Grafana 5.4.2 on docker 17.06.2-ee-16 / RHEL 7.6 : selinux need to be disabled for container to start

Grafana
1

Hello,

Grafana version : 5.4.2 from docker hub
Docker version : 17.06.2-ee-16
OS version : RHEL 7.6

the following compose file is used (safely ignore the prometheus part)

version: ‘3.3’
services:
prometheus:
container_name: “prometheus”
image: “/prometheus:latest”
ports:
- “81:9090”
volumes:
- “prometheus-data:/prometheus”
- “/srv/prom-graf/prometheus-dynamic:/prometheus/dynamic_conf:Z”
- “/srv/prom-graf/prometheus.yml:/etc/prometheus/prometheus.yml:Z”
grafana:

container_name: "grafana"
image: "<redacted>/grafana:latest"
ports: 
  - "80:3000"
volumes:
  - "grafana-data:/var/lib/grafana"
  - "/srv/prom-graf/grafana/provisioning:/tmp/provisioning:Z"
environment: 
  - GF_DEFAULT_INSTANCE_NAME=<redacted>
  - GF_SECURITY_ADMIN_USER=admin
  - GF_SECURITY_ADMIN_PASSWORD=<redacted>
  - GF_SECURITY_DISABLE_GRAVATAR=true
  - GF_ANALYTICS_REPORTING_ENABLED=false
  - GF_PATHS_PROVISIONING=/tmp/provisioning

volumes:
prometheus-data:
grafana-data:

Docker info:

Containers: 2
Running: 2
Paused: 0
Stopped: 0
Images: 2
Server Version: 17.06.2-ee-16
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: journald
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 6e23458c129b551d5c9871e5174f6b1b7f6d1170
runc version: 462c82662200a17ee39e74692f536067a3576a50
init version: 949e6fa
Security Options:
seccomp
Profile: default
selinux
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.6
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.701GiB
Name:
ID:
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false

The following error occur when the container is started with selinux enforcing:

grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Starting Grafana” logger=server version=5.4.2 commit=d812109 branch=HEAD compiled=2018-12-13T12:49:23+0000
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config loaded from” logger=settings file=/usr/share/grafana/conf/defaults.ini
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config loaded from” logger=settings file=/etc/grafana/grafana.ini
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from command line” logger=settings arg=“default.paths.data=/var/lib/grafana”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from command line” logger=settings arg=“default.paths.logs=/var/log/grafana”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from command line” logger=settings arg=“default.paths.plugins=/var/lib/grafana/plugins”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from command line” logger=settings arg=“default.paths.provisioning=/tmp/provisioning”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from command line” logger=settings arg=“default.log.mode=console”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from Environment variable” logger=settings var=“GF_DEFAULT_INSTANCE_NAME=ToIPManager”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from Environment variable” logger=settings var=“GF_PATHS_DATA=/var/lib/grafana”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from Environment variable” logger=settings var=“GF_PATHS_LOGS=/var/log/grafana”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from Environment variable” logger=settings var=“GF_PATHS_PLUGINS=/var/lib/grafana/plugins”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from Environment variable” logger=settings var=“GF_PATHS_PROVISIONING=/tmp/provisioning”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from Environment variable” logger=settings var=“GF_ANALYTICS_REPORTING_ENABLED=false”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from Environment variable” logger=settings var=“GF_SECURITY_ADMIN_USER=admin”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from Environment variable” logger=settings var=“GF_SECURITY_ADMIN_PASSWORD=*********”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Config overridden from Environment variable” logger=settings var=“GF_SECURITY_DISABLE_GRAVATAR=true”
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Path Home” logger=settings path=/usr/share/grafana
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Path Data” logger=settings path=/var/lib/grafana
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Path Logs” logger=settings path=/var/log/grafana
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Path Plugins” logger=settings path=/var/lib/grafana/plugins
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Path Provisioning” logger=settings path=/tmp/provisioning
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“App mode production” logger=settings
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Initializing HTTPServer” logger=server
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Initializing SqlStore” logger=server
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Connecting to DB” logger=sqlstore dbtype=sqlite3
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Starting DB migration” logger=migrator
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Initializing SearchService” logger=server
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Initializing RenderingService” logger=server
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Initializing AlertingService” logger=server
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Initializing DatasourceCacheService” logger=server
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Initializing HooksService” logger=server
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Initializing InternalMetricsService” logger=server
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Initializing CleanUpService” logger=server
grafana | t=2019-01-03T14:51:30+0000 lvl=info msg=“Initializing NotificationService” logger=server
grafana | t=2019-01-03T14:51:30+0000 lvl=eror msg=“Server shutdown” logger=server reason=“Service init failed: html/template: pattern matches no files: /usr/share/grafana/public/emails/*.html

This error does not appear if selinux is in permissive mode.
Note that /usr/share/grafana is NOT a volume.

2

Hi, Did you resolve it ? I am facing the same issue

3

just a simple txt file in that folder :slight_smile: