Bug ID 1186158
Summary SElinux is blocking socket access for podman
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS openSUSE MicroOS
Status NEW
Severity Normal
Priority P5 - None
Component MicroOS
Assignee kubic-bugs@opensuse.org
Reporter gm.venekamp@quicknet.nl
QA Contact qa-bugs@suse.de
Found By ---
Blocker ---

test-vm:~ # head -2 /etc/os-release 
NAME="openSUSE MicroOS"
# VERSION="20210515"

When starting a container (as root) like traefik, I get the following error:

test-vm:~ # podman run -p 8080:8080 -p 80:80 -v
/etc/traefik/traefik.yml:/etc/traefik/traefik.yml -v
/var/run/podman/podman.sock:/var/run/docker.sock traefik:v2.0

time="2021-05-18T06:46:37Z" level=info msg="Configuration loaded from file:
/etc/traefik/traefik.yml"
time="2021-05-18T06:46:38Z" level=error msg="Failed to retrieve information of
the docker client and server host: Got permission denied while trying to
connect to the Docker daemon socket at unix:///var/run/docker.sock: Get
http://%2Fvar%2Frun%2Fdocker.sock/v1.24/version: dial unix
/var/run/docker.sock: connect: permission denied" providerName=docker

This is what /var/log/audit/audit/log tells me:

type=AVC msg=audit(1621319586.484:965): avc:  denied  { connectto } for 
pid=1785 comm="traefik" path="/run/podman/podman.sock"
scontext=system_u:system_r:container_t:s0:c741,c830
tcontext=system_u:system_r:container_runtime_t:s0 tclass=unix_stream_socket
permissive=1

test-vm:~ # ll -Z /var/run/podman/podman.sock
srw-rw----. 1 root root system_u:object_r:var_run_t:s0 0 May 18 08:46
/var/run/podman/podman.sock


Am I doing anything wrong


You are receiving this mail because: