-
Notifications
You must be signed in to change notification settings - Fork 236
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support running inside default docker/podman w/container-selinux #269
Comments
See also coreos/rpm-ostree#1329 |
/cc @rhatdan |
Its funny I was working on a policy to allow all of the mounts yesterday for running buildah in a container, but we decided to pull the errort and run buildah in a different way. What is the issue with seccomp? |
The default docker seccomp policy denies |
With this policy You would need to do |
@rhatdan I'm trying to call:
but, with
Running with both: My podman-info.yaml, and the SElinux report. |
Today the container-selinux policy denies
mount("tmpfs")
. Arguably...this is a bug in the policy with the advent of user namespaces. However, we could just use a temporary directory in an existing tmpfs (or just the container overlayfs which is semantically tmpfs-like). The downside of doing so is that the outer container could see/affect the inner fs, but eh.For reference today,
The text was updated successfully, but these errors were encountered: