Thanks Matt, that was it! It spins up now

What's the recommended way of doing this with SELinux enabled in the container?
Since the alpine image doesn't seem create a home directory for the user.
On Mon, 17 Jun 2019 at 16:25, Matt Heon <mheon@redhat.com> wrote:
On 2019-06-17 16:22, Eric Gustavsson wrote:
>Thanks for the quick responses!
>
>I tried running without --user, got the same error with permission denied
>to touch the data/ directory
>$ podman run -d --name bitwarden -e ROCKET_PORT=8080 -v
>/home/spytec/Bitwarden/bw-data/:/data/ -p 8080:8080
>bitwardenrs/server:latest
>
>With the --userns=keep-id I do get the 1000:1000 on the folder and the
>container runs as it, but also there I get permission denied.
>$ podman run -d --userns=keep-id --name bitwarden -e ROCKET_PORT=8080 -v
>/home/spytec/Bitwarden/bw-data/:/data/ -p 8080:8080
>bitwardenrs/server:latest
>
>If I tried this to see it inside the container:
>$ podman run -ti --name bitwarden --rm --userns=keep-id -e
>[ROCKET_PORT=8080,ENABLE_DB_WAL=false] -v
>/home/spytec/Bitwarden/bw-data/:/data/ -p 8080:8080
>bitwardenrs/server:latest /bin/bash
>1000@7253b86a0681:/$ touch /data/test
>touch: cannot touch '/data/test': Permission denied
>1000@7253b86a0681:/$ ls -l | grep data
>drwxrwxrwx.   2 1000      1000     4096 Jun 13 16:57 data
>
>Thanks,
>
>Eric Gustavsson
>
>Associate Software Engineer
>
>Red Hat <https://www.redhat.com>
><https://www.redhat.com>
>

Sounds like SELinux.

Try running the container with `--security-opt label=disable` - that
should let you access the folder on the host without issue.

Thanks,
Matt Heon

>
>On Mon, 17 Jun 2019 at 16:12, James Cassell <fedoraproject@cyberpear.com>
>wrote:
>
>> On Mon, Jun 17, 2019, at 9:53 AM, Eric Gustavsson wrote:
>> > Hi all,
>> >
>> > I got a bit on an issue trying to spin up a container with a volume
>> > mounted to the container's /data directory. Got a related issue here
>> > but I believe I'm just missing out on something Podman specific
>> > https://github.com/dani-garcia/bitwarden_rs/issues/506
>> >
>> > When I run this command and mount /bw-data to container's /data the
>> > bitwardenrs image can't write to it.
>> > podman run -d --user 1001 --name bitwarden -e
>> > [ROCKET_PORT=8080,ENABLE_DB_WAL=false] -v
>> > /home/spytec/Bitwarden/bw-data/:/data/ -p 8080:8080
>> > bitwardenrs/server:latest
>> >
>> > Inside the container the /data directory is assigned to root, outside
>> > the container /bw-data has 0777 permissions and belong to myself (user
>> > 1001).
>> >
>> > Am I missing something?
>>
>> With rootless containers, the root uid inside the container is the regular
>> uid outside of the container. Use `--userns=keep-uid` to see your user
>> mapped as the same uid inside and out.
>>
>> V/r,
>> James Cassell
>> _______________________________________________
>> Podman mailing list -- podman@lists.podman.io
>> To unsubscribe send an email to podman-leave@lists.podman.io
>>

>_______________________________________________
>Podman mailing list -- podman@lists.podman.io
>To unsubscribe send an email to podman-leave@lists.podman.io