mirror of
https://github.com/goharbor/harbor
synced 2024-09-20 12:15:31 +00:00
8ab45d439b
allow Harbor to run when dockerd is running with --selinux-enabled example AVC denials: type=AVC msg=audit(1488384855.681:154671): avc: denied { read } for pid=454 comm="registry" name="config.yml" dev="dm-8" ino=12583048 scontext=system_u:system_r:svirt_lxc_net_t:s0:c298,c958 tcontext=system_u:object_r:default_t:s0 tclass=file type=AVC msg=audit(1488384855.681:154671): avc: denied { open } for pid=454 comm="registry" path="/etc/registry/config.yml" dev="dm-8" ino=12583048 scontext=system_u:system_r:svirt_lxc_net_t:s0:c298,c958 tcontext=system_u:object_r:default_t:s0 tclass=file type=AVC msg=audit(1488384855.687:154672): avc: denied { append } for pid=350 comm=72733A6D61696E20513A526567 name="registry.log" dev="dm-5" ino=4315920 scontext=system_u:system_r:svirt_lxc_net_t:s0:c599,c800 tcontext=system_u:object_r:default_t:s0 tclass=file type=AVC msg=audit(1488384856.895:154702): avc: denied { remove_name } for pid=708 comm="mysqld" name="4691d4d62464.lower-test" dev="dm-12" ino=402656159 scontext=system_u:system_r:svirt_lxc_net_t:s0:c149,c797 tcontext=system_u:object_r:default_t:s0 tclass=dir type=AVC msg=audit(1488384856.926:154703): avc: denied { lock } for pid=708 comm="mysqld" path="/var/lib/mysql/ibdata1" dev="dm-12" ino=402656097 scontext=system_u:system_r:svirt_lxc_net_t:s0:c149,c797 tcontext=system_u:object_r:default_t:s0 tclass=file type=AVC msg=audit(1488384857.958:154736): avc: denied { open } for pid=924 comm="harbor_jobservi" path="/etc/jobservice/app.conf" dev="dm-8" ino=142 scontext=system_u:system_r:svirt_lxc_net_t:s0:c102,c158 tcontext=system_u:object_r:default_t:s0 tclass=file type=AVC msg=audit(1488384858.089:154737): avc: denied { read } for pid=1017 comm="nginx" name="nginx.conf" dev="dm-8" ino=4194445 scontext=system_u:system_r:svirt_lxc_net_t:s0:c847,c996 tcontext=system_u:object_r:default_t:s0 tclass=file type=AVC msg=audit(1488384858.089:154737): avc: denied { open } for pid=1017 comm="nginx" path="/etc/nginx/nginx.conf" dev="dm-8" ino=4194445 scontext=system_u:system_r:svirt_lxc_net_t:s0:c847,c996 tcontext=system_u:object_r:default_t:s0 tclass=file
96 lines
2.2 KiB
Smarty
96 lines
2.2 KiB
Smarty
version: '2'
|
|
services:
|
|
log:
|
|
image: vmware/harbor-log
|
|
container_name: harbor-log
|
|
restart: always
|
|
volumes:
|
|
- /var/log/harbor/:/var/log/docker/:z
|
|
ports:
|
|
- 1514:514
|
|
registry:
|
|
image: library/registry:2.5.0
|
|
container_name: registry
|
|
restart: always
|
|
volumes:
|
|
- /data/registry:/storage:z
|
|
- ./common/config/registry/:/etc/registry/:z
|
|
environment:
|
|
- GODEBUG=netdns=cgo
|
|
command:
|
|
["serve", "/etc/registry/config.yml"]
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "registry"
|
|
mysql:
|
|
image: vmware/harbor-db
|
|
container_name: harbor-db
|
|
restart: always
|
|
volumes:
|
|
- /data/database:/var/lib/mysql:z
|
|
env_file:
|
|
- ./common/config/db/env
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "mysql"
|
|
ui:
|
|
image: vmware/harbor-ui
|
|
container_name: harbor-ui
|
|
env_file:
|
|
- ./common/config/ui/env
|
|
restart: always
|
|
volumes:
|
|
- ./common/config/ui/app.conf:/etc/ui/app.conf:z
|
|
- ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
|
|
- /data:/harbor_storage:z
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "ui"
|
|
jobservice:
|
|
image: vmware/harbor-jobservice
|
|
container_name: harbor-jobservice
|
|
env_file:
|
|
- ./common/config/jobservice/env
|
|
restart: always
|
|
volumes:
|
|
- /data/job_logs:/var/log/jobs:z
|
|
- ./common/config/jobservice/app.conf:/etc/jobservice/app.conf:z
|
|
depends_on:
|
|
- ui
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "jobservice"
|
|
proxy:
|
|
image: nginx:1.11.5
|
|
container_name: nginx
|
|
restart: always
|
|
volumes:
|
|
- ./common/config/nginx:/etc/nginx:z
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
depends_on:
|
|
- mysql
|
|
- registry
|
|
- ui
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "proxy"
|