Merge pull request #6452 from mheon/selinux_btrfs_fix

Error if Docker daemon starts with BTRFS graph driver and SELinux enabled
2014-07-07 11:34:50 -07:00 · 2014-07-07 11:34:50 -07:00 · 219a3345de
commit 219a3345de
parent 2e4f99d99c 4318802f64
4 changed files with 8 additions and 3 deletions
--- a/daemon/daemon.go
+++ b/daemon/daemon.go
@ -778,6 +778,11 @@ func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*D
 	}
 	utils.Debugf("Using graph driver %s", driver)

+	// As Docker on btrfs and SELinux are incompatible at present, error on both being enabled
+	if config.EnableSelinuxSupport && driver.String() == "btrfs" {
+		return nil, fmt.Errorf("SELinux is not supported with the BTRFS graph driver!")
+	}
+
 	daemonRepo := path.Join(config.Root, "containers")

 	if err := os.MkdirAll(daemonRepo, 0700); err != nil && !os.IsExist(err) {
--- a/docker/docker.go
+++ b/docker/docker.go
@ -66,7 +66,7 @@ func main() {
 		flCa                 = flag.String([]string{"-tlscacert"}, dockerConfDir+defaultCaFile, "Trust only remotes providing a certificate signed by the CA given here")
 		flCert               = flag.String([]string{"-tlscert"}, dockerConfDir+defaultCertFile, "Path to TLS certificate file")
 		flKey                = flag.String([]string{"-tlskey"}, dockerConfDir+defaultKeyFile, "Path to TLS key file")
-		flSelinuxEnabled     = flag.Bool([]string{"-selinux-enabled"}, false, "Enable selinux support")
+		flSelinuxEnabled     = flag.Bool([]string{"-selinux-enabled"}, false, "Enable selinux support. SELinux does not presently support the BTRFS storage driver")
 	)
 	flag.Var(&flDns, []string{"#dns", "-dns"}, "Force Docker to use specific DNS servers")
 	flag.Var(&flDnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains")
--- a/docs/man/docker.1.md
+++ b/docs/man/docker.1.md
@ -74,7 +74,7 @@ unix://[/path/to/socket] to use.
  Print version information and quit. Default is false.

 **--selinux-enabled**=*true*|*false*
-  Enable selinux support. Default is false.
+  Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver.

 # COMMANDS
 **docker-attach(1)**
--- a/docs/sources/reference/commandline/cli.md
+++ b/docs/sources/reference/commandline/cli.md
@ -73,7 +73,7 @@ expect an integer, and they can only be specified once.
      -p, --pidfile="/var/run/docker.pid"        Path to use for daemon PID file
      -r, --restart=true                         Restart previously running containers
      -s, --storage-driver=""                    Force the Docker runtime to use a specific storage driver
-      --selinux-enabled=false                    Enable selinux support
+      --selinux-enabled=false                    Enable selinux support. SELinux does not presently support the BTRFS storage driver
      --storage-opt=[]                           Set storage driver options
      --tls=false                                Use TLS; implied by tls-verify flags
      --tlscacert="/home/sven/.docker/ca.pem"    Trust only remotes providing a certificate signed by the CA given here