http://bugzilla.opensuse.org/show_bug.cgi?id=1186158 http://bugzilla.opensuse.org/show_bug.cgi?id=1186158#c3 --- Comment #3 from Thorsten Kukuk <kukuk@suse.com> --- (In reply to G.M. Venekamp from comment #2)
Using podman 3.2.0 and starting the docker API as a regular user, i.e. systemctl --user start podman yield the same issues that SELinux forbids reading /run/user/1000/podman/podman.sock The socket is readable from outside a container, but from the inside SELinux is preventing access to it.
That's exatlx what SELinux should do and is designed for, so everything is working. Accessing the podman.sock from inside a container is really dangerous security wise. If you really need that, you need to learn SELinux and adjust the policy for your use case (or look if somebody has already a solution documented somewhere). But we will not allow this by default. -- You are receiving this mail because: You are on the CC list for the bug.