[BUG] Can not build image

[adrianovieira]

Description

I do can build using the docker build --no-cache -t myapp ./ command.

But docker-compose build does not work and I get the errors below:

[+] Building 0.4s (5/5) FINISHED                                                                                                                                                                                                                                                
 => [internal] load build definition from Dockerfile                                                                                                                                                                                                                       0.0s
 => => transferring dockerfile: 90B                                                                                                                                                                                                                                        0.0s
 => [internal] load .dockerignore                                                                                                                                                                                                                                          0.0s
 => => transferring context: 2B                                                                                                                                                                                                                                            0.0s
 => [internal] load metadata for docker.io/library/python:3.10                                                                                                                                                                                                             0.0s
 => CACHED [1/2] FROM docker.io/library/python:3.10                                                                                                                                                                                                                        0.0s
 => ERROR [2/2] RUN apt-get update    && apt-get install -y --no-install-recommends postgresql-client tzdata    && rm -rf /var/lib/apt/lists/*                                                                                                                             0.3s
------                                                                                                                                                                                                                                                                          
 > [2/2] RUN apt-get update    && apt-get install -y --no-install-recommends postgresql-client tzdata    && rm -rf /var/lib/apt/lists/*:
#0 0.242 Reading package lists...
#0 0.257 E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
------

Steps To Reproduce

1. create the Dockerfile:

   FROM python:3.10
   
   RUN apt-get update \
       && apt-get install -y --no-install-recommends postgresql-client tzdata \    
       && rm -rf /var/lib/apt/lists/*

2. create the docker-compose.yml:

   ---
   version: '3'
   services:
     myapp:
       image: myapp
       build:
         context: ./
         dockerfile: Dockerfile
   

3. run docker build --no-cache -t myapp ./: works like a charm

4. run docker-compose build: but it does not work - neither trying it after the docker build ... command above

Compose Version

- docker-compose version:

Docker Compose version v2.14.2

Docker Environment

Client:
 Context:    default
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 12
 Server Version: 20.10.21
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: journald
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: /usr/libexec/docker/docker-init
 containerd version: 9ba4b250366a5ddde94bb7c9d1def331423aa323
 runc version: v1.1.4-0-g5fd4c4d
 init version: 
 Security Options:
  seccomp
   Profile: default
  selinux
  cgroupns
 Kernel Version: 6.0.15-300.fc37.x86_64
 Operating System: Fedora Linux 37 (Workstation Edition)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 15.29GiB
 Name: nb-nwe7470.myhome
 ID: JBX5:SKXW:U2IW:SNMH:3BQG:KG4X:253L:CAFF:B527:3GT7:AX2O:MCCI
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8

Anything else?

No response

[ndeloof]

I'm not able to reproduce this error, docker compose build is able to build your Dockerfile Can you please confirm you can build with buildkit? run docker buildx build .

[adrianovieira]

docker buildx build

$ docker buildx build
docker: 'buildx' is not a docker command.

[ndeloof]

Seems you don't have a correct docker installation (missing buildx plugin) how did you installed?

[adrianovieira]

On Fedora there is the moby-engine package, dnf install ...:

moby-engine-20.10.21-1.fc37.x86_64
docker-compose-plugin-2.14.1-3.fc37.x86_64

and

curl -SL https://github.com/docker/compose/releases/download/v2.14.2/docker-compose-linux-x86_64 \
         -o /usr/local/bin/docker-compose

[ndeloof]

ok, so that's not the official docker installation package (https://docs.docker.com/engine/install/fedora/) and your docker cli is still using the "classic" builder. You can force compose to do the same by setting DOCKER_BUIKDKIT=0 environment variable

[adrianovieira]

ok, so that's not the official docker installation package (https://docs.docker.com/engine/install/fedora/) and your docker cli is still using the "classic" builder. You can force compose to do the same by setting DOCKER_BUIKDKIT=0 environment variable

Yes! The DOCKER_BUILDKIT=0 workaround solved the issue.

Thank you.

[ndeloof]

Closing as "Can't reproduce"

[adrianovieira]

Please, let me share some information for those who are using moby-engine + docker-compose-2.14 as I am.

vagrant init -m fedora/37-cloud-base
vagrant up
vagrant ssh -c "sudo dnf install -y moby-engine"
vagrant ssh -c "sudo systemctl start docker"
vagrant ssh -c "sudo curl -SL https://github.com/docker/compose/releases/download/v2.14.2/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose"
vagrant ssh -c "sudo chmod +x /usr/local/bin/docker-compose"
vagrant ssh -c "sudo docker version"
vagrant ssh -c "docker-compose version"
vagrant ssh -c 'sudo echo -e "FROM python:3.10\nRUN apt-get update && apt-get install -y --no-install-recommends postgresql-client tzdata && rm -rf /var/lib/apt/lists/*\n" > Dockerfile'
vagrant ssh -c 'sudo echo -e "version: \"3\"\nservices:\n  myapp:\n    image: myapp\n    build:\n      context: ./\n      dockerfile: Dockerfile" > docker-compose.yml'

# And now lets build the image
## this docker-compose will not work
vagrant ssh -c "sudo docker-compose build"

## the DOCKER_BUILDKIT=0 workaround allow it to build the image
vagrant ssh -c "sudo DOCKER_BUILDKIT=0 docker-compose build"

Have fun

[ndeloof]

thanks, will try to reproduce

[ndeloof]

I ran suggested vagrant VM and was able to reproduce this bug Then installed buildx (https://github.com/docker/buildx/releases/tag/v0.9.1) .. and same error applies:

$ sudo buildx build .
[+] Building 2.3s (5/5) FINISHED                                                                                    
 => [internal] load build definition from Dockerfile                                                           0.2s
 => => transferring dockerfile: 237B                                                                           0.0s
 => [internal] load .dockerignore                                                                              0.3s
 => => transferring context: 2B                                                                                0.0s
 => [internal] load metadata for docker.io/library/python:3.10                                                 0.7s
 => CACHED [1/2] FROM docker.io/library/python:3.10@sha256:b4b8149f2ff93c993d9b752dd4298493975e341a6b542a33cd  0.0s
 => ERROR [2/2] RUN apt-get update && apt-get install -y --no-install-recommends postgresql-client tzdata &&   1.2s
------
 > [2/2] RUN apt-get update && apt-get install -y --no-install-recommends postgresql-client tzdata && rm -rf /var/lib/apt/lists/*:
#0 1.109 exec /bin/sh: permission denied

I wonder moby-engine comes with a well configured buildkit daemon. This should be reported to buildx maintainers

[ndeloof]

@crazy-max is this a know issue with Fedora ?

[LinusCDE]

Can confirm the issue. Using selinux on Fedora Linux 36. Just updated and rebooted to use latest moby-engine 20.10.12-3.fc3 (which provides docker).

Using a simple build based on debian:bookworm which uses some basic shell commands which all fail since it can't even execute the shell (/bin/sh). The same file runs fine with docker-compose build.

This is most definitely some selinux specific problem. Running sudo setenforce 0 fixes the issue. So a temporary workaround seems to run that during the build-phase and change it back to 1 afterwards.

I think I was using docker-compose 2.6.0 or 2.9.0. I updated to 2.15.0 which had the same issue.

I'm not sure if I built some images when last updating docker-compose a while back. I suspect this might be an issue caused by a never version of docker or some other fedora packages related to selinux (not docker-compose itself). Maybe some rule fixed it for docker specifically but not for docker-compose.

docker-compose build --no-cache while selinux is enforcing

``` $ docker-compose build --no-cache | cat #1 [internal] load build definition from Dockerfile #1 transferring dockerfile: 91B done #1 DONE 0.1s #2 [internal] load .dockerignore #2 transferring context: 2B done #2 DONE 0.1s #3 [internal] load metadata for docker.io/library/debian:bookworm #3 DONE 0.0s #4 [builder 1/10] FROM docker.io/library/debian:bookworm #4 CACHED #5 [internal] load build context #5 transferring context: 230B done #5 DONE 0.2s #6 [stage-1 2/9] RUN echo runner #6 ... #7 https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar #7 CACHED #8 [builder 2/10] RUN mkdir -p /opt #8 ... #6 [stage-1 2/9] RUN echo runner #6 0.759 exec /bin/sh: permission denied #6 ERROR: executor failed running [/bin/sh -c echo runner]: exit code: 1 #8 [builder 2/10] RUN mkdir -p /opt #8 1.019 exec /bin/sh: permission denied #8 CANCELED ------ > [stage-1 2/9] RUN echo runner: #6 0.759 exec /bin/sh: permission denied ------ failed to solve: executor failed running [/bin/sh -c echo runner]: exit code: 1 ```

Some output from selinux in systemd journal which might point to the error

