9:50 a.m.
Here is my SELinux output both from the host and container. I'm getting a lot
"?" characters on the host, when I think I should be seeing the user, role and
type label defined. I've googled around based on those results and not finding
anything.
I've tried to restorecon -R -v on those volumes and nothing changed.
Volume Mounts
host: /opt/nexus
container: /nexus-data
host: /data/storage
container: /storage
From the host
[usera@hosta /]$ sudo ls -alZ /opt/nexus
[sudo] password for usera:
total 24
drwxr-x--- 15 755 nexus ? 254 Oct 5 14:48 .
drwxr-xr-x. 13 nexus nexus system_u:object_r:usr_t:s0 214 Oct 4 10:13 ..
drwxr-xr-x 3 root root ? 21 Oct 4 10:37 blobs
drwxr-xr-x 323 root root ? 8192 Oct 5 14:48 cache
drwxr-xr-x 6 root root ? 113 Oct 4 10:37 db
drwxr-xr-x 3 root root ? 36 Oct 4 11:11 elasticsearch
drwxr-xr-x 3 root root ? 45 Oct 5 14:30 etc
drwxr-xr-x 2 root root ? 6 Oct 4 10:36
generated-bundles
drwxr-xr-x 2 root root ? 33 Oct 4 10:36 instances
drwxr-xr-x 3 root root ? 19 Oct 4 10:36 javaprefs
-rw-r--r-- 1 root root ? 1 Oct 5 14:48 karaf.pid
drwxr-xr-x 3 root root ? 18 Oct 4 10:37 keystores
-rw-r--r-- 1 root root ? 14 Oct 5 14:48 lock
drwxr-xr-x 4 root root ? 220 Oct 5 20:00 log
drwxr-xr-x 2 root root ? 6 Oct 4 10:37 orient
-rw-r--r-- 1 root root ? 5 Oct 5 14:48 port
drwxr-xr-x 2 root root ? 6 Oct 4 10:37
restore-from-backup
drwxr-xr-x 8 root root ? 261 Oct 5 14:48 tmp
[usera@hosta /]$ sudo ls -alZ /data/storage
total 24
drwxr-xr-x 2 200 200 ? 172 Oct 5 13:00 .
drwxr-x--- 3 nexus nexus ? 21 Aug 26 13:41 ..
-rw-r----- 1 root root ? 1992 Oct 5 13:00 ISSUINGCA-CORP_intermediate_cert.cer
-rw-r--r-- 1 root root ? 6582 Oct 5 13:03 nexus-hosta.enclave.jks
-rw-r--r-- 1 root root ? 1221 Oct 5 12:42 nexus-hosta.enclave.pem
-rw-r----- 1 root root ? 2532 Oct 5 13:00 nexus-hosta_server_crt.cer
-rw-r----- 1 root root ? 1302 Oct 5 13:00 ROOTCA-CORP.cer
From the container
[root@6ca25b429eb1 /]# sestatus
bash: sestatus: command not found
[root@6ca25b429eb1 /]# whereis selinux
selinux: /etc/selinux /usr/libexec/selinux
[root@6ca25b429eb1 /]# ls -al /etc/selinux
total 4
drwxr-xr-x 1 root root 6 Oct 6 13:49 .
drwxr-xr-x 1 root root 21 Mar 4 2021 ..
-rw-r--r-- 1 root root 2425 Jun 29 2020 semanage.conf
[root@6ca25b429eb1 /]# ls -alZ /nexus-data
total 24
drwxr-x--- 15 755 1005 ? 254 Oct 5 18:48 .
drwxr-xr-x 1 root root ? 77 Oct 5 14:12 ..
