[Podman] Re: permissions issues to host filesystem when running rootless Vs rootful and question on opening port on container/host

Here is my SELinux output both from the host and container.  I’m getting a lot “?” characters on the host, when I think I should be seeing the user, role and type label defined.  I’ve googled around based on those results and not finding anything. I’ve tried to restorecon -R -v on those volumes and nothing changed. Volume Mounts host: /opt/nexus container: /nexus-data host: /data/storage container: /storage From the host [usera@hosta /]$ sudo ls -alZ /opt/nexus [sudo] password for usera: total 24 drwxr-x---   15   755 nexus ?                           254 Oct  5 14:48 . drwxr-xr-x.  13 nexus nexus system_u:object_r:usr_t:s0  214 Oct  4 10:13 .. drwxr-xr-x    3 root  root ?                            21 Oct  4 10:37 blobs drwxr-xr-x  323 root  root ?                          8192 Oct  5 14:48 cache drwxr-xr-x    6 root  root ?                           113 Oct  4 10:37 db drwxr-xr-x    3 root  root ?                            36 Oct  4 11:11 elasticsearch drwxr-xr-x    3 root  root  ?                  45 Oct  5 14:30 etc drwxr-xr-x    2 root  root ?                             6 Oct  4 10:36 generated-bundles drwxr-xr-x    2 root  root ?                            33 Oct  4 10:36 instances drwxr-xr-x    3 root  root ?                            19 Oct  4 10:36 javaprefs -rw-r--r--    1 root  root ?                             1 Oct  5 14:48 karaf.pid drwxr-xr-x    3 root  root ?                            18 Oct  4 10:37 keystores -rw-r--r--    1 root  root ?                            14 Oct  5 14:48 lock drwxr-xr-x    4 root  root ?                           220 Oct  5 20:00 log drwxr-xr-x    2 root  root ?                             6 Oct  4 10:37 orient -rw-r--r--    1 root  root ?                             5 Oct  5 14:48 port drwxr-xr-x    2 root  root ?                             6 Oct  4 10:37 restore-from-backup drwxr-xr-x    8 root  root ?                           261 Oct  5 14:48 tmp [usera@hosta /]$ sudo ls -alZ /data/storage total 24 drwxr-xr-x 2   200   200 ?  172 Oct  5 13:00 . drwxr-x--- 3 nexus nexus ?   21 Aug 26 13:41 .. -rw-r----- 1 root  root  ? 1992 Oct  5 13:00 ISSUINGCA-CORP_intermediate_cert.cer -rw-r--r-- 1 root  root  ? 6582 Oct  5 13:03 nexus-hosta.enclave.jks -rw-r--r-- 1 root  root  ? 1221 Oct  5 12:42 nexus-hosta.enclave.pem -rw-r----- 1 root  root  ? 2532 Oct  5 13:00 nexus-hosta_server_crt.cer -rw-r----- 1 root  root  ? 1302 Oct  5 13:00 ROOTCA-CORP.cer From the container [root@6ca25b429eb1 /]# sestatus bash: sestatus: command not found [root@6ca25b429eb1 /]# whereis selinux selinux: /etc/selinux /usr/libexec/selinux [root@6ca25b429eb1 /]# ls -al /etc/selinux total 4 drwxr-xr-x 1 root root    6 Oct  6 13:49 . drwxr-xr-x 1 root root   21 Mar  4  2021 .. -rw-r--r-- 1 root root 2425 Jun 29  2020 semanage.conf [root@6ca25b429eb1 /]# ls -alZ /nexus-data total 24 drwxr-x---  15  755 1005 ?  254 Oct  5 18:48 . drwxr-xr-x   1 root root ?   77 Oct  5 14:12 .. drwxr-xr-x   3 root root ?   21 Oct  4 14:37 blobs drwxr-xr-x 323 root root ? 8192 Oct  5 18:48 cache drwxr-xr-x   6 root root ?  113 Oct  4 14:37 db drwxr-xr-x   3 root root ?   36 Oct  4 15:11 elasticsearch drwxr-xr-x   3 root root ?   45 Oct  5 18:30 etc drwxr-xr-x   2 root root ?    6 Oct  4 14:36 generated-bundles drwxr-xr-x   2 root root ?   33 Oct  4 14:36 instances drwxr-xr-x   3 root root ?   19 Oct  4 14:36 javaprefs -rw-r--r--   1 root root ?    1 Oct  5 18:48 karaf.pid drwxr-xr-x   3 root root ?   18 Oct  4 14:37 keystores -rw-r--r--   1 root root ?   14 Oct  5 18:48 lock drwxr-xr-x   4 root root ?  220 Oct  6 00:00 log drwxr-xr-x   2 root root ?    6 Oct  4 14:37 orient -rw-r--r--   1 root root ?    5 Oct  5 18:48 port drwxr-xr-x   2 root root ?    6 Oct  4 14:37 restore-from-backup drwxr-xr-x   8 root root ?  261 Oct  5 18:48 tmp [root@6ca25b429eb1 /]# ls -laZ /storage total 24 drwxr-xr-x 2 nexus nexus ?  172 Oct  5 17:00 . drwxr-xr-x 1 root  root  ?   77 Oct  5 14:12 .. -rw-r----- 1 root  root  ? 1992 Oct  5 17:00 ISSUINGCA-CORP_intermediate_cert.cer -rw-r----- 1 root  root  ? 1302 Oct  5 17:00 ROOTCA-CORP.cer -rw-r--r-- 1 root  root  ? 6582 Oct  5 17:03 nexus-hosta.enclave.jks -rw-r--r-- 1 root  root  ? 1221 Oct  5 16:42 nexus-hosta.enclave.pem -rw-r----- 1 root  root  ? 2532 Oct  5 17:00 nexus-hosta_server_crt.cer Thanks again *From:* Leon N <leon9923(a)gmail.com&gt; *Sent:* Wednesday, October 6, 2021 8:29 AM *To:* Miller, Christopher (NE) <Christopher.Miller(a)gd-ms.com&gt; *Cc:* dwalsh(a)redhat.com; podman mailing list <podman(a)lists.podman.io&gt; *Subject:* Re: [Podman] Re: permissions issues to host filesystem when running rootless Vs rootful and question on opening port on container/host *External E-mail *--- CAUTION: This email originated from outside GDMS. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hey, These would be run on the host You can also change the restorecon parameters to restore the contexts for the storage you mounted sudo restorecon -R -v <path to storage> Doing ls -laZ on the storage you mount in the container,  will also give everyone here insights on the selinux contexts Regards, Leon On Wed, 6 Oct, 2021, 17:43 Christopher.Miller(a)gd-ms.com, <Christopher.Miller(a)gd-ms.com&gt; wrote: Sorry I’m not clear where I want to run these commands, on the host or the container? thanks *From:* Daniel Walsh <dwalsh(a)redhat.com&gt; *Sent:* Tuesday, October 5, 2021 7:10 PM *To:* podman(a)lists.podman.io *Subject:* [Podman] Re: permissions issues to host filesystem when running rootless Vs rootful and question on opening port on container/host I am guessing this is an SELinux issue. Perhaps sudo restorecon -R -v /var/lib/containers Might fix it. You can run `sudo ausearch -m avc -ts recent` After it fails to see if SELinux is involved. _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io