SELinux 引發的docker啓動失敗

問題描述：

有一臺使用中的docker忽然發生了故障，而後啓動docker失敗。

機器的系統版本：CentOS Linux release 7.3.1611 (Core)

最後將這臺機器的docker卸載後重裝，可是docker仍是起不來，啓動docker報「Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel.」的錯誤。具體的報錯信息以下：

[root@registry lib]# systemctl start docker
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
[root@registry lib]# systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2018-06-22 15:22:45 CST; 10s ago
     Docs: http://docs.docker.com
  Process: 6374 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
 Main PID: 6374 (code=exited, status=1/FAILURE)

Jun 22 15:22:42 registry.sefon.com systemd[1]: Starting Docker Application Container Engine...
Jun 22 15:22:42 registry.sefon.com dockerd-current[6374]: time="2018-06-22T15:22:42.987932115+08:00" level=info msg="libcontainerd: new containerd process, pid: 6381"
Jun 22 15:22:45 registry.sefon.com dockerd-current[6374]: Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel. Either boot into a newer kernel or disabl...nabled=false)         #關鍵報錯信息
Jun 22 15:22:45 registry.sefon.com systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Jun 22 15:22:45 registry.sefon.com systemd[1]: Failed to start Docker Application Container Engine.
Jun 22 15:22:45 registry.sefon.com systemd[1]: Unit docker.service entered failed state.
Jun 22 15:22:45 registry.sefon.com systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

緣由分析：

根據報錯信息「Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel. Either boot into a newer kernel or disabl...nabled=false)」的提示，這臺機器的linux的內核中的SELinux不支持 overlay2 graph driver 。
解決方法有兩個，要麼啓動一個新內核，要麼就在docker配置文件裏面裏禁用selinux，--selinux-enabled=false

解決方法：

沒有啓動新的內核，修改的docker配置文件。將配置文件的「--selinux-enabled」改爲「--selinux-enabled=false」，而後再重啓docker。

[root@registry lib]# cat /etc/sysconfig/docker
# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
#OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'

OPTIONS='--selinux-enabled=false --log-driver=journald --signature-verification=false --registry-mirror=https://fzhifedh.mirror.aliyuncs.com --insecure-registry=registry.sese.com'    #修改這裏的"--selinux-enabled"，改爲"--selinux-enabled=false"
if [ -z "${DOCKER_CERT_PATH}" ]; then
    DOCKER_CERT_PATH=/etc/docker
fi

......   #配置文件後面的內容省略
[root@registry lib]#

而後從新啓動docker，就正常啓動了：

[root@registry lib]# systemctl start docker
[root@registry lib]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAME

[root@registry lib]#

解決方法參考文檔：https://www.cnblogs.com/weifeng1463/p/9040892.html