On 7/30/21 12:40, Josh Berkus wrote:
I'm porting a legacy app to containers, and having an issue where
apparently it can't write files while running in podman.
Is there any reason why a python process, or child process, running as
container-root would be unable to write to either the ephemeral
filesystem of the container, or to mounted volumes?
Basically, here's the situation:
- pyhton app with many child processes
- all of them run as container-root
- app is supposed to write logs to files (yes, I know)
- app does not write any logs to any files; in fact, the log-dir
initialization appears to fail (no error messages, though, because
it's not logging)
- one other process which is supposed to write cache to a dir does not
- all of these directories are under /app/ a directory COPYd into the
image definition, not /var/ or home
- have tried both with these dirs as local to the container, and as
mounted volumes on the host system
- if I exec in to the container as container-root, I can write files
to those dirs
- SELinux denial log on the host does not show any denials
It is entirely possible that this is a problem with the legacy app and
is not a podman thing at all. I'm asking here because I want to
eliminate podman as a potential cause of the problem.
Have you tried this with a --privileged container?
Are you running in rootless mode? If yes, could you try a --privileged