drwxr-xr-x 3 root root ? 21 Oct 4 14:37 blobs
drwxr-xr-x 323 root root ? 8192 Oct 5 18:48 cache
drwxr-xr-x 6 root root ? 113 Oct 4 14:37 db
drwxr-xr-x 3 root root ? 36 Oct 4 15:11 elasticsearch
drwxr-xr-x 3 root root ? 45 Oct 5 18:30 etc
drwxr-xr-x 2 root root ? 6 Oct 4 14:36 generated-bundles
drwxr-xr-x 2 root root ? 33 Oct 4 14:36 instances
drwxr-xr-x 3 root root ? 19 Oct 4 14:36 javaprefs
-rw-r--r-- 1 root root ? 1 Oct 5 18:48 karaf.pid
drwxr-xr-x 3 root root ? 18 Oct 4 14:37 keystores
-rw-r--r-- 1 root root ? 14 Oct 5 18:48 lock
drwxr-xr-x 4 root root ? 220 Oct 6 00:00 log
drwxr-xr-x 2 root root ? 6 Oct 4 14:37 orient
-rw-r--r-- 1 root root ? 5 Oct 5 18:48 port
drwxr-xr-x 2 root root ? 6 Oct 4 14:37 restore-from-backup
drwxr-xr-x 8 root root ? 261 Oct 5 18:48 tmp
[root@6ca25b429eb1 /]# ls -laZ /storage
total 24
drwxr-xr-x 2 nexus nexus ? 172 Oct 5 17:00 .
drwxr-xr-x 1 root root ? 77 Oct 5 14:12 ..
-rw-r----- 1 root root ? 1992 Oct 5 17:00 ISSUINGCA-CORP_intermediate_cert.cer
-rw-r----- 1 root root ? 1302 Oct 5 17:00 ROOTCA-CORP.cer
-rw-r--r-- 1 root root ? 6582 Oct 5 17:03 nexus-hosta.enclave.jks
-rw-r--r-- 1 root root ? 1221 Oct 5 16:42 nexus-hosta.enclave.pem
-rw-r----- 1 root root ? 2532 Oct 5 17:00 nexus-hosta_server_crt.cer
Thanks again
From: Leon N <leon9923(a)gmail.com>
Sent: Wednesday, October 6, 2021 8:29 AM
To: Miller, Christopher (NE) <Christopher.Miller(a)gd-ms.com>
Cc: dwalsh(a)redhat.com; podman mailing list <podman(a)lists.podman.io>
Subject: Re: [Podman] Re: permissions issues to host filesystem when running rootless Vs
rootful and question on opening port on container/host
External E-mail --- CAUTION: This email originated from outside GDMS. Do not click links
or open attachments unless you recognize the sender and know the content is safe.
Hey,
These would be run on the host
You can also change the restorecon parameters to restore the contexts for the storage you
mounted
sudo restorecon -R -v <path to storage>
Doing
ls -laZ on the storage you mount in the container, will also give everyone here insights
on the selinux contexts
Regards,
Leon
On Wed, 6 Oct, 2021, 17:43
Christopher.Miller@gd-ms.com<mailto:Christopher.Miller@gd-ms.com>,
<Christopher.Miller@gd-ms.com<mailto:Christopher.Miller@gd-ms.com>> wrote:
Sorry I'm not clear where I want to run these commands, on the host or the container?
thanks
From: Daniel Walsh <dwalsh@redhat.com<mailto:dwalsh@redhat.com>>
Sent: Tuesday, October 5, 2021 7:10 PM
To: podman@lists.podman.io<mailto:podman@lists.podman.io>
Subject: [Podman] Re: permissions issues to host filesystem when running rootless Vs
rootful and question on opening port on container/host
I am guessing this is an SELinux issue. Perhaps sudo restorecon -R -v
/var/lib/containers
Might fix it.
You can run `sudo ausearch -m avc -ts recent`
After it fails to see if SELinux is involved.
_______________________________________________
Podman mailing list -- podman@lists.podman.io<mailto:podman@lists.podman.io>
To unsubscribe send an email to
podman-leave@lists.podman.io<mailto:podman-leave@lists.podman.io>