Fedora 31 Server, podman and SELinux

stacksofplates

If you want to run it the other way, just set the context for the directories you want to mount. They should be container_t.

Woti

And how do I do it? That's the part with SELinux I have no idea...

stacksofplates

You would have to use it with the qoopido image.

Just start that image like a normal container and don't use that install script.

If you use that install script you have to manually set the SELinux context for the data directory.

To temporarily set it you can just do chcon -t container_t the-directory.

Woti

I tried with chcon -t container_t easyepg.
I moved easyepg to /home/myuser/easyepg

[twolf@localhost ~]$ podman start easyepg.admin
Error: unable to start container "easyepg.admin": set propagation for `/home/twolf/.local/share/containers/storage/overlay/78126aba7a4e047b690f0c6ce66d36e7b04043f04d8b994c53cf92982e9ce29d/merged/easyepg`: Permission denied: OCI runtime permission denied error

When I "pause" SELinux both containers are working fine.

[twolf@localhost ~]$ podman start easyepg.admin
easyepg.admin
[twolf@localhost ~]$ podman start easyepg.run
easyepg.run

Cloning into '/easyepg/easyepg'...
Updating main...
Updating Horizon...
'easyepg/hzn/hzn.sh' -> 'hzn/hzn.sh'
'easyepg/hzn/hzn.sh' -> 'hzn/de/'
'easyepg/hzn/hzn.sh' -> 'hzn/at/'
'easyepg/hzn/hzn.sh' -> 'hzn/ch/'
'easyepg/hzn/hzn.sh' -> 'hzn/nl/'
'easyepg/hzn/hzn.sh' -> 'hzn/pl/'
'easyepg/hzn/hzn.sh' -> 'hzn/ie/'
'easyepg/hzn/hzn.sh' -> 'hzn/sk/'
'easyepg/hzn/hzn.sh' -> 'hzn/cz/'
'easyepg/hzn/hzn.sh' -> 'hzn/hu/'
'easyepg/hzn/hzn.sh' -> 'hzn/ro/'
'easyepg/hzn/ch_json2xml.pl' -> 'hzn/ch_json2xml.pl'
'easyepg/hzn/ch_json2xml.pl' -> 'hzn/de/'
'easyepg/hzn/ch_json2xml.pl' -> 'hzn/at/'
'easyepg/hzn/ch_json2xml.pl' -> 'hzn/ch/'
'easyepg/hzn/ch_json2xml.pl' -> 'hzn/nl/'
'easyepg/hzn/ch_json2xml.pl' -> 'hzn/pl/'
'easyepg/hzn/ch_json2xml.pl' -> 'hzn/ie/'
'easyepg/hzn/ch_json2xml.pl' -> 'hzn/sk/'
'easyepg/hzn/ch_json2xml.pl' -> 'hzn/cz/'
'easyepg/hzn/ch_json2xml.pl' -> 'hzn/hu/'
'easyepg/hzn/ch_json2xml.pl' -> 'hzn/ro/'
'easyepg/hzn/cid_json.pl' -> 'hzn/cid_json.pl'
'easyepg/hzn/cid_json.pl' -> 'hzn/de/'
'easyepg/hzn/cid_json.pl' -> 'hzn/at/'
'easyepg/hzn/cid_json.pl' -> 'hzn/ch/'
'easyepg/hzn/cid_json.pl' -> 'hzn/nl/'
'easyepg/hzn/cid_json.pl' -> 'hzn/pl/'