``` Jan 16 14:54:31 kurikara setroubleshoot[97571]: SELinux is preventing runc:[2:INIT] from entrypoint access on the file /usr/bin/dash. For complete SELinux messages run: sealert -l 1764b3e2-948b-4d98-b10c-0e3542450c05 Jan 16 14:54:31 kurikara setroubleshoot[97571]: SELinux is preventing runc:[2:INIT] from entrypoint access on the file /usr/bin/dash. ***** Plugin restorecon (54.2 confidence) suggests ************************ If you want to fix the label. /usr/bin/dash default label should be shell_exec_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /usr/bin/dash ***** Plugin file (16.6 confidence) suggests ****************************** This is caused by a newly created file system. Then you need to add labels to it. Do /sbin/restorecon -R -v /usr/bin/dash ***** Plugin file (16.6 confidence) suggests ****************************** If you think this is caused by a badly mislabeled machine. Then you need to fully relabel. Do touch /.autorelabel; reboot ***** Plugin catchall_labels (3.18 confidence) suggests ******************* If you want to allow runc:[2:INIT] to have entrypoint access on the dash file Then you need to change the label on /usr/bin/dash Do # semanage fcontext -a -t FILE_TYPE '/usr/bin/dash' where FILE_TYPE is one of the following: NetworkManager_dispatcher_chronyc_script_t, NetworkManager_dispatcher_cloud_script_t, NetworkManager_dispatcher_console_script_t, NetworkManager_dispatcher_ddclient_script_t, NetworkManager_dispatcher_dhclient_script_t, NetworkManager_dispatcher_dnssec_script_t, NetworkManager_dispatcher_exec_t, NetworkManager_dispatcher_iscsid_script_t, NetworkManager_dispatcher_script_t, NetworkManager_dispatcher_sendmail_script_t, NetworkManager_dispatcher_tlp_script_t, NetworkManager_dispatcher_winbind_script_t, NetworkManager_exec_t, NetworkManager_initrc_exec_t, NetworkManager_priv_helper_exec_t, abrt_dump_oops_exec_t, abrt_exec_t, abrt_handle_event_exec_t, abrt_helper_exec_t, abrt_initrc_exec_t, abrt_retrace_coredump_exec_t, abrt_retrace_worker_exec_t, abrt_upload_watch_exec_t, abrt_watch_log_exec_t, accountsd_exec_t, acct_exec_t, acct_initrc_exec_t, admin_home_t, admin_passwd_exec_t, afs_bosserver_exec_t, afs_exec_t, afs_fsserver_exec_t, afs_initrc_exec_t, afs_kaserver_exec_t, afs_ptserver_exec_t, afs_vlserver_exec_t, aiccu_exec_t, aiccu_initrc_exec_t, aide_exec_t, ajaxterm_exec_t, ajaxterm_initrc_exec_t, alsa_exec_t, amanda_exec_t, amanda_inetd_exec_t, amanda_recover_exec_t, amtu_exec_t, amtu_initrc_exec_t, anaconda_exec_t, anacron_exec_t, anon_inodefs_t, antivirus_exec_t, antivirus_initrc_exec_t, apcupsd_cgi_script_exec_t, apcupsd_exec_t, apcupsd_initrc_exec_t, apm_exec_t, apmd_exec_t, apmd_initrc_exec_t, arpwatch_exec_t, arpwatch_initrc_exec_t, asterisk_exec_t, asterisk_initrc_exec_t, audisp_exec_t, audisp_remote_exec_t, audit_spool_t, auditctl_exec_t, auditd_exec_t, auditd_initrc_exec_t, auditd_log_t, authconfig_exec_t, autofs_t, automount_exec_t, automount_initrc_exec_t, automount_tmp_t, avahi_exec_t, avahi_initrc_exec_t, awstats_exec_t, awstats_script_exec_t, bacula_admin_exec_t, bacula_exec_t, bacula_initrc_exec_t, bacula_store_t, bacula_unconfined_script_exec_t, bcfg2_exec_t, bcfg2_initrc_exec_t, bin_t, binfmt_misc_fs_t, bitlbee_exec_t, bitlbee_initrc_exec_t, blkmapd_exec_t, blkmapd_initrc_exec_t, blktap_exec_t, blueman_exec_t, bluetooth_exec_t, bluetooth_helper_exec_t, bluetooth_initrc_exec_t, bluetooth_var_lib_t, boinc_exec_t, boinc_initrc_exec_t, boinc_var_lib_t, boltd_exec_t, boot_t, bootloader_exec_t, bpf_t, brctl_exec_t, brltty_exec_t, bugzilla_script_exec_t, bumblebee_exec_t, cachefilesd_exec_t, calamaris_exec_t, callweaver_exec_t, callweaver_initrc_exec_t, canna_exec_t, canna_initrc_exec_t, capifs_t, cardctl_exec_t, cardmgr_exec_t, ccs_exec_t, ccs_initrc_exec_t, cdcc_exec_t, cdrecord_exec_t, certmaster_exec_t, certmaster_initrc_exec_t, certmonger_exec_t, certmonger_initrc_exec_t, certmonger_unconfined_exec_