Thanks for the info, will try and report back.
This is going to be off topic, however have to ask as SELinux continues to be something that I still don’t have a solid grasp on, other then basics. I’ve worked heavily with RHEL 5/6/7 and typically SELinux and 3rd party apps were the big stumbling blocks for me.
Just wondering what others have done to get up to speed on SELinux, especially with containers, and especially Podman and userspaces.
Thanks
From: Leon N <leon9923@gmail.com>
Sent: Wednesday, October 6, 2021 8:29 AM
To: Miller, Christopher (NE) <Christopher.Miller@gd-ms.com>
Cc: dwalsh@redhat.com; podman mailing list <podman@lists.podman.io>
Subject: Re: [Podman] Re: permissions issues to host filesystem when running rootless Vs rootful and question on opening port on container/host
External E-mail --- CAUTION: This email originated from outside GDMS. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hey,
These would be run on the host
You can also change the restorecon parameters to restore the contexts for the storage you mounted
sudo restorecon -R -v <path to storage>
Doing
ls -laZ on the storage you mount in the container, will also give everyone here insights on the selinux contexts
Regards,
Leon
On Wed, 6 Oct, 2021, 17:43 Christopher.Miller@gd-ms.com, <Christopher.Miller@gd-ms.com> wrote:
Sorry I’m not clear where I want to run these commands, on the host or the container?
thanks
From: Daniel Walsh <dwalsh@redhat.com>
Sent: Tuesday, October 5, 2021 7:10 PM
To: podman@lists.podman.io
Subject: [Podman] Re: permissions issues to host filesystem when running rootless Vs rootful and question on opening port on container/host
I am guessing this is an SELinux issue. Perhaps sudo restorecon -R -v /var/lib/containers
Might fix it.
You can run `sudo ausearch -m avc -ts recent`
After it fails to see if SELinux is involved.
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io