'easyepg/hzn/cid_json.pl' -> 'hzn/ie/'
'easyepg/hzn/cid_json.pl' -> 'hzn/sk/'
'easyepg/hzn/cid_json.pl' -> 'hzn/cz/'
'easyepg/hzn/cid_json.pl' -> 'hzn/hu/'
'easyepg/hzn/cid_json.pl' -> 'hzn/ro/'
'easyepg/hzn/epg_json2xml.pl' -> 'hzn/epg_json2xml.pl'
'easyepg/hzn/epg_json2xml.pl' -> 'hzn/de/'
'easyepg/hzn/epg_json2xml.pl' -> 'hzn/at/'
'easyepg/hzn/epg_json2xml.pl' -> 'hzn/ch/'
'easyepg/hzn/epg_json2xml.pl' -> 'hzn/nl/'
'easyepg/hzn/epg_json2xml.pl' -> 'hzn/pl/'
'easyepg/hzn/epg_json2xml.pl' -> 'hzn/ie/'
'easyepg/hzn/epg_json2xml.pl' -> 'hzn/sk/'
'easyepg/hzn/epg_json2xml.pl' -> 'hzn/cz/'
'easyepg/hzn/epg_json2xml.pl' -> 'hzn/hu/'
'easyepg/hzn/epg_json2xml.pl' -> 'hzn/ro/'
'easyepg/hzn/settings.sh' -> 'hzn/settings.sh'
'easyepg/hzn/settings.sh' -> 'hzn/de/'
'easyepg/hzn/settings.sh' -> 'hzn/at/'
'easyepg/hzn/settings.sh' -> 'hzn/ch/'
'easyepg/hzn/settings.sh' -> 'hzn/nl/'
'easyepg/hzn/settings.sh' -> 'hzn/pl/'
'easyepg/hzn/settings.sh' -> 'hzn/ie/'
'easyepg/hzn/settings.sh' -> 'hzn/sk/'
'easyepg/hzn/settings.sh' -> 'hzn/cz/'
'easyepg/hzn/settings.sh' -> 'hzn/hu/'
'easyepg/hzn/settings.sh' -> 'hzn/ro/'
'easyepg/hzn/chlist_printer.pl' -> 'hzn/chlist_printer.pl'
'easyepg/hzn/chlist_printer.pl' -> 'hzn/de/'
'easyepg/hzn/chlist_printer.pl' -> 'hzn/at/'
'easyepg/hzn/chlist_printer.pl' -> 'hzn/ch/'
'easyepg/hzn/chlist_printer.pl' -> 'hzn/nl/'
'easyepg/hzn/chlist_printer.pl' -> 'hzn/pl/'
'easyepg/hzn/chlist_printer.pl' -> 'hzn/ie/'
'easyepg/hzn/chlist_printer.pl' -> 'hzn/sk/'
'easyepg/hzn/chlist_printer.pl' -> 'hzn/cz/'
'easyepg/hzn/chlist_printer.pl' -> 'hzn/hu/'
'easyepg/hzn/chlist_printer.pl' -> 'hzn/ro/'
'easyepg/hzn/compare_menu.pl' -> 'hzn/compare_menu.pl'
'easyepg/hzn/compare_menu.pl' -> 'hzn/de/'
'easyepg/hzn/compare_menu.pl' -> 'hzn/at/'
'easyepg/hzn/compare_menu.pl' -> 'hzn/ch/'
'easyepg/hzn/compare_menu.pl' -> 'hzn/nl/'
'easyepg/hzn/compare_menu.pl' -> 'hzn/pl/'
'easyepg/hzn/compare_menu.pl' -> 'hzn/ie/'
'easyepg/hzn/compare_menu.pl' -> 'hzn/sk/'
'easyepg/hzn/compare_menu.pl' -> 'hzn/cz/'
'easyepg/hzn/compare_menu.pl' -> 'hzn/hu/'
'easyepg/hzn/compare_menu.pl' -> 'hzn/ro/'
'easyepg/hzn/url_printer.pl' -> 'hzn/url_printer.pl'
'easyepg/hzn/url_printer.pl' -> 'hzn/de/'
'easyepg/hzn/url_printer.pl' -> 'hzn/at/'
'easyepg/hzn/url_printer.pl' -> 'hzn/ch/'
