Fedora 31 Server, podman and SELinux
-
So I got a container to start with the system. I don't like what
podman generate systemdgives you because it defeats the purpose of a container. Here's what I have:[Unit] Description=Plex After=network.target [Service] TimeoutStartSec=5m Restart=always ExecStartPre=-/usr/bin/podman rm -f plex ExecStart=podman run --name plex -v /mnt/media/movies:/movies -v /mnt/media/tv:/tv -v /mnt/media/music:/music -v /home/jhooks/plex/config:/config -p 32400:32400 -p 32400:32400/udp -p 32469:32469 -p 32469:32469/udp -p 5353:5353/udp -p 1900:1900/udp linuxserver/plex ExecStop=-/usr/bin/podman kill plex Type=simple User=jhooks RestartSec=30 [Install] WantedBy=multi-user.targetI was running
ExecStart=podman run -d --rm --name plex blah blahbut even when I used forking it was failing to track the process.This will kill the container and spin up a new one for me each time which is what I wanted. That way I'm not dependent on container IDs existing.
-
Heiho
I haven't seen your message yet. Now 1 month has passed
Your script starts Podman automatically at boot?Are you using Plex? I am using Kodi
-
@Woti said in Fedora 31 Server, podman and SELinux:
Heiho
I haven't seen your message yet. Now 1 month has passed
Your script starts Podman automatically at boot?Are you using Plex? I am using Kodi
Yeah I got it to work! Oh nice
-
Sounds good
I'll try your solution and report. -
Hei, I wanted to try your solution. Fรธrst, I wanted to run meg container setup but I get this error:
systemctl --user status container-easyepg.service Failed to connect to bus: No such file or directoryI haven't changed anything since the last time and the container file exists...
I can start it in Cockpit but not in the console. Strange...I figured out: I need to issue the above command as user not as root.
Is it wrong to issuer this command as user? I setted up podman to use easyepg as user not as root.
Maybe that's why the container not starts during boot?Which podman owner are you using @stacksofplates : user or root?
-
@Woti said in Fedora 31 Server, podman and SELinux:
Hei, I wanted to try your solution. Fรธrst, I wanted to run meg container setup but I get this error:
systemctl --user status container-easyepg.service Failed to connect to bus: No such file or directoryI haven't changed anything since the last time and the container file exists...
I can start it in Cockpit but not in the console. Strange...I figured out: I need to issue the above command as user not as root.
Is it wrong to issuer this command as user? I setted up podman to use easyepg as user not as root.
Maybe that's why the container not starts during boot?Which podman owner are you using @stacksofplates : user or root?
I'm using user but not that way. I put the service in
/etc/systemd/systemand set a user in the unit file. So I still start it withsudo systemctl restart plexbut systemd uses the user defined in the unit file to run the service. -
@stacksofplates said in Fedora 31 Server, podman and SELinux:
@Woti said in Fedora 31 Server, podman and SELinux:
Hei, I wanted to try your solution. Fรธrst, I wanted to run meg container setup but I get this error:
systemctl --user status container-easyepg.service Failed to connect to bus: No such file or directoryI haven't changed anything since the last time and the container file exists...
I can start it in Cockpit but not in the console. Strange...I figured out: I need to issue the above command as user not as root.
Is it wrong to issuer this command as user? I setted up podman to use easyepg as user not as root.
Maybe that's why the container not starts during boot?Which podman owner are you using @stacksofplates : user or root?
I'm using user but not that way. I put the service in
/etc/systemd/systemand set a user in the unit file. So I still start it withsudo systemctl restart plexbut systemd uses the user defined in the unit file to run the service.Okay. I have mine in /home/user/.config... one or another hidden directory created by podman generate commando.
Stupid question maybe: but what is the unit file? -
@Woti said in Fedora 31 Server, podman and SELinux:
@stacksofplates said in Fedora 31 Server, podman and SELinux:
@Woti said in Fedora 31 Server, podman and SELinux:
Hei, I wanted to try your solution. Fรธrst, I wanted to run meg container setup but I get this error:
systemctl --user status container-easyepg.service Failed to connect to bus: No such file or directoryI haven't changed anything since the last time and the container file exists...
I can start it in Cockpit but not in the console. Strange...I figured out: I need to issue the above command as user not as root.
Is it wrong to issuer this command as user? I setted up podman to use easyepg as user not as root.
Maybe that's why the container not starts during boot?Which podman owner are you using @stacksofplates : user or root?
I'm using user but not that way. I put the service in
/etc/systemd/systemand set a user in the unit file. So I still start it withsudo systemctl restart plexbut systemd uses the user defined in the unit file to run the service.Okay. I have mine in /home/user/.config... one or another hidden directory created by podman generate commando.
Stupid question maybe: but what is the unit file?It's the .service file. They're called units because there's a handful of different types (service, timer, path, target, etc)
-
Finally I found the solution here on github: https://github.com/containers/libpod/issues/5494
I used podman v1.8.0 this time I generated the easyepg.service file with podman generate. There was a bug in this version which not generated default.target. In later version it is fixed. Now it is working
[Install] WantedBy=multi-user.target default.target -
@Woti said in Fedora 31 Server, podman and SELinux:
Finally I found the solution here on github: https://github.com/containers/libpod/issues/5494
I used podman v1.8.0 this time I generated the easyepg.service file with podman generate. There was a bug in this version which not generated default.target. In later version it is fixed. Now it is working
[Install] WantedBy=multi-user.target default.targetAh ok. I don't use the generate hardly ever because it kind of defeats the purpose of a container. It hard codes the hash for the container instead of a name for some reason.
-
I see
I haven't tried your solution yet. But I did read about your kind of solution on Redhat Access sites.
The case with default.target is that, if podman containers runs as user they have no access on multi-user.target through systemd. If I did understand right That's why you have to use default.target instead.I'll try your solution in a VM soonly.