t, certwatch_exec_t, cfengine_execd_exec_t, cfengine_initrc_exec_t, cfengine_monitord_exec_t, cfengine_serverd_exec_t, cgclear_exec_t, cgconfig_exec_t, cgconfig_initrc_exec_t, cgred_exec_t, cgred_initrc_exec_t, cgroup_t, checkpc_exec_t, checkpolicy_exec_t, chfn_exec_t, chkpwd_exec_t, chrome_sandbox_exec_t, chrome_sandbox_nacl_exec_t, chronyc_exec_t, chronyd_exec_t, chronyd_initrc_exec_t, chroot_exec_t, cifs_t, cinder_api_exec_t, cinder_backup_exec_t, cinder_scheduler_exec_t, cinder_volume_exec_t, ciped_exec_t, ciped_initrc_exec_t, clogd_exec_t, cloud_init_exec_t, cluster_exec_t, cluster_initrc_exec_t, clvmd_exec_t, clvmd_initrc_exec_t, cmirrord_exec_t, cmirrord_initrc_exec_t, cobblerd_exec_t, cobblerd_initrc_exec_t, cockpit_session_exec_t, cockpit_ws_exec_t, collectd_exec_t, collectd_initrc_exec_t, collectd_script_exec_t, colord_exec_t, comsat_exec_t, condor_collector_exec_t, condor_initrc_exec_t, condor_master_exec_t, condor_negotiator_exec_t, condor_procd_exec_t, condor_schedd_exec_t, condor_startd_exec_t, conman_exec_t, conman_unconfined_script_exec_t, conmon_exec_t, conntrackd_exec_t, conntrackd_initrc_exec_t, consolehelper_exec_t, consolekit_exec_t, container_auth_exec_t, container_file_t, container_ro_file_t, container_runtime_exec_t, container_var_lib_t, couchdb_exec_t, couchdb_initrc_exec_t, courier_authdaemon_exec_ t, courier_exec_t, courier_pcp_exec_t, courier_pop_exec_t, courier_sqwebmail_exec_t, courier_tcpd_exec_t, cpucontrol_exec_t, cpufreqselector_exec_t, cpuplug_exec_t, cpuplug_initrc_exec_t, cpuspeed_exec_t, crack_exec_t, crond_exec_t, crond_initrc_exec_t, crontab_exec_t, ctdbd_exec_t, ctdbd_initrc_exec_t, cups_brf_exec_t, cups_pdf_exec_t, cupsd_config_exec_t, cupsd_exec_t, cupsd_initrc_exec_t, cupsd_lpd_exec_t, cvs_exec_t, cvs_initrc_exec_t, cvs_script_exec_t, cyphesis_exec_t, cyphesis_initrc_exec_t, cyrus_exec_t, cyrus_initrc_exec_t, dbskkd_exec_t, dbusd_exec_t, dcc_client_exec_t, dcc_dbclean_exec_t, dccd_exec_t, dccifd_exec_t, dccm_exec_t, dcerpcd_exec_t, ddclient_exec_t, ddclient_initrc_exec_t, debugfs_t, debuginfo_exec_t, default_t, deltacloudd_exec_t, denyhosts_exec_t, denyhosts_initrc_exec_t, device_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, devpts_t, dhcpc_exec_t, dhcpc_helper_exec_t, dhcpd_exec_t, dhcpd_initrc_exec_t, dictd_exec_t, dictd_initrc_exec_t, dirsrv_exec_t, dirsrv_snmp_exec_t, dirsrvadmin_exec_t, dirsrvadmin_script_exec_t, dirsrvadmin_unconfined_script_exec_t, disk_munin_plugin_exec_t, dkim_milter_exec_t, dlm_controld_exec_t, dlm_controld_initrc_exec_t, dmesg_exec_t, dmidecode_exec_t, dnsmasq_exec_t, dnsmasq_initrc_exec_t, dnssec_t, dnssec_trigger_exec_t, dosfs_t, dovecot_auth_exec_t, dovecot_deliver_exec_t, dovecot_exec_t, dovecot_initrc_exec_t, drbd_exec_t, drbd_initrc_exec_t, dspam_exec_t, dspam_initrc_exec_t, dspam_script_exec_t, ecryptfs_t, efivarfs_t, entropyd_exec_t, entropyd_initrc_exec_t, eventlogd_exec_t, evtchnd_exec_t, exim_exec_t, exim_initrc_exec_t, fail2ban_client_exec_t, fail2ban_exec_t, fail2ban_initrc_exec_t, fcoemon_exec_t, fcoemon_initrc_exec_t, fedoratp_exec_t, fenced_exec_t, fetchmail_exec_t, fetchmail_initrc_exec_t, fingerd_exec_t, firewalld_exec_t, firewalld_initrc_exec_t, firewallgui_exec_t, firstboot_exec_t, flatpak_helper_exec_t, foghorn_exec_t, foghorn_initrc_exec_t, fprintd_exec_t, freeipmi_bmc_watchdog_exec_t, freeipmi_ipmidetectd_exec_t, freeipmi_ipmiseld_exec_t, freqset_exec_t, fsadm_exec_t, fsdaemon_exec_t, fsdaemon_initrc_exec_t, ftpd_exec_t, ftpd_initrc_exec_t, ftpdctl_exec_t, fusefs_t, fusermount_exec_t, fwupd_exec_t, fwupd_var_lib_t, games_exec_t, gconfd_exec_t, gconfdefaultsm_exec_t, gdomap_exec_t, gdomap_initrc_exec_t, geoclue_exec_t, getty_exec_t, gfs_controld_exec_t, git_script_exec_t, gitd_exec_t, gitosis_exec_t, gkeyringd_exec_t, glance_api_exec_t, glance_api_initrc_exec_t, glance_registry_exec_t, glance_registry_initrc_exec_t, glance_scrubber_exec_t, glance_scrubber_initrc_