I'll try using the ":z" option on the volume.
Since I was deleting container A and attaching the volume to a new
container (container B), I didn't think the ":Z" option would be the issue
since container A and container B weren't running at the same time.
Thank you for the suggestion.
On Tue, Aug 17, 2021 at 4:39 PM Daniel Walsh <dwalsh(a)redhat.com> wrote:
On 8/17/21 16:31, Jeremy V wrote:
Hi,
I am sometimes experiencing an issue where a new container can't write to
an existing volume after removing the old container. The containers are
running rootless on RHEL8.
I tried resetting the permissions on the volume by running the "podman
unshare" command again, but it seems to have no effect. If I create a new
volume and mount it to the new container, the new container can write to
the new volume.
Why is the new container unable to write to the existing volume, but able
to write to a new volume with supposedly identical permissions?
Sequence of events:
1. create volume and container
podman volume create <volume_name>
podman unshare chown 1000:1000 -R <path_to_volume>
podman run -d --name <container_name> ... --volume <volume_name>:/var/log:Z
... <container_image>
2. Some point in the future I get a new container image
podman container stop <container_name>
podman container rm <container_name>
podman run -d --name <container_name> ... --volume <volume_name>:/var/log:Z
... <new_container_image>
3. The new container logs show it is unable to write to the volume
Regards,
--
Jeremy V.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
The second :Z relabels the content of the volume to be private to the
second container. This means the first container can not longer read/write
it.
Use :z if you want to share a volume between multiple containers. Note
the :z only needs to be done ONCE. Once it is done, all containers can use
it as a volume.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
--
Jeremy V.