docker-compose to run my service.

When executing the commands "docker load" and "docker-compose up", I got that error:

sudo: unable to execute /bin/docker: Permission denied
sudo: unable to execute /bin/docker-compose: Permission denied
sudo: unable to execute /bin/docker: Permission denied

My user is part of the docker group, I checked if the RPM file was executed using root, it is…

If I run the RPM on my dev machine, it works, if I execute the commands in a script that is not part of the RPM, it works…

Any ideas ?

Thanks in advance.

2

Answers


  1. Chosen as BEST ANSWER

    I tried the first solution and it worked ! grep rpm_script_t /var/log/audit/audit.log | audit2allow -m mypolicy > mypolicy.te

    The problem came from the fact that the RPM scripts didn't have the access to the container_runtime_exec_t:file entrypoint that I suppose, allow it to run containers like docker.

    Thanks a lot for the tip !


  2. You’re probably being blocked by SELinux. You can temporarily disable it to check with setenforce 0.

    If that is the problem (it is; this is a comment turned into an answer), some possible solutions:

    • You might be able to use audit2allow to change the denials into new rules to import.
    • Maybe udica will help. I don’t know enough about it to tell.
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search