With a BTRFS filesystem, machinectl can clone a systemd-nspawn container quickly and efficiently.
It also attempts to clone and/or remove any *.nspawn configuration files in /etc/systemd/nspawn or /run/systemd/nspawn, which fails with the current F40 selinux-policy.
The audit2allow rules suggest allowing the systemd_machined_t source context edit access to the etc_t target type. This is not really what we should do.
Requesting that a new type systemd_nspawn_conf_t be created for /etc/systemd/nspwan and /run/systemd/nspawn. Then systemd_machined_t can be allowed to manage those spaces with the appropriate interfaces.
With a BTRFS filesystem, machinectl can clone a systemd-nspawn container quickly and efficiently.
It also attempts to clone and/or remove any *.nspawn configuration files in /etc/systemd/nspawn or /run/systemd/nspawn, which fails with the current F40 selinux-policy.
The audit2allow rules suggest allowing the systemd_machined_t source context edit access to the etc_t target type. This is not really what we should do.
Requesting that a new type
systemd_nspawn_conf_t
be created for /etc/systemd/nspwan and /run/systemd/nspawn. Then systemd_machined_t can be allowed to manage those spaces with the appropriate interfaces.