Docker cannot write to mounted volume

So you’ve already investigated the permissions, and the selinux context. There are no errors in the audit logs.

And if you’re using a directory like /var/lib/docker/db, it will have context unconfined_u:object_r:container_var_lib_t:s0.

For mounting with -v /var/lib/docker/db/appname:/opt/application/ and it to be readable, you will need a new context.

semanage fcontext -a -t svirt_sandbox_file_t '/var/lib/docker/db(/.*)?'
Advertisements

Configure SELinux to allow Nagios publickey auth

Nagios is a tool for monitoring servers. In a security-minded environment, you need to make allowances for nagios. It operates over ssh using a public key, which SELinux doesn’t like.

One problem that can occur is that the ~nagios/.ssh/authorized_keys file will not have the right selinux context. Fix that with

semanage fcontext -a -t "ssh_home_t" "/var/spool/nagios(/.*)?"
restorecon -RvF /var/spool/nagios

This will make a new rule in selinux for that directory to have a regular ssh-homedir context, so public keys will work properly. If nagios cannot connect passwordlessly, it will throw fits.