Docker boot failure due to SELinux

Problem Description:

One of the in-use Docker has suddenly failed and then started Docker failure.

System version of the machine: CentOS Linux release 7.3.1611 (Core)

Finally, the docker of this machine is unloaded and re-installed, but Docker still can't get up, launch the Docker "Error starting Daemon:selinux is not supported with the Overlay2 graph drive R on this kernel. " The error. The specific error message is as follows:

[[email protected] lib]# systemctl start dockerjob for Docker.service failed because the control process exited with Error code. See "Systemctl Status Docker.service" and "Journalctl-xe" for details. [[email protected] lib]# systemctl status docker.service docker.service-docker application Container Engine Load ed:loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset:disabled) active:failed (result:exit-code ) since Fri 2018-06-22 15:22:45 CST; 10s ago docs:http://docs.docker.com process:6374 execstart=/usr/bin/dockerd-current--add-runtime docker-runc=/usr/ Libexec/docker/docker-runc-current--default-runtime=docker-runc--exec-opt Native.cgroupdriver=systemd-- Userland-proxy-path=/usr/libexec/docker/docker-proxy-current--init-path=/usr/libexec/docker/ Docker-init-current--seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER _storage_options $DOCKER _network_ OPTIONS $ADD _registry $BLOCK _registry $INSECURE _registry $REGISTRIES (code=exited, status=1/failure) Main pid:6374 (code=exited, Status=1/failure) June (15:22:42 registry.sefon.com systemd[1]: Starting Docker Application Container Engine ... June 15:22:42 registry.sefon.com dockerd-current[6374]: time= "2018-06-22t15:22:42.987932115+08:00" Level=info msg= "  Libcontainerd:new containerd process, pid:6381 "June of 15:22:45 registry.sefon.com dockerd-current[6374]: Error starting Daemon:selinux is isn't supported with the Overlay2 graph driver on this kernel. Either boot into a newer kernel or disabl...nabled=false) #关键报错信息Jun 15:22:45 registry.sefon.com systemd[1]: Do Cker.service:main Process exited, code=exited, Status=1/failurejun 15:22:45 registry.sefon.com systemd[1]: Failed to S  Tart Docker application Container engine.jun 15:22:45 registry.sefon.com systemd[1]: Unit Docker.service entered failed State. June 15:22:45 registry.sefon.com Systemd[1]: Docker.service failed. Hint:some lines were ellipsized, use-l to show on full.

Cause Analysis:

According to the error message "Error starting Daemon:selinux is not supported with the Overlay2 graph driver on this kernel. Either boot into a newer kernel or disabl...nabled=false) "prompts that selinux in the Linux kernel of this machine does not support Overlay2 graph driver.
There are two workarounds, either starting a new kernel or disabling Selinux,--selinux-enabled=false in the Docker configuration file

Workaround:

The new kernel is not started, and the Docker configuration file is modified. Change the "--selinux-enabled" of the configuration file to "--selinux-enabled=false" and then restart Docker.

[[email protected] lib]# cat /etc/sysconfig/docker# /etc/sysconfig/docker# Modify these options if you want to change the way the docker daemon runs#OPTIONS=‘--selinux-enabled --log-driver=journald --signature-verification=false‘OPTIONS=‘--selinux-enabled=false --log-driver=journald --signature-verification=false --registry-mirror=https://fzhifedh.mirror.aliyuncs.com --insecure-registry=registry.sese.com‘    #修改这里的"--selinux-enabled"，改成"--selinux-enabled=false"if [ -z "${DOCKER_CERT_PATH}" ]; then    DOCKER_CERT_PATH=/etc/dockerfi......   

Then restart Docker and it starts normally:

[[email protected] lib]# systemctl start docker[[email protected] lib]# docker ps -aCONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               

Workaround Reference Document: https://www.cnblogs.com/weifeng1463/p/9040892.html

Docker boot failure due to SELinux