exec_t, glusterd_exec_t, glusterd_initrc_exec_t, gnome_atspi_exec_t, gnomesystemmm_exec_t, gpg_agent_exec_t, gpg_exec_t, gpg_helper_exec_t, gpm_exec_t, gpm_initrc_exec_t, gpsd_exec_t, gpsd_initrc_exec_t, greylist_milter_exec_t, groupadd_exec_t, groupd_exec_t, gssd_exec_t, gssproxy_exec_t, haproxy_exec_t, hddtemp_exec_t, hddtemp_initrc_exec_t, home_root_t, hostapd_exec_t, hostname_exec_t, hsqldb_exec_t, httpd_exec_t, httpd_helper_exec_t, httpd_initrc_exec_t, httpd_passwd_exec_t, httpd_php_exec_t, httpd_rotatelogs_exec_t, httpd_suexec_exec_t, httpd_sys_content_t, httpd_sys_script_exec_t, httpd_unconfined_script_exec_t, httpd_user_script_exec_t, httpd_var_run_t, hugetlbfs_t, hwclock_exec_t, hwloc_dhwd_exec_t, hypervkvp_exec_t, hypervkvp_initrc_exec_t, hypervvssd_exec_t, ibacm_exec_t, iceauth_exec_t, icecast_exec_t, icecast_initrc_exec_t, ifconfig_exec_t, ifconfig_var_run_t, inetd_child_exec_t, inetd_exec_t, init_exec_t, initrc_exec_t, initrc_tmp_t, innd_exec_t, innd_initrc_exec_t, insights_client_exec_t, install_exec_t, iodined_exec_t, iodined_initrc_exec_t, iotop_exec_t, ipa_custodia_dmldap_exec_t, ipa_custodia_exec_t, ipa_custodia_pki_tomcat_exec_t, ipa_custodia_ra_agent_exec_t, ipa_dnskey_exec_t, ipa_helper_exec_t, ipa_ods_exporter_exec_t, ipa_otpd_exec_t, ipmievd_exec_t, ipmievd_helper_exec_t, ipsec_exec_t, ipsec_initrc_exec_t, ipsec_mgmt_exec_t, iptables_exec_t, iptables_initrc_exec_t, irc_exec_t, irqbalance_exec_t, irqbalance_initrc_exec_t, irssi_exec_t, iscsid_ exec_t, isnsd_exec_t, isnsd_initrc_exec_t, iso9660_t, iwhd_exec_t, iwhd_initrc_exec_t, jabberd_exec_t, jabberd_initrc_exec_t, jabberd_router_exec_t, jetty_exec_t, jockey_exec_t, journalctl_exec_t, kadmind_exec_t, kdump_exec_t, kdump_initrc_exec_t, kdumpctl_exec_t, kdumpgui_exec_t, keepalived_exec_t, keepalived_unconfined_script_exec_t, kerberos_initrc_exec_t, keyboardd_exec_t, keystone_cgi_script_exec_t, keystone_exec_t, keystone_initrc_exec_t, kismet_exec_t, kismet_initrc_exec_t, klogd_exec_t, kmod_exec_t, kmscon_exec_t, kpatch_exec_t, kpropd_exec_t, krb5kdc_exec_t, ksm_exec_t, ksmtuned_exec_t, ksmtuned_initrc_exec_t, ktalkd_exec_t, kubelet_exec_t, l2tpd_exec_t, l2tpd_initrc_exec_t, ldconfig_exec_t, likewise_initrc_exec_t, lircd_exec_t, lircd_initrc_exec_t, livecd_exec_t, lldpad_exec_t, lldpad_initrc_exec_t, load_policy_exec_t, loadkeys_exec_t, locate_exec_t, lockdev_exec_t, login_exec_t, logrotate_exec_t, logwatch_exec_t, lpd_exec_t, lpr_exec_t, lsassd_exec_t, lsmd_exec_t, lsmd_plugin_exec_t, lttng_sessiond_exec_t, lvm_exec_t, lwiod_exec_t, lwregd_exec_t, lwsmd_exec_t, mail_munin_plugin_exec_t, mail_spool_t, mailman_cgi_exec_t, mailman_mail_exec_t, mailman_queue_exec_t, man2html_script_exec_t, mandb_exec_t, mcelog_exec_t, mcelog_initrc_exec_t, mdadm_exec_t, mdadm_initrc_exec_t, mediawiki_script_exec_t, memcached_exec_t, memcached_initrc_exec_t, mencoder_exec_t, minidlna_exec_t, minidlna_initrc_exec_t, minissdpd_exec_t, minissdpd_initrc_exec_t, mip6d_exec_t, mirrormanager_exec_t, mnt_t, mock_build_exec_t, mock_exec_t, mock_tmp_t, mock_var_lib_t, modemmanager_exec_t, mojomojo_script_exec_t, mon_procd_exec_t, mon_statd_exec_t, mon_statd_initrc_exec_t, mongod_exec_t, mongod_initrc_exec_t, motion_exec_t, mount_ecryptfs_exec_t, mount_exec_t, mozilla_exec_t, mozilla_plugin_config_exec_t, mozilla_plugin_exec_t, mpd_exec_t, mpd_initrc_exec_t, mplayer_exec_t, mqueue_spool_t, mrtg_exec_t, mrtg_initrc_exec_t, mscan_exec_t, mscan_initrc_exec_t, mtrr_device_t, munin_exec_t, munin_initrc_exec_t, munin_script_exec_t, mysqld_exec_t, mysqld_initrc_exec_t, mysqld_safe_exec_t, mysqlmanagerd_exec_t, mysqlmanagerd_initrc_exec_t, mythtv_script_exec_t, naemon_exec_t, naemon_initrc_exec_t, nagios_admin_plugin_exec_t, nagios_checkdisk_plugin_exec_t, nagios_eventhandler_plugin_exec_t, nagios_exec_t, nagios_initrc_exec_t, nagios_mail_plugin_exec_t, nagios_openshift_plugin_exec_t, nagios_script_exec_t, nagios_services_plugin_exec