I have a CentOS 7 minimal install with networking enabled and a few extra simple tools installed (e.g. htop). Docker was installed as per these instructions.
The command that I am running is this:
docker run --name mysql5.6 -v /tmp/mysql:/etc/mysql/conf.d -e MYSQL_ROOT_PASSWORD=blah -p 22 -p 3306 -d mysql:5.6
But the container will not start. If I run it like this, things work:
docker run --name mysql5.6 -e MYSQL_ROOT_PASSWORD=blah -p 22 -p 3306 -d mysql:5.6
As per the instructions here, I ran the command
chcon -Rt svirt_sandbox_file_t /tmp/mysql
The above is running on a VM.
I tried what I believe to be the same configuration on a desktop system and things worked if I edit /etc/sysconfig/selinux to look like this:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=minimum
Please note the SELINUX=disabled and SELINUXTYPE=minimum settings. For some reason, that did not work on the VM either.
What am I missing?
UPDATE: This is definitely a permissions problem. The system that "worked" had an older version of docker. The daemon was started like this:
/usr/bin/docker daemon --selinux-enabled
The newer version started like this:
/usr/bin/docker daemon -H fd://
So I added the --selinux-enabled option to the newer docker and it made no observable difference in behavior. The only way to get things to work is to make files writeable by other (666).
So, I can make it work by opening up the file all the way. Is that the expected behavior? It does not seem right. Why does the file need to be writeable?