What command are you using to launch the Envoyproxy container?
The AVC's indicate the container is attempting to write to a fifo_file
created by podman
# podman run --privileged -v /usr/bin/find:/usr/bin/find fedora find /
-type p
The issue is I am not getting any information about what fifo file is
being blocked?
Is this running rootful or rootless?
On 9/8/20 13:06, Chintan from Rebhu wrote:
Hello, everyone!!
Thank you Chris, Matt, and Daniel for helping me understand the
queries in my mind.
Here is a pastebin of Access Vector Cache(AVC) output
https://pastebin.com/c1w8AnA7
The contents were fetched using `|ausearch -m avc --start recent|`.
On 08/09/20 6:32 pm, Chris Evich wrote:
> On 9/8/20 12:48 AM, Chintan from Rebhu wrote:
>> The same error is not present when I switch from v1.15.0 to v1.14.4
>> of Envoyproxy.
>>
>> I am out of my wits about this. Please tell me how I should find a
>> solution.
>>
>> We only use Podman in our infrastructure.
>
> Hi,
>
> First off, I don't mean to dismiss the scale of your frustrations or
> challenges here. However, this list may not be the appropriate place
> for seeking infrastructure support for third-party interoperability
> (open-source or closed).
>
> We're really narrowly focused on podman and it's intimately related
> container technologies, and improving the state thereof. If you're
> looking for end-to-end debugging and help, then a commercial support
> option would probably be best.
If it was something non-trivial then I would happily seek commercial
support. I am just trying to run a command that works with Docker on
Debian(checked a few moments ago) but fails on Podman. Podman is
marketed as a drop-in replacement for Docker. So, one would expect
that commands work out of box. And most generic applications do run
fine. But there are a significant number of applications that need
certain modifications to get things working with Podman. One grows
appreciative of the finer details as they use Podman. But these finer
details are poorly documented and highly fragmented all over the
internet. And if applications keep not working and stay without
resolution or without documentation then that will be a deterrent for
Podman's wider community adoption.
What do you suggest the community do to get applications running
through Podman?
>
> OTOH, I see you're follow-up mail, which does have some
> podman-specific questions we can probably help with. I just want to
> be clear up-front, that this list is not an official/commercial means
> for overall/general system support.
>
In the first e-mail, I failed to mention that I ruled out issues in
the containerfile provided by the Envoyproxy maintainers. There is no
mention of a similar issue on their communication channels like Slack,
GitHub issues and Google group. So, it was only logical to conclude
that the issue is with Podman.
--
Chintan Mishra
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io