'easyepg/hzn/url_printer.pl' -> 'hzn/nl/'
'easyepg/hzn/url_printer.pl' -> 'hzn/pl/'
'easyepg/hzn/url_printer.pl' -> 'hzn/ie/'
'easyepg/hzn/url_printer.pl' -> 'hzn/sk/'
'easyepg/hzn/url_printer.pl' -> 'hzn/cz/'
'easyepg/hzn/url_printer.pl' -> 'hzn/hu/'
'easyepg/hzn/url_printer.pl' -> 'hzn/ro/'
Updating Zattoo...
'easyepg/ztt/ztt.sh' -> 'ztt/ztt.sh'
'easyepg/ztt/ztt.sh' -> 'ztt/de/'
'easyepg/ztt/ztt.sh' -> 'ztt/ch/'
'easyepg/ztt/settings.sh' -> 'ztt/settings.sh'
'easyepg/ztt/settings.sh' -> 'ztt/de/'
'easyepg/ztt/settings.sh' -> 'ztt/ch/'
'easyepg/ztt/compare_crid.pl' -> 'ztt/compare_crid.pl'
'easyepg/ztt/compare_crid.pl' -> 'ztt/de/'
'easyepg/ztt/compare_crid.pl' -> 'ztt/ch/'
'easyepg/ztt/save_page.js' -> 'ztt/save_page.js'
'easyepg/ztt/save_page.js' -> 'ztt/de/'
'easyepg/ztt/save_page.js' -> 'ztt/ch/'
'easyepg/ztt/epg_json2xml.pl' -> 'ztt/epg_json2xml.pl'
'easyepg/ztt/epg_json2xml.pl' -> 'ztt/de/'
'easyepg/ztt/epg_json2xml.pl' -> 'ztt/ch/'
'easyepg/ztt/ch_json2xml.pl' -> 'ztt/ch_json2xml.pl'
'easyepg/ztt/ch_json2xml.pl' -> 'ztt/de/'
'easyepg/ztt/ch_json2xml.pl' -> 'ztt/ch/'
'easyepg/ztt/cid_json.pl' -> 'ztt/cid_json.pl'
'easyepg/ztt/cid_json.pl' -> 'ztt/de/'
'easyepg/ztt/cid_json.pl' -> 'ztt/ch/'
'easyepg/ztt/chlist_printer.pl' -> 'ztt/chlist_printer.pl'
'easyepg/ztt/chlist_printer.pl' -> 'ztt/de/'
'easyepg/ztt/chlist_printer.pl' -> 'ztt/ch/'
'easyepg/ztt/compare_menu.pl' -> 'ztt/compare_menu.pl'
'easyepg/ztt/compare_menu.pl' -> 'ztt/de/'
'easyepg/ztt/compare_menu.pl' -> 'ztt/ch/'
Updating Swisscom...
'easyepg/swc/swc.sh' -> 'swc/swc.sh'
'easyepg/swc/swc.sh' -> 'swc/ch/'
'easyepg/swc/settings.sh' -> 'swc/settings.sh'
'easyepg/swc/settings.sh' -> 'swc/ch/'
'easyepg/swc/epg_json2xml.pl' -> 'swc/epg_json2xml.pl'
'easyepg/swc/epg_json2xml.pl' -> 'swc/ch/'
'easyepg/swc/ch_json2xml.pl' -> 'swc/ch_json2xml.pl'
'easyepg/swc/ch_json2xml.pl' -> 'swc/ch/'
'easyepg/swc/cid_json.pl' -> 'swc/cid_json.pl'
'easyepg/swc/cid_json.pl' -> 'swc/ch/'
'easyepg/swc/chlist_printer.pl' -> 'swc/chlist_printer.pl'
'easyepg/swc/chlist_printer.pl' -> 'swc/ch/'
'easyepg/swc/compare_menu.pl' -> 'swc/compare_menu.pl'
'easyepg/swc/compare_menu.pl' -> 'swc/ch/'
'easyepg/swc/url_printer.pl' -> 'swc/url_printer.pl'
'easyepg/swc/url_printer.pl' -> 'swc/ch/'
Updating tvPlayer...
