I’m trying to move to podman from docker but selinux prohibits me from doing so. I can’t find a source where it’s explained how I should set it up. Thx!

  • jntesteves@lemmy.world
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    SELinux in Podman works pretty much the same way it works on Docker, so if you are having problems with Podman, you should also be having problems with Docker, so I don’t see how that’s impeding your migration. You need to be more specific about the issues you’re having to get a good answer.

    The post by Chris Smart you linked on your comment below is a good start, but everything there also applies to Docker, so if you still didn’t know those basics, you shouldn’t be able to use Docker on Fedora either.

    About your question of how to set it up, use-case is an important consideration, there is no generic answer that covers all use-cases. I’ve even found out that for some use-cases (like ad-hoc containers), disabling SELinux within the container (with --security-opt=label=disable) seems to be the most secure option. That’s what I’ve done in contr (see this commit message). I’ve been meaning to blog about that, but never did because I’m in the process of migrating my blog but too lazy to finish it.

    I’ve put a lot of links about SELinux in containers in this issue.

    • GravitySpoiledOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Thx for your answer, I found the workflow for podman. With a new distro came the change to selinux and podman which is why I had no experience with docker and selinux either. Now, it works as expected. Thx!

      • bizdelnick
        link
        fedilink
        arrow-up
        13
        ·
        1 year ago

        There can be a package with corresponding selinux policy in the repo. It is highly likely as Fedora use selinux by default and your case seems typical.

  • deadbeef79000@lemmy.nz
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    1 year ago

    With great difficulty, and by essentially giving up.

    Podman/docker makes no difference in my case, just more noise when trying to find help.