Hi Chintan,
This documentation might be helpful:  https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/building_running_and_managing_containers/starting-with-containers_building-running-and-managing-containers#special_considerations_for_rootless   

Search for "ip_unprivileged_port_start"

Brian


On Mon, Sep 21, 2020 at 12:45 PM Chintan from Rebhu <chintan@rebhu.com> wrote:

Hello!!

I am starting a container using the following command

`sudo podman run -p 80:80 -v ./envoy.yaml:/etc/envoy/envoy.yaml:Z --name dev-envoy --network dev --security-opt label=type:envoy.process envoyproxy/envoy:v1.15.0`

The application starts but exits. It cannot bind to container's port 80. Here is an excerpt from logs:

`cannot bind '0.0.0.0:80': Permission denied`

The SEModule policy was generated using Udica. It can be reviewed here. Steps for this process are discussed in an earlier thread named 'Logs show permission denied error'.

The containerfile used to created this container image executes the application as a non-root user. As the container exits right after it starts, it is impossible to access the container's terminal and attempt elementary troubleshooting steps.

How to bind to HTTP(S) and other lower ports in a rootful container when the application executes as a non-root user?


Thank you.

--
Chintan Mishra
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io