'easyepg/tvp/tvp.sh' -> 'tvp/tvp.sh'
'easyepg/tvp/tvp.sh' -> 'tvp/uk/'
'easyepg/tvp/settings.sh' -> 'tvp/settings.sh'
'easyepg/tvp/settings.sh' -> 'tvp/uk/'
'easyepg/tvp/epg_json2xml.pl' -> 'tvp/epg_json2xml.pl'
'easyepg/tvp/epg_json2xml.pl' -> 'tvp/uk/'
'easyepg/tvp/ch_json2xml.pl' -> 'tvp/ch_json2xml.pl'
'easyepg/tvp/ch_json2xml.pl' -> 'tvp/uk/'
'easyepg/tvp/cid_json.pl' -> 'tvp/cid_json.pl'
'easyepg/tvp/cid_json.pl' -> 'tvp/uk/'
'easyepg/tvp/chlist_printer.pl' -> 'tvp/chlist_printer.pl'
'easyepg/tvp/chlist_printer.pl' -> 'tvp/uk/'
'easyepg/tvp/compare_menu.pl' -> 'tvp/compare_menu.pl'
'easyepg/tvp/compare_menu.pl' -> 'tvp/uk/'
'easyepg/tvp/compare_crid.pl' -> 'tvp/compare_crid.pl'
'easyepg/tvp/compare_crid.pl' -> 'tvp/uk/'
Updating Telekom...
'easyepg/tkm/tkm.sh' -> 'tkm/tkm.sh'
'easyepg/tkm/tkm.sh' -> 'tkm/de/'
'easyepg/tkm/settings.sh' -> 'tkm/settings.sh'
'easyepg/tkm/settings.sh' -> 'tkm/de/'
'easyepg/tkm/epg_json2xml.pl' -> 'tkm/epg_json2xml.pl'
'easyepg/tkm/epg_json2xml.pl' -> 'tkm/de/'
'easyepg/tkm/ch_json2xml.pl' -> 'tkm/ch_json2xml.pl'
'easyepg/tkm/ch_json2xml.pl' -> 'tkm/de/'
'easyepg/tkm/cid_json.pl' -> 'tkm/cid_json.pl'
'easyepg/tkm/cid_json.pl' -> 'tkm/de/'
'easyepg/tkm/chlist_printer.pl' -> 'tkm/chlist_printer.pl'
'easyepg/tkm/chlist_printer.pl' -> 'tkm/de/'
'easyepg/tkm/compare_menu.pl' -> 'tkm/compare_menu.pl'
'easyepg/tkm/compare_menu.pl' -> 'tkm/de/'
'easyepg/tkm/url_printer.pl' -> 'tkm/url_printer.pl'
'easyepg/tkm/url_printer.pl' -> 'tkm/de/'
'easyepg/tkm/proxy.sh' -> 'tkm/proxy.sh'
'easyepg/tkm/proxy.sh' -> 'tkm/de/'
'easyepg/tkm/web_magentatv_de.php' -> 'tkm/web_magentatv_de.php'
'easyepg/tkm/web_magentatv_de.php' -> 'tkm/de/'
Updating RadioTimes...
'easyepg/rdt/rdt.sh' -> 'rdt/rdt.sh'
'easyepg/rdt/rdt.sh' -> 'rdt/uk/'
'easyepg/rdt/settings.sh' -> 'rdt/settings.sh'
'easyepg/rdt/settings.sh' -> 'rdt/uk/'
'easyepg/rdt/epg_json2xml.pl' -> 'rdt/epg_json2xml.pl'
'easyepg/rdt/epg_json2xml.pl' -> 'rdt/uk/'
'easyepg/rdt/ch_json2xml.pl' -> 'rdt/ch_json2xml.pl'
'easyepg/rdt/ch_json2xml.pl' -> 'rdt/uk/'
'easyepg/rdt/cid_json.pl' -> 'rdt/cid_json.pl'
'easyepg/rdt/cid_json.pl' -> 'rdt/uk/'
'easyepg/rdt/chlist_printer.pl' -> 'rdt/chlist_printer.pl'
'easyepg/rdt/chlist_printer.pl' -> 'rdt/uk/'
'easyepg/rdt/compare_menu.pl' -> 'rdt/compare_menu.pl'
