Linux

47231 readers

765 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

How to work with selinux and podman? (lemmy.ml)

submitted 9 months ago by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

I'm trying to move to podman from docker but selinux prohibits me from doing so. I can't find a source where it's explained how I should set it up. Thx!

top 8 comments

sorted by: hot top controversial new old

[–] [email protected] 4 points 9 months ago (1 children)

SELinux in Podman works pretty much the same way it works on Docker, so if you are having problems with Podman, you should also be having problems with Docker, so I don't see how that's impeding your migration. You need to be more specific about the issues you're having to get a good answer.

The post by Chris Smart you linked on your comment below is a good start, but everything there also applies to Docker, so if you still didn't know those basics, you shouldn't be able to use Docker on Fedora either.

About your question of how to set it up, use-case is an important consideration, there is no generic answer that covers all use-cases. I've even found out that for some use-cases (like ad-hoc containers), disabling SELinux within the container (with --security-opt=label=disable) seems to be the most secure option. That's what I've done in contr (see this commit message). I've been meaning to blog about that, but never did because I'm in the process of migrating my blog but too lazy to finish it.

I've put a lot of links about SELinux in containers in this issue.

[–] [email protected] 1 points 9 months ago

Thx for your answer, I found the workflow for podman. With a new distro came the change to selinux and podman which is why I had no experience with docker and selinux either. Now, it works as expected. Thx!

[–] [email protected] 3 points 9 months ago

I'm currently reading

https://blog.christophersmart.com/2021/01/31/podman-volumes-and-selinux/

[–] [email protected] 3 points 9 months ago (1 children)

What distro you use?

[–] [email protected] 2 points 9 months ago (1 children)

why is that relevant?

fedora kinoite

[–] [email protected] 12 points 9 months ago

There can be a package with corresponding selinux policy in the repo. It is highly likely as Fedora use selinux by default and your case seems typical.

[–] [email protected] 2 points 9 months ago

With great difficulty, and by essentially giving up.

Podman/docker makes no difference in my case, just more noise when trying to find help.

[–] [email protected] 1 points 9 months ago

do you work with udica?