Hello!! I am starting a container using the following command `sudo podman run -p 80:80 -v ./envoy.yaml:/etc/envoy/envoy.yaml:Z --name dev-envoy --network dev --security-opt label=type:envoy.process envoyproxy/envoy:v1.15.0` The application starts but exits. It cannot bind to container's port 80. Here is an excerpt from logs: `cannot bind '0.0.0.0:80': Permission denied` The SEModule policy was generated using Udica. It can be reviewed here <https://pastebin.com/3Du3GTzt>;. Steps for this process are discussed in an earlier thread named 'Logs show permission denied error'. The containerfile used to created this container image executes the application as a non-root user. As the container exits right after it starts, it is impossible to access the container's terminal and attempt elementary troubleshooting steps. How to bind to HTTP(S) and other lower ports in a rootful container when the application executes as a non-root user? Thank you. -- Chintan Mishra _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io

Sorry, please disregard my previous email. I went back and re-read your original email and I had misread it the first time. Thanks, Brian On Mon, Sep 21, 2020 at 1:24 PM Brian Smith <briasmit(a)redhat.com&gt; wrote: > Hi Chintan, > This documentation might be helpful: > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/... > > > Search for "ip_unprivileged_port_start" > > Brian > > > On Mon, Sep 21, 2020 at 12:45 PM Chintan from Rebhu <chintan(a)rebhu.com&gt; > wrote: > >> Hello!! >> >> I am starting a container using the following command >> >> `sudo podman run -p 80:80 -v ./envoy.yaml:/etc/envoy/envoy.yaml:Z --name >> dev-envoy --network dev --security-opt label=type:envoy.process >> envoyproxy/envoy:v1.15.0` >> >> The application starts but exits. It cannot bind to container's port 80. >> Here is an excerpt from logs: >> >> `cannot bind '0.0.0.0:80': Permission denied` >> >> The SEModule policy was generated using Udica. It can be reviewed here >> <https://pastebin.com/3Du3GTzt>;. Steps for this process are discussed in >> an earlier thread named 'Logs show permission denied error'. >> >> The containerfile used to created this container image executes the >> application as a non-root user. As the container exits right after it >> starts, it is impossible to access the container's terminal and attempt >> elementary troubleshooting steps. >> >> How to bind to HTTP(S) and other lower ports in a rootful container when >> the application executes as a non-root user? >> >> >> Thank you. >> -- >> Chintan Mishra >> _______________________________________________ >> Podman mailing list -- podman(a)lists.podman.io >> To unsubscribe send an email to podman-leave(a)lists.podman.io >> >