I have below contents in /etc/sysconfig/docker
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --userns-remap=default --log-opt=max-size=10M --log-opt=max-file=30'
DOCKER_CERT_PATH=/etc/docker
# Enable insecure registry communication by appending the registry URL
# to the INSECURE_REGISTRY variable below and uncommenting it
# INSECURE_REGISTRY='--insecure-registry '
# On SELinux System, if you remove the --selinux-enabled option, you
# also need to turn on the docker_transition_unconfined boolean.
# setsebool -P docker_transition_unconfined
# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp
# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.
# LOGROTATE=false
# Allow creation of core dumps
GOTRACEBACK=crash
But i can't run any containers with this configuration
[root@server ~]# docker run -ti hello-world
docker: Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\\"mqueue\\\" to rootfs \\\"/var/lib/docker/231072.231072/overlay2/ac28bae7fd341860112089d08b04e54aeeb8b85304be9455c8705ff6d883c4ac/merged\\\" at \\\"/dev/mqueue\\\" caused \\\"operation not permitted\\\"\"".
But when i remove --selinux-enabled from /etc/sysconfig/docker then it works just fine
[root@server ~]# docker run -ti hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
5b0f327be733: Pull complete
Digest: sha256:07d5f7800dfe37b8c2196c7b1c524c33808ce2e0f74e7aa00e603295ca9a0972
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://cloud.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/
Can't these tags co-exist?
docker version
[root@server ~]# docker -v
Docker version 17.03.1-ce, build 276fd32
selinux versions
[root@server ~]# rpm -qa | grep selinux
libselinux-python-2.5-11.el7.x86_64
libselinux-2.5-11.el7.i686
selinux-policy-3.13.1-166.0.2.el7_4.4.noarch
libselinux-2.5-11.el7.x86_64
selinux-policy-targeted-3.13.1-166.0.2.el7_4.4.noarch
libselinux-utils-2.5-11.el7.x86_64