search

openSUSE / containers-systemd

Systemd service files to run various openSUSE containers by systemd and podman
MIT License
13 stars 4 forks source link

Services fail to start due to selinux #5

Closed djoreilly closed 2 years ago

djoreilly commented 2 years ago

First /srv is empty - I'm not sure if subdirs like /srv/bind are supposed to exist as rpm -ql containers-systemd | grep srv shows them.

# mkdir /srv/bind
# systemctl enable container-bind.service --now

which gives this error

Jul 05 14:47:49 localhost.localdomain bind[26627]: + mkdir -m 0775 -p /var/run/named
Jul 05 14:47:49 localhost.localdomain bind[26627]: + chown named:named /var/run/named
Jul 05 14:47:49 localhost.localdomain bind[26627]: + create_bind_data_dir
Jul 05 14:47:49 localhost.localdomain bind[26627]: + mkdir -p /data
Jul 05 14:47:49 localhost.localdomain bind[26627]: + '[' '!' -d /data/etc ']'
Jul 05 14:47:49 localhost.localdomain bind[26627]: + mkdir -p /data/etc
Jul 05 14:47:49 localhost.localdomain bind[26627]: mkdir: can't create directory '/data/etc': Permission denied

It starts after disabling selinux. Selinux seems to be enabled by default now in MicroOS.

thkukuk commented 2 years ago

The directories below /srv in the RPMs are only ghost files. RPM cannot create this directories if you use a transactional system like MicroOS, since /srv is owned by the admin, not distribution. container-bind.service should create that directory like all other service files are doing so, fixed. And looks like SELinux support was forgotten in container-bind.service, too. Also fixed.