Recently I installed Docker CE on my Oracle Linux.
Unfortunately, when I want to start my first container with:

docker run hello-world

I get this error message:

docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:430: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown. ERRO[0000] error waiting for container: context canceled

Per the bug that david-maze linked to, updating container-selinux should fix this for you:

sudo yum install http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.107-1.el7_6.noarch.rpm

OP, I just ran into this issue. I am not sure what your OL support level is. But to stay supported, you really don't want to use the container-selinux from another distro. What I found as a work around is to set the following:

sudo semanage permissive -a container_runtime_t

After setting that to permissive running containers worked as expected.

Another approach to disable se by running sudo setenforce 0. Then verify that it changed by running sestatus

I found it. after disable selinux the problem solved. selinux prevent docker to write on /proc/self/attr/keycreat

For disable selinux:

Edit the /etc/selinux/config file to set the SELINUX parameter to disabled, and then reboot the server