'easyepg/rdt/compare_menu.pl' -> 'rdt/uk/'
'easyepg/rdt/compare_crid.pl' -> 'rdt/compare_crid.pl'
'easyepg/rdt/compare_crid.pl' -> 'rdt/uk/'
'easyepg/rdt/url_printer.pl' -> 'rdt/url_printer.pl'
'easyepg/rdt/url_printer.pl' -> 'rdt/uk/'
Updating waipu.tv...
'easyepg/wpu/wpu.sh' -> 'wpu/wpu.sh'
'easyepg/wpu/wpu.sh' -> 'wpu/de/'
'easyepg/wpu/settings.sh' -> 'wpu/settings.sh'
'easyepg/wpu/settings.sh' -> 'wpu/de/'
'easyepg/wpu/epg_json2xml.pl' -> 'wpu/epg_json2xml.pl'
'easyepg/wpu/epg_json2xml.pl' -> 'wpu/de/'
'easyepg/wpu/ch_json2xml.pl' -> 'wpu/ch_json2xml.pl'
'easyepg/wpu/ch_json2xml.pl' -> 'wpu/de/'
'easyepg/wpu/cid_json.pl' -> 'wpu/cid_json.pl'
'easyepg/wpu/cid_json.pl' -> 'wpu/de/'
'easyepg/wpu/chlist_printer.pl' -> 'wpu/chlist_printer.pl'
'easyepg/wpu/chlist_printer.pl' -> 'wpu/de/'
'easyepg/wpu/compare_menu.pl' -> 'wpu/compare_menu.pl'
'easyepg/wpu/compare_menu.pl' -> 'wpu/de/'
Updating TV-Spielfilm...
'easyepg/tvs/tvs.sh' -> 'tvs/tvs.sh'
'easyepg/tvs/tvs.sh' -> 'tvs/de/'
'easyepg/tvs/settings.sh' -> 'tvs/settings.sh'
'easyepg/tvs/settings.sh' -> 'tvs/de/'
'easyepg/tvs/epg_json2xml.pl' -> 'tvs/epg_json2xml.pl'
'easyepg/tvs/epg_json2xml.pl' -> 'tvs/de/'
'easyepg/tvs/ch_json2xml.pl' -> 'tvs/ch_json2xml.pl'
'easyepg/tvs/ch_json2xml.pl' -> 'tvs/de/'
'easyepg/tvs/cid_json.pl' -> 'tvs/cid_json.pl'
'easyepg/tvs/cid_json.pl' -> 'tvs/de/'
'easyepg/tvs/chlist_printer.pl' -> 'tvs/chlist_printer.pl'
'easyepg/tvs/chlist_printer.pl' -> 'tvs/de/'
'easyepg/tvs/compare_menu.pl' -> 'tvs/compare_menu.pl'
'easyepg/tvs/compare_menu.pl' -> 'tvs/de/'
'easyepg/tvs/url_printer.pl' -> 'tvs/url_printer.pl'
'easyepg/tvs/url_printer.pl' -> 'tvs/de/'
Updating VODAFONE...
'easyepg/vdf/vdf.sh' -> 'vdf/vdf.sh'
'easyepg/vdf/vdf.sh' -> 'vdf/de/'
'easyepg/vdf/settings.sh' -> 'vdf/settings.sh'
'easyepg/vdf/settings.sh' -> 'vdf/de/'
'easyepg/vdf/epg_json2xml.pl' -> 'vdf/epg_json2xml.pl'
'easyepg/vdf/epg_json2xml.pl' -> 'vdf/de/'
'easyepg/vdf/ch_json2xml.pl' -> 'vdf/ch_json2xml.pl'
'easyepg/vdf/ch_json2xml.pl' -> 'vdf/de/'
'easyepg/vdf/compare_crid.pl' -> 'vdf/compare_crid.pl'
'easyepg/vdf/compare_crid.pl' -> 'vdf/de/'
'easyepg/vdf/cid_json.pl' -> 'vdf/cid_json.pl'
'easyepg/vdf/cid_json.pl' -> 'vdf/de/'
'easyepg/vdf/chlist_printer.pl' -> 'vdf/chlist_printer.pl'
'easyepg/vdf/chlist_printer.pl' -> 'vdf/de/'