_t, nagios_system_plugin_exec_t, nagios_unconfined_plugin_exec_t, named_checkconf_exec_t, named_conf_t, named_exec_t, named_initrc_exec_t, namespace_init_exec_t, ncftool_exec_t, ndc_exec_t, netlabel_mgmt_exec_t, netlogond_exec_t, netutils_exec_t, neutron_exec_t, neutron_initrc_exec_t, newrole_exec_t, news_spool_t, nfs_t, nfsd_exec_t, nfsd_fs_t, nfsd_initrc_exec_t, ninfod_exec_t, nis_initrc_exec_t, nmbd_exec_t, nova_exec_t, nrpe_exec_t, nscd_exec_t, nscd_initrc_exec_t, nsd_exec_t, nslcd_exec_t, nslcd_initrc_exec_t, ntop_exec_t, ntop_initrc_exec_t, ntpd_exec_t, ntpd_initrc_exec_t, ntpdate_exec_t, numad_exec_t, nut_upsd_exec_t, nut_upsdrvctl_exec_t, nut_upsmon_exec_t, nutups_cgi_script_exec_t, nx_server_exec_t, obex_exec_t, oddjob_exec_t, oddjob_mkhomedir_exec_t, onload_fs_t, opafm_exec_t, openct_exec_t, openct_initrc_exec_t, opendnssec_exec_t, openfortivpn_exec_t, openhpid_exec_t, openhpid_initrc_exec_t, openshift_app_tmp_t, openshift_cgroup_read_exec_t, openshift_cron_exec_t, openshift_initrc_exec_t, openshift_net_read_exec_t, openshift_script_exec_t, openshift_tmp_t, openshift_var_lib_t, opensm_exec_t, openvpn_exec_t, openvpn_initrc_exec_t, openvpn_unconfined_script_exec_t, openvswitch_exec_t, openwsman_exec_t, oracleasm_exec_t, oracleasm_initrc_exec_t, oracleasmfs_t, osad_exec_t, osad_initrc_exec_t, pads_exec_t, pads_initrc_exec_t, pam_console_exec_t, pam_timestamp_exec_t, passenger_exec_t, passwd_exec_t, pcp_plugin_exec_t, pcp_plugin_initrc_exec_t, pcp_pmcd_exec_t, pcp_pmcd_initrc_exec_t, pcp_pmie_exec_t, pcp_pmie_initrc_exec_t, pcp_pmlogger_exec_t, pcp_pmlogger_initrc_exec_t, pcp_pmproxy_exec_t, pcp_pmproxy_initrc_exec_ t, pcscd_exec_t, pcscd_initrc_exec_t, pdns_control_exec_t, pdns_exec_t, pegasus_exec_t, pegasus_openlmi_account_exec_t, pegasus_openlmi_admin_exec_t, pegasus_openlmi_logicalfile_exec_t, pegasus_openlmi_services_exec_t, pegasus_openlmi_storage_exec_t, pegasus_openlmi_system_exec_t, pegasus_openlmi_unconfined_exec_t, pesign_exec_t, phc2sys_exec_t, pinentry_exec_t, ping_exec_t, pingd_exec_t, pingd_initrc_exec_t, piranha_fos_exec_t, piranha_lvs_exec_t, piranha_pulse_exec_t, piranha_pulse_initrc_exec_t, piranha_web_exec_t, pkcs11proxyd_exec_t, pkcs_slotd_exec_t, pkcs_slotd_initrc_exec_t, pki_ra_exec_t, pki_ra_script_exec_t, pki_tomcat_exec_t, pki_tps_exec_t, pki_tps_script_exec_t, plymouth_exec_t, plymouthd_exec_t, podsleuth_exec_t, policykit_auth_exec_t, policykit_exec_t, policykit_grant_exec_t, policykit_resolve_exec_t, polipo_exec_t, polipo_initrc_exec_t, portmap_exec_t, portmap_helper_exec_t, portmap_initrc_exec_t, portreserve_exec_t, portreserve_initrc_exec_t, postfix_bounce_exec_t, postfix_cleanup_exec_t, postfix_exec_t, postfix_initrc_exec_t, postfix_local_exec_t, postfix_map_exec_t, postfix_master_exec_t, postfix_pickup_exec_t, postfix_pipe_exec_t, postfix_postdrop_exec_t, postfix_postdrop_t, postfix_postqueue_exec_t, postfix_qmgr_exec_t, postfix_showq_exec_t, postfix_smtp_exec_t, postfix_smtpd_exec_t, postfix_virtual_exec_t, postgresql_exec_t, postgresql_initrc_exec_t, postgrey_exec_t, postgrey_initrc_exec_t, pppd_exec_t, pppd_initrc_exec_t, pptp_exec_t, prelink_cron_system_exec_t, prelink_exec_t, prelude_audisp_exec_t, prelude_correlator_exec_t, prelude_exec_t, prelude_initrc_exec_t, prelude_lml_exec_t, preupgrade_exec_t, prewikka_script_exec_t, privoxy_exec_t, privoxy_initrc_exec_t, proc_t, proc_xen_t, procmail_exec_t, prosody_exec_t, psad_exec_t, psad_initrc_exec_t, pstore_t, ptal_exec_t, ptchown_exec_t, ptp4l_exec_t, public_content_rw_t, public_content_t, publicfile_exec_t, pulseaudio_exec_t, puppetagent_exec_t, puppetagent_initrc_exec_t, puppetca_exec_t, puppetmaster_exec_t, puppetmaster_initrc_exec_t, pwauth_exec_t, pyicqt_exec_t, qdiskd_exec_t, qemu_dm_exec_t, qemu_exec_t, qmail_clean_exec_t, qmail_inject_exec_t, qmail_local_exec_t, qmail_lspawn_exec_t, qmail_queue_exec_t, qmail_remote_exec_t, qmail_rspawn_exec_t, qmail_send_exec_t, qmail_smtpd_exec_t, qmail_splogger_exec_t, qmail_start_exec_t, qmail_tcp_env_exec_t, qpidd_exec_t, qpidd_initrc_exec_t, quota_exec_t, quota_nld_exec_t, rabbitmq_exec_t, rabbitmq_initrc_exec_t, racoon_exec_t, radiusd_exec_t, radiusd_initrc_exec_t, radvd_exec_t, radvd_initrc_exec_t, random_seed_t, rasdaemon_exec_t, rdisc_exec_t, readahead_exec_t, realmd_exec_t, redis_exec_t, redis_initrc_exec_t, regex_milter_exec_t, removable_t, restorecond_exec_t, rhev_agentd_exec_t, rhgb_exec_t, rhnsd_exec_t, rhnsd_initrc_exec_t, rhsmcertd_exec_t, rhsmcertd_initrc_exec_t, ricci_exec_t, ricci_initrc_exec_t, ricci_modcluster_exec_t, ricci_modclusterd_exec_t, ricci_modlog_exec_t, ricci_modrpm_exec_t, ricci_modservice_exec_t, ricci_modstorage_exec_t, rkt_exec_t, rlogind_exec_t, rngd_exec_t, rngd_initrc_exec_t, rolekit_exec_t, root_t, roundup_exec_t, roundup_initrc_exec_t, rpc_pipefs_t, rpcbind_exec_t, rpcbind_initrc_exec_t, rpcd_exec_t, rpcd_initrc_exec_t, rpm_exec_t, rpm_script_exec_t, rpmdb_exec_t, rrdcached_exec_t, rshd_exec_t, rssh_chroot_helper_exec_t, rssh_exec_t, rsync_exec_t, rtas_errd_exec_t, rtkit_daemon_exec_t, rtkit_daemon_initrc_exec_t, run_init_exec_t, rwho_exec_t, rwho_initrc_exec_t, samba_initrc_exec_t, samba_net_exec_t, samba_unconfined_script_exec_t, sambagui_exec_t, sandbox_exec_t, sanlk_resetd_exec_t, sanlock_exec_t, sanlock_initrc_exec_t, saslauthd_exec_t, saslauthd_initrc_exec_t, sbd_exec_t, sblim_gatherd_exec_t, sblim_initrc_exec_t, sblim_reposd_exec_t, sblim_sfcbd_exec_t, screen_exec_t, sectoolm_exec_t, security_t, selinux_munin_plugin_exec_t, semanage_exec_t, sendmail_exec_t, sendmail_initrc_exec_t, sensord_exec_t, sensord_initrc_exec_t, services_munin_plugin_exec_t, setfiles_exec_t, setkey_exec_t, setrans_exec_t, setrans_initrc_exec_t, setroubleshoot_fixit_exec_t, setroubleshootd_exec_t, setsebool_exec_t, seunshare_exec_t, sge_execd_exec_t, sge_job_exec_t, sge_shepherd_exec_t, shell_exec_t, shorewall_exec_t, shorewall_initrc_exec_t, shorewall_var_lib_t, showmount_exec_t, slapd_exec_t, slapd_initrc_exec_t, slpd_exec_t, slpd_initrc_exec_t, smbcontrol_exec_t, smbd_exec_t, smbmount_exec_t, smokeping_cgi_script_exec_t, smokeping_exec_t, smokeping_initrc_exec_t, smoltclient_exec_t, smsd_exec_t, smsd_initrc_exec_t, snapperd_exec_t, snmpd_exec_t, snmpd_initrc_exec_t, snort_exec_t, snort_initrc_exec_t, sosreport_exec_t, soundd_exec_t, soundd_initrc_exec_t, spamass_milter_exec_t, spamc_exec_t, spamd_exec_t, spamd_initrc_exec_t, spamd_update_exec_t, speech_dispatcher_exec_t, spufs_t, squid_cron_exec_t, squid_exec_t, squid_initrc_exec_t, squid_script_exec_t, src_t, srvsvcd_exec_t, ssh_agent_exec_t, ssh_exec_t, ssh_keygen_exec_t, ssh_keysign_exec_t, sshd_exec_t, sshd_initrc_exec_t, sshd_keygen_exec_t, sslh_exec_t, sslh_initrc_exec_t, sssd_exec_t, sssd_initrc_exec_t, sssd_selinux_manager_exec_t, stalld_exec_t, stapserver_exec_t, stratisd_exec_t, stunnel_exec_t, su_exec_t, sudo_exec_t, sulogin_exec_t, svc_multilog_exec_t, svc_run_exec_t, svc_start_exec_t, svnserve_exec_t, svnserve_initrc_exec_t, swat_exec_t, swift_exec_t, sysctl_fs_t, sysctl_t, sysfs_t, syslogd_exec_t, syslogd_initrc_exec_t, sysstat_exec_t, sysstat_initrc_exec_t, system_munin_plugin_exec_t, systemd_bootchart_exec_t, systemd_coredump_exec_t, systemd_gpt_generator_exec_t, systemd_hostnamed_exec_t, systemd_hwdb_exec_t, systemd_importd_exec_t, systemd_initctl_exec_t, systemd_journal_upload_exec_t, systemd_localed_exec_t, systemd_logger_exec_t, systemd_logind_exec_t, systemd_machined_exec_t, systemd_modules_load_exec_t, systemd_network_generator_exec_t, systemd_networkd_exec_t, systemd_networkd_var_run_t, systemd_notify_exec_t, systemd_passwd_agent_exec_t, systemd_resolved_exec_t, systemd_resolved_var_run_t, systemd_rfkill_exec_t, systemd_sleep_exec_t, systemd_socket_proxyd_exec_t, systemd_sysctl_exec_t, systemd_systemctl_exec_t, systemd_timedated_exec_t, systemd_tmpfiles_exec_t, systemd_userdbd_exec_t, sysv_t, tangd_exec_t, targetd_exec_t, tcpd_exec_t, tcsd_exec_t, tcsd_initrc_exec_t, telepathy_gabble_exec_t, telepathy_idle_exec_t, telepathy_logger_exec_t, telepathy_mission_control_exec_t, telepathy_msn_exec_t, telepathy_salut_exec_t, telepathy_sofiasip_exec_t, telepathy_stream_engine_exec_t, telepathy_sunshine_exec_t, telnetd_exec_t, tftpd_exec_t, tgtd_exec_t, tgtd_initrc_exec_t, thin_aeolus_configserver_exec_t, thin_exec_t, thumb_exec_t, timedatex_exec_t, timemaster_exec_t, tlp_exec_t, tmp_t, tmpfs_t, tmpreaper_exec_t, tomcat_exec_t, tor_exec_t, tor_initrc_exec_t, tor_var_lib_t, tor_var_log_t, tor_var_run_t, tracefs_t, traceroute_exec_t, tuned_exec_t, tuned_initrc_exec_t, tvtime_exec_t, udev_exec_t, udev_helper_exec_t, ulogd_exec_t, ulogd_initrc_exec_t, uml_exec_t, uml_switch_exec_t, unconfined_exec_t, unconfined_munin_plugin_exec_t, updfstab_exec_t, updpwd_exec_t, usbfs_t, usbmodules_exec_t, usbmuxd_exec_t, user_home_dir_t, user_home_t, user_tmp_t, useradd_exec_t, userhelper_exec_t, usernetctl_exec_t, usr_t, utempter_exec_t, uucpd_exec_t, uucpd_initrc_exec_t, uuidd_exec_t, uuidd_initrc_exec_t, uux_exec_t, var_lib_nfs_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_t, varnishd_exec_t, varnishd_initrc_exec_t, varnishlog_exec_t, varnishlog_initrc_exec_t, vdagent_exec_t, vdagentd_initrc_exec_t, vhostmd_exec_t, vhostmd_initrc_exec_t, virsh_exec_t, virt_bridgehelper_exec_t, virt_image_t, virt_qemu_ga_exec_t, virt_qemu_ga_unconfined_exec_t, virt_var_lib_t, virtd_exec_t, virtd_initrc_exec_t, virtd_lxc_exec_t, virtiofs_t, virtlogd_exec_t, virtlogd_initrc_exec_t, vlock_exec_t, vmblock_t, vmtools_exec_t, vmtools_helper_exec_t, vmtools_unconfined_exec_t, vmware_exec_t, vmware_host_exec_t, vnstat_exec_t, vnstatd_exec_t, vnstatd_initrc_exec_t, vnstatd_var_lib_t, vpnc_exec_t, w3c_validator_script_exec_t, watchdog_exec_t, watchdog_initrc_exec_t, watchdog_unconfined_exec_t, wdmd_exec_t, wdmd_initrc_exec_t, webalizer_exec_t, webalizer_script_ exec_t, winbind_exec_t, winbind_helper_exec_t, winbind_rpcd_exec_t, wine_exec_t, wireshark_exec_t, wpa_cli_exec_t, xauth_exec_t, xdm_exec_t, xdm_unconfined_exec_t, xenconsoled_exec_t, xend_exec_t, xend_var_lib_t, xend_var_run_t, xenfs_t, xenstored_exec_t, xenstored_var_lib_t, xserver_exec_t, xsession_exec_t, ypbind_exec_t, ypbind_initrc_exec_t, yppasswdd_exec_t, ypserv_exec_t, ypxfr_exec_t, zabbix_agent_exec_t, zabbix_agent_initrc_exec_t, zabbix_exec_t, zabbix_initrc_exec_t, zabbix_script_exec_t, zarafa_deliver_exec_t, zarafa_gateway_exec_t, zarafa_ical_exec_t, zarafa_indexer_exec_t, zarafa_monitor_exec_t, zarafa_server_exec_t, zarafa_spooler_exec_t, zebra_exec_t, zebra_initrc_exec_t, zoneminder_exec_t, zoneminder_initrc_exec_t, zoneminder_script_exec_t, zos_remote_exec_t. Then execute: restorecon -v '/usr/bin/dash' ***** Plugin catchall (1.03 confidence) suggests ************************** If you believe that runc:[2:INIT] should be allowed entrypoint access on the dash file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'runc:[2:INIT]' --raw | audit2allow -M my-runc2INIT # semodule -X 300 -i my-runc2INIT.pp ```

I already ran a suggested command (by selinux logs) which might have fixed one of the errors already: sudo setsebool -P domain_can_mmap_files 1

I also changed the shell to bash and env. Neither works which suggests that the build env for some reason isn't allowed by selinux to execute any executables at all.

Also changed the context of my docker-compose file to the same as docker (didn't solve it either):

$ ls -lahZ /usr/bin/docker
-rwxr-xr-x. 1 root root system_u:object_r:container_runtime_exec_t:s0 43M Dec 20 18:15 /usr/bin/docker
$ sudo chcon system_u:object_r:container_runtime_exec_t:s0 /usr/local/bin/docker-compose
$ ls -lahZ /usr/local/bin/docker-compose                        
-rwxr-xr-x. 1 root root system_u:object_r:container_runtime_exec_t:s0 43M Jan  5 10:13 /usr/local/bin/docker-compose

I hope this can help.