Docker fails to start containers when SELinux labeling is enabled but the kernel lacks overlay2/overlayfs support. Use fuse-overlayfs or a compatible driver, or upgrade to a kernel that supports SELinux with overlay2.
Docker throws this error when it tries to initialize the overlay2 storage driver while SELinux enforcement is on, but the running kernel doesn't support overlayfs with SELinux labeling. To avoid unlabeled writes and permission denials, dockerd refuses to run overlay2 and exits early. This is common on older RHEL/CentOS kernels or when forcing overlay2 in rootless mode on SELinux systems. The fix is to use a storage driver that works with SELinux on your kernel (fuse-overlayfs or overlay), or upgrade to a kernel and policy set that supports overlay2 with SELinux.
Check whether SELinux is enforcing and what driver Docker is trying to use. If dockerd isn't running, look at recent logs.
getenforce
uname -r
sudo docker info --format 'Driver: {{.Driver}}' || true
sudo journalctl -u docker --no-pager | tail -20If SELinux is Enforcing and the logs show the overlay2/SELinux error, continue below.
fuse-overlayfs supports SELinux labeling on kernels that lack native overlayfs + SELinux. Install the package and configure Docker to use it.
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<'EOF'
{
"storage-driver": "fuse-overlayfs",
"selinux-enabled": true
}
EOF
sudo systemctl restart docker
# For rootless: systemctl --user restart dockerAfter restart, 'docker info' should show 'fuse-overlayfs' as the storage driver.
If you want native overlay2, upgrade to a kernel that includes overlayfs SELinux support (e.g., modern Fedora/RHEL kernels) and ensure container-selinux is current.
# Example on RHEL/Fedora
sudo dnf upgrade kernel container-selinux
sudo systemctl restart dockerOlder kernels (e.g., early 3.x/4.x) often cannot run overlay2 with SELinux; upgrading is the cleanest fix.
Overlayfs with SELinux requires features like d_type and XFS ftype=1. If Docker data is on XFS without ftype=1 or a filesystem lacking overlay features, move it.
# Check XFS ftype
sudo xfs_info /var/lib/docker | grep ftype || true
# Move Docker root to a compatible filesystem (example)
sudo systemctl stop docker
sudo mv /var/lib/docker /var/lib/docker.bak
sudo mkdir -p /mnt/docker-root
# mount or create a compatible filesystem at /mnt/docker-root
sudo ln -s /mnt/docker-root /var/lib/docker
sudo systemctl start dockerIf ftype is 0 or unsupported, recreate the filesystem with ftype=1 or use ext4.
If you cannot change the kernel immediately, using the legacy "overlay" driver (without SELinux labeling) or temporarily setting SELinux to Permissive can keep you running—only for short-term testing, not production:
# Fallback to overlay driver (no SELinux labels)
sudo tee /etc/docker/daemon.json <<'EOF'
{ "storage-driver": "overlay", "selinux-enabled": false }
EOF
sudo systemctl restart docker
# TEMPORARY: set SELinux to permissive just to confirm the root cause
sudo setenforce 0 # switch back with: sudo setenforce 1After any change, verify with:
docker info --format 'Driver: {{.Driver}}'
docker run --rm hello-worldOnly keep permissive mode long enough to validate; re-enable SELinux or move to fuse-overlayfs/updated kernel.
On SELinux systems, rootless Docker defaults to fuse-overlayfs because native overlay2 labeling is not always available. If you override the driver, keep selinux-enabled=true when supported so container files stay labeled correctly.
unable to configure the Docker daemon with file /etc/docker/daemon.json
How to fix 'unable to configure the Docker daemon with file daemon.json' in Docker
docker: Error response from daemon: OCI runtime create failed: container_linux.go: starting container process caused: exec: "/docker-entrypoint.sh": stat /docker-entrypoint.sh: no such file or directory
How to fix 'exec: entrypoint.sh: no such file or directory' in Docker
image operating system "linux" cannot be used on this platform
How to fix 'image operating system linux cannot be used on this platform' in Docker
dockerfile parse error line 5: unknown instruction: RRUN
How to fix 'unknown instruction' Dockerfile parse error in Docker
manifest unknown: manifest unknown
How to fix 'manifest unknown' in Docker