'easyepg/vdf/compare_menu.pl' -> 'vdf/compare_menu.pl'
'easyepg/vdf/compare_menu.pl' -> 'vdf/de/'
'easyepg/vdf/url_printer.pl' -> 'vdf/url_printer.pl'
'easyepg/vdf/url_printer.pl' -> 'vdf/de/'
Updating TVTV...
'easyepg/tvtv/tvtv.sh' -> 'tvtv/tvtv.sh'
'easyepg/tvtv/tvtv.sh' -> 'tvtv/us/'
'easyepg/tvtv/tvtv.sh' -> 'tvtv/ca/'
'easyepg/tvtv/settings.sh' -> 'tvtv/settings.sh'
'easyepg/tvtv/settings.sh' -> 'tvtv/us/'
'easyepg/tvtv/settings.sh' -> 'tvtv/ca/'
'easyepg/tvtv/compare_crid.pl' -> 'tvtv/compare_crid.pl'
'easyepg/tvtv/compare_crid.pl' -> 'tvtv/us/'
'easyepg/tvtv/compare_crid.pl' -> 'tvtv/ca/'
'easyepg/tvtv/epg_json2xml.pl' -> 'tvtv/epg_json2xml.pl'
'easyepg/tvtv/epg_json2xml.pl' -> 'tvtv/us/'
'easyepg/tvtv/epg_json2xml.pl' -> 'tvtv/ca/'
'easyepg/tvtv/ch_json2xml.pl' -> 'tvtv/ch_json2xml.pl'
'easyepg/tvtv/ch_json2xml.pl' -> 'tvtv/us/'
'easyepg/tvtv/ch_json2xml.pl' -> 'tvtv/ca/'
'easyepg/tvtv/cid_json.pl' -> 'tvtv/cid_json.pl'
'easyepg/tvtv/cid_json.pl' -> 'tvtv/us/'
'easyepg/tvtv/cid_json.pl' -> 'tvtv/ca/'
'easyepg/tvtv/chlist_printer.pl' -> 'tvtv/chlist_printer.pl'
'easyepg/tvtv/chlist_printer.pl' -> 'tvtv/us/'
'easyepg/tvtv/chlist_printer.pl' -> 'tvtv/ca/'
'easyepg/tvtv/compare_menu.pl' -> 'tvtv/compare_menu.pl'
'easyepg/tvtv/compare_menu.pl' -> 'tvtv/us/'
'easyepg/tvtv/compare_menu.pl' -> 'tvtv/ca/'
'easyepg/tvtv/url_printer.pl' -> 'tvtv/url_printer.pl'
'easyepg/tvtv/url_printer.pl' -> 'tvtv/us/'
'easyepg/tvtv/url_printer.pl' -> 'tvtv/ca/'
Updating External...
'easyepg/ext/ext.sh' -> 'ext/ext.sh'
'easyepg/ext/ext.sh' -> 'ext/oa/'
'easyepg/ext/ext.sh' -> 'ext/ob/'
'easyepg/ext/ext.sh' -> 'ext/oc/'
'easyepg/ext/settings.sh' -> 'ext/settings.sh'
'easyepg/ext/settings.sh' -> 'ext/oa/'
'easyepg/ext/settings.sh' -> 'ext/ob/'
'easyepg/ext/settings.sh' -> 'ext/oc/'
'easyepg/ext/epg_ext.pl' -> 'ext/epg_ext.pl'
'easyepg/ext/epg_ext.pl' -> 'ext/oa/'
'easyepg/ext/epg_ext.pl' -> 'ext/ob/'
'easyepg/ext/epg_ext.pl' -> 'ext/oc/'
'easyepg/ext/ch_ext.pl' -> 'ext/ch_ext.pl'
'easyepg/ext/ch_ext.pl' -> 'ext/oa/'
'easyepg/ext/ch_ext.pl' -> 'ext/ob/'
'easyepg/ext/ch_ext.pl' -> 'ext/oc/'
'easyepg/ext/compare_menu.pl' -> 'ext/compare_menu.pl'
'easyepg/ext/compare_menu.pl' -> 'ext/oa/'
'easyepg/ext/compare_menu.pl' -> 'ext/ob/'
'easyepg/ext/compare_menu.pl' -> 'ext/oc/'
UPDATE FINISHED!

