All docker users pull images from public repositories. When pulling such an image, it is necessary to mknod and chmod within the container image. The grsec options 'CONFIG_GRKERNSEC_CHROOT_MKNOD' and 'CONFIG_GRKERNSEC_CHROOT_CHMOD' are thus incompatible with all versions of docker. They *can* be compiled in if grsec's sysctl support 'CONFIG_GRKERNSEC_SYSCTL' is enabled, but in that case for docker to work the sysctls must be used to disable these features prior to running docker, ie. echo 0 >/proc/sys/kernel/grsecurity/chroot_deny_mknod echo 0 >/proc/sys/kernel/grsecurity/chroot_deny_chmod
Related docker bug @ https://github.com/docker/docker/issues/20303
Is this still valid? Seems like the upstream bug has seen some comments and got eventually closed.
No reply, closing.