Browse code
Linux upstream kernel Overlay file systems support SELinux
Remove checks that prevent overlay and SELinux from working together.
Fixes are arriving in the 4.9 kernel.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Dan Walsh authored on 2016/08/11 22:41:26Showing 2 changed files
| ... | ... |
@@ -603,13 +603,7 @@ func configureMaxThreads(config *Config) error {
|
| 603 | 603 |
// configureKernelSecuritySupport configures and validates security support for the kernel |
| 604 | 604 |
func configureKernelSecuritySupport(config *Config, driverName string) error {
|
| 605 | 605 |
if config.EnableSelinuxSupport {
|
| 606 |
- if selinuxEnabled() {
|
|
| 607 |
- // As Docker on overlayFS and SELinux are incompatible at present, error on overlayfs being enabled |
|
| 608 |
- if driverName == "overlay" {
|
|
| 609 |
- return fmt.Errorf("SELinux is not supported with the %s graph driver", driverName)
|
|
| 610 |
- } |
|
| 611 |
- logrus.Debug("SELinux enabled successfully")
|
|
| 612 |
- } else {
|
|
| 606 |
+ if !selinuxEnabled() {
|
|
| 613 | 607 |
logrus.Warn("Docker could not enable SELinux on the host system")
|
| 614 | 608 |
} |
| 615 | 609 |
} else {
|
| ... | ... |
@@ -235,7 +235,7 @@ output otherwise. |
| 235 | 235 |
Force the Docker runtime to use a specific storage driver. |
| 236 | 236 |
|
| 237 | 237 |
**--selinux-enabled**=*true*|*false* |
| 238 |
- Enable selinux support. Default is false. SELinux does not presently support either of the overlay storage drivers. |
|
| 238 |
+ Enable selinux support. Default is false. |
|
| 239 | 239 |
|
| 240 | 240 |
**--storage-opt**=[] |
| 241 | 241 |
Set storage driver options. See STORAGE DRIVER OPTIONS. |