I’m trying to move to podman from docker but selinux prohibits me from doing so. I can’t find a source where it’s explained how I should set it up. Thx!
SELinux in Podman works pretty much the same way it works on Docker, so if you are having problems with Podman, you should also be having problems with Docker, so I don’t see how that’s impeding your migration. You need to be more specific about the issues you’re having to get a good answer.
The post by Chris Smart you linked on your comment below is a good start, but everything there also applies to Docker, so if you still didn’t know those basics, you shouldn’t be able to use Docker on Fedora either.
About your question of how to set it up, use-case is an important consideration, there is no generic answer that covers all use-cases. I’ve even found out that for some use-cases (like ad-hoc containers), disabling SELinux within the container (with
--security-opt=label=disable
) seems to be the most secure option. That’s what I’ve done in contr (see this commit message). I’ve been meaning to blog about that, but never did because I’m in the process of migrating my blog but too lazy to finish it.I’ve put a lot of links about SELinux in containers in this issue.
Thx for your answer, I found the workflow for podman. With a new distro came the change to selinux and podman which is why I had no experience with docker and selinux either. Now, it works as expected. Thx!
What distro you use?
why is that relevant?
fedora kinoite
There can be a package with corresponding selinux policy in the repo. It is highly likely as Fedora use selinux by default and your case seems typical.
I’m currently reading
https://blog.christophersmart.com/2021/01/31/podman-volumes-and-selinux/
With great difficulty, and by essentially giving up.
Podman/docker makes no difference in my case, just more noise when trying to find help.
do you work with udica?