I’m trying to do an offline deployment of a docker image with RPM on CentOS.
My spec file is pretty simple :
Source1: myimage.tar.gz
...
%install
cp %{SOURCE1} ...
...
%post
docker load -i myimage.tar.gz
docker-compose up -d
docker image prune -af
I compress my image using docker save and gzip. Then, on another machine, I just load the image with docker and use docker-compose to run my service.
When executing the commands "docker load" and "docker-compose up", I got that error:
sudo: unable to execute /bin/docker: Permission denied
sudo: unable to execute /bin/docker-compose: Permission denied
sudo: unable to execute /bin/docker: Permission denied
My user is part of the docker group, I checked if the RPM file was executed using root, it is…
If I run the RPM on my dev machine, it works, if I execute the commands in a script that is not part of the RPM, it works…
Any ideas ?
Thanks in advance.
2
Answers
I tried the first solution and it worked !
grep rpm_script_t /var/log/audit/audit.log | audit2allow -m mypolicy > mypolicy.te
The problem came from the fact that the RPM scripts didn't have the access to the
container_runtime_exec_t:file entrypoint
that I suppose, allow it to run containers like docker.Thanks a lot for the tip !
You’re probably being blocked by SELinux. You can temporarily disable it to check with
setenforce 0
.If that is the problem (it is; this is a comment turned into an answer), some possible solutions:
audit2allow
to change the denials into new rules to import.