From 6559cd416cf68bcfcdfbbc805280929b4141393b Mon Sep 17 00:00:00 2001
From: Geoff Levand <geoff@infradead.org>
Date: Wed, 28 Mar 2018 15:39:10 -0700
Subject: [PATCH] tests/docker.base/user-no-caps: Set SELinux to permissive
 mode

With the current SELinux policy the docker daemon does not have
access to the '/root' directory.  Set SELinux to permisive mode
so this test can run.

Fixes runtime errors like these:

  Error response from daemon: OCI runtime create failed: "mkdir /var/lib/docker/overlay2/.../merged/root: permission denied

Signed-off-by: Geoff Levand <geoff@infradead.org>
---
 kola/tests/docker/docker.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/kola/tests/docker/docker.go b/kola/tests/docker/docker.go
index 6200d37cc..259ec6027 100644
--- a/kola/tests/docker/docker.go
+++ b/kola/tests/docker/docker.go
@@ -435,6 +435,11 @@ func dockerUserNoCaps(c cluster.TestCluster) {
 
 	genDockerContainer(c, m, "captest", []string{"capsh", "sh", "grep", "cat", "ls"})
 
+	// With the current SELinux policy the docker daemon does not have
+	// access to the '/root' directory.  Set SELinux to permisive mode
+	// so this test can run.
+	c.MustSSH(m, "sudo setenforce 0")
+
 	output := c.MustSSH(m, `docker run --user 1000:1000 \
 		-v /root:/root \
 		captest sh -c \