SELinux: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock #9
Description
Putting this here for others.
In the runner:
root@50a4dc272487:/actions-runner# docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/json: dial unix /var/run/docker.sock: connect: permission deniedOn the host:
----
time->Sat Mar 7 21:21:39 2020
type=PROCTITLE msg=audit(1583616099.890:863): proctitle=646F636B6572007073
type=SYSCALL msg=audit(1583616099.890:863): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=c00056f290 a2=17 a3=0 items=0 ppid=3254 pid=3267 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="docker" exe="/usr/bin/docker" subj=system_u:system_r:container_t:s0:c36,c702 key=(null)
type=AVC msg=audit(1583616099.890:863): avc: denied { connectto } for pid=3267 comm="docker" path="/run/docker.sock" scontext=system_u:system_r:container_t:s0:c36,c702 tcontext=system_u:system_r:container_runtime_t:s0 tclass=unix_stream_socket permissive=0If you're running the default Docker package from Centos or RH it doesn't disable SELinux at the daemon. Start the container with --security-opt=label=disable.
function github-runner {
name=github-runner-${1//\//-}
org=$(dirname $1)
repo=$(basename $1)
tag=${3:-latest}
docker rm -f $name
docker run -d --restart=always \
--security-opt=label=disable \
-e REPO_URL="https://github.com/${org}/${repo}" \
-e RUNNER_TOKEN="$2" \
-e RUNNER_NAME="linux-${repo}" \
-e RUNNER_WORKDIR="/tmp/github-runner" \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp/github-runner:/tmp/github-runner \
--name=$name myoung34/github-runner:${tag}
}