[Podman] Re: Bind to HTTP(S) ports in a rootful container executing application as a non-root user

Hi Chintan, This documentation might be helpful: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/... Search for "ip_unprivileged_port_start" Brian On Mon, Sep 21, 2020 at 12:45 PM Chintan from Rebhu <chintan(a)rebhu.com&gt; wrote: > Hello!! > > I am starting a container using the following command > > `sudo podman run -p 80:80 -v ./envoy.yaml:/etc/envoy/envoy.yaml:Z --name > dev-envoy --network dev --security-opt label=type:envoy.process > envoyproxy/envoy:v1.15.0` > > The application starts but exits. It cannot bind to container's port 80. > Here is an excerpt from logs: > > `cannot bind '0.0.0.0:80': Permission denied` > > The SEModule policy was generated using Udica. It can be reviewed here > <https://pastebin.com/3Du3GTzt>;. Steps for this process are discussed in > an earlier thread named 'Logs show permission denied error'. > > The containerfile used to created this container image executes the > application as a non-root user. As the container exits right after it > starts, it is impossible to access the container's terminal and attempt > elementary troubleshooting steps. > > How to bind to HTTP(S) and other lower ports in a rootful container when > the application executes as a non-root user? > > > Thank you. > -- > Chintan Mishra > _______________________________________________ > Podman mailing list -- podman(a)lists.podman.io > To unsubscribe send an email to podman-leave(a)lists.podman.io >