Closed thoraxe closed 5 years ago
@rhatdan PTAL
audit2allow -i /tmp/t
allow container_t fusefs_t:sock_file create; [dwalsh@localhost 2019]$ rpm -q container-selinux container-selinux-2.95-1.gite3ebc68.fc30.noarch
Please yum -y update --enablerepo updates-testing container-selinux
If this solves your issue, please give good karma. https://bodhi.fedoraproject.org/updates/FEDORA-2019-9e36ddd5a5
@rhatdan works.
/kind bug
Description When running a container with supervisord, SELinux prevents socket creation.
Steps to reproduce the issue:
podman run -it --rm -e OC_VERSION=4.0 -p 10081:10081 -p 10080:10080 quay.io/openshiftlabs/workshop-terminal:2.6.2
Describe the results you received:
type=AVC msg=audit(1554902629.437:1830): avc: denied { create } for pid=14464 comm="supervisord" name="supervisor.sock.1" scontext=system_u:system_r:container_t:s0:c281,c1019 tcontext=system_u:object_r:fusefs_t:s0 tclass=sock_file permissive=0
Describe the results you expected: Container should run.
Additional information you deem important (e.g. issue happens only occasionally): https://gist.github.com/thoraxe/43026e3cca41f0ee30fe25bf3028e4bc
container-selinux-2.94-1.git1e99f1d.fc29.noarch
Output of
podman version
:Output of
podman info --debug
:Additional environment details (AWS, VirtualBox, physical, etc.): F29 on a Lenovo T460s