Current default time zone: 'Europe/Berlin'
Local time is now:      Sun Mar  8 19:34:08 CET 2020.
Universal Time is now:  Sun Mar  8 18:34:08 UTC 2020.

easyepg:x:1000:

stacksofplates

are you also running Docker? I tried to do their pipe to script install and it failed because it couldn't connect to the Docker daemon.

stacksofplates

I'm guessing the only way to do it with Podman is to build the Dockerfile and then most likely use Podman to make a pod of the containers you want to run.

Woti

Don't need to run Docker. I do not run Docker but the Docker to Podman alias package needs to install

dnf install podman-docker 

With that installed, the script will find "Docker".

stacksofplates

My apologies. I gave you the wrong SELinux label. The correct type is container_file_t. So run chcon -t container_file_t dir_name` and it should be the correct context.

Woti

No problem Anyway it does not work. Plenty of SELinux errors. I'll stop now with Podman and try to get working the cronjob commando without overwriting file permissions.

I'm running in a VM so I can play around and crash

Until I found a solution I'll issue the easyepg script manually on my Fedora Server host, just like I do today.

stacksofplates

@Woti said in Fedora 31 Server, podman and SELinux:

No problem Anyway it does not work. Plenty of SELinux errors. I'll stop now with Podman and try to get working the cronjob commando without overwriting file permissions.

I'm running in a VM so I can play around and crash

Until I found a solution I'll issue the easyepg script manually on my Fedora Server host, just like I do today.

Weird. I was able to start the admin container with that SELinux label.

Woti

This post is deleted!

Woti

Finally I tried again. I removed all images and container and easyepg directory. I created a new directory in my /home/user/easyepg.
At first I run your SELinux command as root user. After that as user I run the script and I could successfully run the images without any SELinux errors

That's nice

I found out there was an image missing: easyepg.cron
In the script file https://raw.githubusercontent.com/dlueth/easyepg.minimal/master/init they use the flag --restart unless-stopped.

sh -c "docker create -l easyepg.minimal --name=easyepg.cron -e MODE=\"cron\" --restart unless-stopped ${OPTIONS} qoopido/easyepg.minimal:${TAG} 1> /dev/null"

This flag isn't supported by Podman.
I guess Podman won't start easyepg.cron after server restart?
Is there any solution?

I downloaded the script with wget and made it executable. I removed the flag --reload unless-stopped and it worked.
As it said, now I could convert the script to Portman and is there any way to get the SELinux label to work after reboot of the server?

Thanks a lot for your help so long @stacksofplates

stacksofplates

@Woti said in Fedora 31 Server, podman and SELinux:

Finally I tried again. I removed all images and container and easyepg directory. I created a new directory in my /home/user/easyepg.
At first I run your SELinux command as root user. After that as user I run the script and I could successfully run the images without any SELinux errors

That's nice

I found out there was an image missing: easyepg.cron
In the script file https://raw.githubusercontent.com/dlueth/easyepg.minimal/master/init they use the flag --restart unless-stopped.

sh -c "docker create -l easyepg.minimal --name=easyepg.cron -e MODE=\"cron\" --restart unless-stopped ${OPTIONS} qoopido/easyepg.minimal:${TAG} 1> /dev/null"

This flag isn't supported by Podman.
I guess Podman won't start easyepg.cron after server restart?
Is there any solution?

I downloaded the script with wget and made it executable. I removed the flag --reload unless-stopped and it worked.
As it said, now I could convert the script to Portman and is there any way to get the SELinux label to work after reboot of the server?

Thanks a lot for your help so long @stacksofplates

No prob. That flag doesn't work because podman isn't a daemon. You can just create a systemd unit to start it and keep it running.

