Just starting to experiment with Podman on RHEL8 and I’m seeing SELinux denials (on the
host) related to containers I create within a pod for the files automatically created as
overlays, most typically hosts and resolv.conf, when performing network related tasks that
require name resolution. Of course the containers are unable to read the files in question
due to the denials. I don’t see this behavior when deploying containers outside of a pod.
On containers that work as expected I notice the SELinux type for the files in question on
the host are container_file_t. However, for containers that experience the denials the
SELinux type for the files in question on the host are set to container_var_run_t.
Interestingly enough the pod infrastructure container has files labeled with
Is this normal behavior for containers added to a pod or perhaps I’m missing something?