[Podman] Re: rootless container needs to access private key stored on host

dear all,     I work on a podman container for postfix + dovecot. On my host, the encrypt keys (including the private key) are stored in /etc/letsencrypt/live/xxxxx.xxx/, and these keys have to be used by both postfix and dovecot.    However the "/etc/letsencrypt/live" folder is only accessible by root, so that when I share the /etc/letsencrypt folder using the -v option, the container has no access to the live folder. Of course, if I do awful things like chmod 777 on the /etc/letsencrypt/live folder everything is ok. But of course it is not a good way for that.   I wanted to know what I should do to avoid this chmod 777 while working with a rootless container. Can I map the volume using root ? (and if so is it a good idea ?) Should I play with groups on the host (= a group called like "encrypters", that may contain only root and the user that runs the container ?) Or a root process that performs copies of the keys ?   I also have seen the "--secret"  option for podman I did not understad If it would solve my problem. Please also notice that the "let's encrypt" keys are re-generated sometimes because they have a 1 month lifetime.   If there is some guideline somewhere about this topic please show me.   My host is ubuntu 22.04, and the podman version is 3.4.4. I don't use SE linux for now.   Thanks a lot,       Mike _______________________________________________ Podman mailing list --podman(a)lists.podman.io To unsubscribe send an email topodman-leave(a)lists.podman.io