Fedora 31 Server, podman and SELinux

Woti

Heiho
I haven't seen your message yet. Now 1 month has passed
Your script starts Podman automatically at boot?

Are you using Plex? I am using Kodi

stacksofplates

@Woti said in Fedora 31 Server, podman and SELinux:

Heiho
I haven't seen your message yet. Now 1 month has passed
Your script starts Podman automatically at boot?

Are you using Plex? I am using Kodi

Yeah I got it to work! Oh nice

Woti

Sounds good I'll try your solution and report.

Woti

Hei, I wanted to try your solution. Først, I wanted to run meg container setup but I get this error:

systemctl --user status container-easyepg.service
Failed to connect to bus: No such file or directory

I haven't changed anything since the last time and the container file exists...
I can start it in Cockpit but not in the console. Strange...

I figured out: I need to issue the above command as user not as root.
Is it wrong to issuer this command as user? I setted up podman to use easyepg as user not as root.
Maybe that's why the container not starts during boot?

Which podman owner are you using @stacksofplates : user or root?

stacksofplates

@Woti said in Fedora 31 Server, podman and SELinux:

Hei, I wanted to try your solution. Først, I wanted to run meg container setup but I get this error:

systemctl --user status container-easyepg.service
Failed to connect to bus: No such file or directory

I haven't changed anything since the last time and the container file exists...
I can start it in Cockpit but not in the console. Strange...

I figured out: I need to issue the above command as user not as root.
Is it wrong to issuer this command as user? I setted up podman to use easyepg as user not as root.
Maybe that's why the container not starts during boot?

Which podman owner are you using @stacksofplates : user or root?

I'm using user but not that way. I put the service in /etc/systemd/system and set a user in the unit file. So I still start it with sudo systemctl restart plex but systemd uses the user defined in the unit file to run the service.

Woti

@stacksofplates said in Fedora 31 Server, podman and SELinux:

@Woti said in Fedora 31 Server, podman and SELinux:

Hei, I wanted to try your solution. Først, I wanted to run meg container setup but I get this error:

systemctl --user status container-easyepg.service
Failed to connect to bus: No such file or directory

I haven't changed anything since the last time and the container file exists...
I can start it in Cockpit but not in the console. Strange...

I figured out: I need to issue the above command as user not as root.
Is it wrong to issuer this command as user? I setted up podman to use easyepg as user not as root.
Maybe that's why the container not starts during boot?

Which podman owner are you using @stacksofplates : user or root?

I'm using user but not that way. I put the service in /etc/systemd/system and set a user in the unit file. So I still start it with sudo systemctl restart plex but systemd uses the user defined in the unit file to run the service.

Okay. I have mine in /home/user/.config... one or another hidden directory created by podman generate commando.
Stupid question maybe: but what is the unit file?

stacksofplates

@Woti said in Fedora 31 Server, podman and SELinux:

@stacksofplates said in Fedora 31 Server, podman and SELinux:

@Woti said in Fedora 31 Server, podman and SELinux:

Hei, I wanted to try your solution. Først, I wanted to run meg container setup but I get this error:

systemctl --user status container-easyepg.service
Failed to connect to bus: No such file or directory

I haven't changed anything since the last time and the container file exists...
I can start it in Cockpit but not in the console. Strange...

I figured out: I need to issue the above command as user not as root.
Is it wrong to issuer this command as user? I setted up podman to use easyepg as user not as root.
Maybe that's why the container not starts during boot?

Which podman owner are you using @stacksofplates : user or root?

I'm using user but not that way. I put the service in /etc/systemd/system and set a user in the unit file. So I still start it with sudo systemctl restart plex but systemd uses the user defined in the unit file to run the service.

Okay. I have mine in /home/user/.config... one or another hidden directory created by podman generate commando.
Stupid question maybe: but what is the unit file?

It's the .service file. They're called units because there's a handful of different types (service, timer, path, target, etc)

Woti

Finally I found the solution here on github: https://github.com/containers/libpod/issues/5494

I used podman v1.8.0 this time I generated the easyepg.service file with podman generate. There was a bug in this version which not generated default.target. In later version it is fixed. Now it is working

[Install]
WantedBy=multi-user.target default.target

stacksofplates

@Woti said in Fedora 31 Server, podman and SELinux:

Finally I found the solution here on github: https://github.com/containers/libpod/issues/5494

I used podman v1.8.0 this time I generated the easyepg.service file with podman generate. There was a bug in this version which not generated default.target. In later version it is fixed. Now it is working

[Install]
WantedBy=multi-user.target default.target

Ah ok. I don't use the generate hardly ever because it kind of defeats the purpose of a container. It hard codes the hash for the container instead of a name for some reason.

Woti

I see I haven't tried your solution yet. But I did read about your kind of solution on Redhat Access sites.
The case with default.target is that, if podman containers runs as user they have no access on multi-user.target through systemd. If I did understand right That's why you have to use default.target instead.

I'll try your solution in a VM soonly.