keycreate permission denied
问题描述
write /proc/self/attr/keycreate: permission denied具体报错:
kuberuntime_manager.go:758] createPodSandbox for pod "ecc-hostpath-provisioner-8jbhf_kube-system(b8050fd3-4ffe-11eb-a82e-c6090b53405b)" failed: rpc error: code = Unknown desc = failed to start sandbox container for pod "ecc-hostpath-provisioner-8jbhf": Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown解决办法
SELINUX未设置成disabled
# 将SELINUX设置成disabled
setenforce 0 # 临时生效
# 永久生效,但需重启,配合上述命令可以不用立即重启
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
# 查看SELinux状态
$ /usr/sbin/sestatus -v
SELinux status: disabled
$ getenforce
Disabled最后更新于