The SELinux label will still be there after a reboot. It's "temporary" but that only means it will change on a relabel of the filesystem or a restorecon command.

stacksofplates

Semanage will permanently change the context. I'll get the exact command when I'm done driving.

stacksofplates

Sorry it took so long. It's semanage fcontext -a -t container_file_t <your-directory>.

To do it recursively it's: semanage fcontext -a -t container_file_t "<your-directory>(/.*)?"

Woti

No stress sir Thanks for the command. I'll try it later.

Woti

@stacksofplates your semanage commands are working fine

Woti

Hello again
I have now created a systemd service for podman easyepg by following this tutorial:
https://www.redhat.com/sysadmin/podman-shareable-systemd-services
and it looks like it works.
Is there any way I can test if updating of epg channel informasjon is working as expected by triggering manuelly? The cronjob executes 2 a.m.

After reboot the service is loaded but inactive. I have to activate manually? How can I figure out what's going wrong during boot?

podman generate systemd --name easyepg.cron 

# container-easyepg.cron.service
# autogenerated by Podman 1.8.0
# Mon Mar 16 22:40:13 CET 2020

[Unit]
Description=Podman container-easyepg.cron.service
Documentation=man:podman-generate-systemd(1)

[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start easyepg.cron
ExecStop=/usr/bin/podman stop -t 10 easyepg.cron
PIDFile=/run/user/1000/containers/overlay-containers/a5482f12e8b718d6d080eb0a10283b456e58f57c2f1bd22c64e49f9e91073da8/userdata/conmon.pid
KillMode=none
Type=forking

[Install]
WantedBy=multi-user.target

systemctl --user status container-easyepg.service

● container-easyepg.service - Podman container-easyepg.cron.service
   Loaded: loaded (/home/twolf/.config/systemd/user/container-easyepg.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-03-17 21:30:35 CET; 1s ago
     Docs: man:podman-generate-systemd(1)
  Process: 1405 ExecStart=/usr/bin/podman start easyepg.cron (code=exited, status=0/SUCCESS)
 Main PID: 1429 (conmon)
    Tasks: 4 (limit: 2333)
   Memory: 23.0M
      CPU: 1.092s
   CGroup: /user.slice/user-1000.slice/[email protected]/container-easyepg.service
           ├─1420 /usr/bin/fuse-overlayfs -o lowerdir=/home/twolf/.local/share/containers/storage/overlay/l/2YMPIRCLJIU>           ├─1423 /usr/bin/slirp4netns --disable-host-loopback --mtu 65520 -c -e 3 -r 4 --netns-type=path /run/user/100>           └─1429 /usr/bin/conmon --api-version 1 -s -c a5482f12e8b718d6d080eb0a10283b456e58f57c2f1bd22c64e49f9e91073da>
Mär 17 21:30:33 localhost.localdomain systemd[981]: Starting Podman container-easyepg.cron.service...
Mär 17 21:30:35 localhost.localdomain podman[1405]: 2020-03-17 21:30:35.237845063 +0100 CET m=+1.249145219 container in>Mär 17 21:30:35 localhost.localdomain podman[1405]: 2020-03-17 21:30:35.287066083 +0100 CET m=+1.298366135 container st>Mär 17 21:30:35 localhost.localdomain podman[1405]: easyepg.cron
Mär 17 21:30:35 localhost.localdomain systemd[981]: Started Podman container-easyepg.cron.service.

podman ps

CONTAINER ID  IMAGE                                     COMMAND  CREATED     STATUS             PORTS  NAMES
a5482f12e8b7  docker.io/qoopido/easyepg.minimal:latest           6 days ago  Up 12 minutes ago         easyepg.cron

stacksofplates

If it's really using cron, I don't know of a way to make it test without letting that happen.

As for the other issue, I've had that as well and I don't know a way around it. I'm still trying to figure that out. I run plex in a container and every time the host reboots I have to restart it.

Woti

As for now the server is rebooting once or twice in a month due updates. There's no big problem to start the service manually. Maybe one day we figure out why it isn't starting automatically.

Anyway. Thanx for your effort to get rid of the SElinux problem.