-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Podman 1.4.4: permission denied mounting volume without "--privileged" flag #3683
Comments
Are you running with or without root? |
we should include that question in the issue template, it's asked a lot |
The problem occurs running as root as well (and non-root of course) |
My initial suspicion would be SELinux. If you pass |
This definitely looks like SElinux, If you need to volume mount in your homedir into a container you need to disable SElinux separation as mheon shows above. If you think this worked before and fails now, I would guess you were in permissive mode before. There is an effort with a new tool called udica which would allow you to generate a policy type to allow the container to use your homedir. github.com/containers/udica |
Ok, I created a Also, as in the documentation, it possible to disable SELinux with this: But previously this was not the case, was this added later to podman? |
You could have also executed podman run -it --rm -v /var/data:/sqm:Z docker.io/library/alpine sh Which is what I would recommend, Then podman will do the relabeling for you and the /var/data directory will only be able to be used by this contianer. podman run -it --rm -v /var/data:/sqm:z docker.io/library/alpine sh Would relabel /var/data with a shared label container_file_t:s0 so all containers could share the content from an SELinux point of view. |
Actually either with |
And chcon did? What kind of file system is on /var/data3? |
Does @rhatdan I think it's a directory his user has read, but not write, perms on. |
That should give you eperm then. |
It had the same permissions as all other folders I tried previously (chmod a+rwx) |
…ck in order to fix a permissions problems with volumes when SELinux is being used (see containers/podman#3683).
…ck in order to fix a permissions problems with volumes when SELinux is being used (see containers/podman#3683).
/kind bug
Description
With previous versions of podman (e.g. 1.3.2) I could mount the specified working containers' root filesystem with no problem. But in version 1.4.4 using same command does not work, only by adding " --privileged" flag.
Steps to reproduce the issue:
Just run simple container and supply some folder on host to be mounted on container:
podman run -it --rm -v /home/orlando/:/sqm/ docker.io/library/alpine sh
ls -la /sqm
Describe the results you received:
ls: can't open '/sqm': Permission denied
Describe the results you expected:
total 128
drwx------ 16 root root 4096 Jul 31 14:46 .
drwxr-xr-x 20 root root 4096 Jul 31 18:33 ..
-rw------- 1 root root 6820 Jul 31 10:07 .ICEauthority
-rw------- 1 root root 17472 Jul 30 20:08 .bash_history
-rw-r--r-- 1 root root 18 Feb 16 10:01 .bash_logout
-rw-r--r-- 1 root root 141 Feb 16 10:01 .bash_profile
-rw-r--r-- 1 root root 491 Jul 16 11:04 .bashrc
(...)
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Output of
podman info --debug
:Additional environment details (AWS, VirtualBox, physical, etc.):
I am running Fedora release 30 (Thirty) in a Virtual Box 6.0 running on Windows 10
The text was updated successfully, but these errors were encountered: