People are reporting problems in Fedora about using centos rhel6 images. https://bugzilla.redhat.com/show_bug.cgi?id=1098120 The problem is the libselinux in the centos image is reporting that SELinux is enabled to processes running within the container. Tools like useradd and groupadd to attempt to write to /proc/self/attr/* files in order to setup proper labeling for SELinux. Since /proc is now mounted read/only within the docker containers, the writes are denied and useradd/groupadd fail. I wrote the attached patch for RHEL6 libselinux to get RHEL6 images to work properly. Basically the patched libselinux will report to processes that SELinux is disabled if the selinux file system is not mounted or mounted read/only. The fixed version of libselinux is already in Fedora and RHEL7 versions of libselinux. Red Hat will be shipping this new version of libselinux in rhel6.6. But we will also ship it as part of our rhel6.5 Base Image. Privileged containers and systems with SELInux disabled do not have this issue, however systemd with SELinux in permissive mode or enforcing have the problem. In permissive mode the problem will continue, since it is not SELinux denying access to /proc. It is actually the fact that /proc is mounted Read/Only. Previous versions of docker did not mount the /proc file system as read/only It would be a good idea if someone could get a patched version of libselinux into the centos 6 docker image. -------------- next part -------------- A non-text attachment was scrubbed... Name: libselinux-2.0.94_enabled.patch Type: text/x-patch Size: 5924 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140521/55bc173b/attachment-0006.bin>