Docker Community Forums

Share and learn in the Docker community.

Docker run fails with error message when running simple docker image (from scratch)

Hi all,

i am trying to run a simple docker image in my organization, which i have built from scratch. This docker image does only contain a simple C hello world program (already compiled) when starting the container it just gives hello world as output (i tested it in some other environment and it is working). I am using a Redhat Enterprise Linux Server 7.6 with SELinux enforced.

When i am running the docker image

sudo docker run <image>

i am getting this error message:

container_linux.go:235: starting container process caused "process_linux.go:258: applying cgroup configuration for process caused \"An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type=\\\"method_call\\\", sender=\\\":1.80648\\\" (uid=0 pid=411259 comm=\\\"/usr/libexec/docker/docker-runc-current --log /run\\\") interface=\\\"org.freedesktop.systemd1.Manager\\\" member=\\\"StartTransientUnit\\\" error name=\\\"(unset)\\\" requested_reply=\\\"0\\\" destination=\\\"org.freedesktop.systemd1\\\" (uid=0 pid=1 comm=\\\"/usr/lib/systemd/systemd --switched-root --system \\\")\""
/usr/bin/docker-current: Error response from daemon: oci runtime error: container_linux.go:235: starting container process caused "process_linux.go:258: applying cgroup configuration for process caused \"An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type=\\\"method_call\\\", sender=\\\":1.80648\\\" (uid=0 pid=411259 comm=\\\"/usr/libexec/docker/docker-runc-current --log /run\\\") interface=\\\"org.freedesktop.systemd1.Manager\\\" member=\\\"StartTransientUnit\\\" error name=\\\"(unset)\\\" requested_reply=\\\"0\\\" destination=\\\"org.freedesktop.systemd1\\\" (uid=0 pid=1 comm=\\\"/usr/lib/systemd/systemd --switched-root --system \\\")\"". ERRO[0000] error getting events from daemon: net/http: request canceled

I initially thought this is due SELinux is running in Enforced mode, but after switching to Permissive mode

setenforce Permissive

(which allows the actions which it would usually block, but will still log it) i still get the same error message. After some searching i have found that maybe by disabling the SELinux separation in the container would help to run the image:

sudo docker run -it --security-opt label:disable <imagename/id>

which unfortunaley was not the case, but the first error message disappeared:

/usr/bin/docker-current: Error response from daemon: oci runtime error: container_linux.go:235: starting container process caused "process_linux.go:258: applying cgroup configuration for process caused \"An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type=\\\"method_call\\\", sender=\\\":1.80667\\\" (uid=0 pid=413370 comm=\\\"/usr/libexec/docker/docker-runc-current --log /run\\\") interface=\\\"org.freedesktop.systemd1.Manager\\\" member=\\\"StartTransientUnit\\\" error name=\\\"(unset)\\\" requested_reply=\\\"0\\\" destination=\\\"org.freedesktop.systemd1\\\" (uid=0 pid=1 comm=\\\"/usr/lib/systemd/systemd --switched-root --system \\\")\"".

Do you have any idea where here the problem is coming from? Thanks in advance for ideas.

OS:

NAME="Red Hat Enterprise Linux Server"
VERSION="7.6 (Maipo)"

Docker version:

Client:
 Version:         1.13.1
 API version:     1.26
 Package version: docker-1.13.1-96.gitb2f74b2.el7.x86_64
 Go version:      go1.10.8
 Git commit:      b2f74b2/1.13.1
 Built:           Tue Apr  2 21:01:07 2019
 OS/Arch:         linux/amd64

is a fairly old version of the docker engine, or one that’s provided by the default repos for CentOS or RHEL. You may want to install a modern version of the community edition (CE) engine for your OS and retry your experiments. See https://docs.docker.com/install/linux/docker-ce/centos/ for guidance on obtaining the packages or binaries.

Hi,

thank you for your response. The problem has been solved after updating the kernel.

Now the OS details are:

NAME="Red Hat Enterprise Linux Server"
VERSION="7.7 (Maipo)"