Bounty: 50
I’m new to SElinux so I don’t know much about how to use it. I want to run my Fedora Server using a samba share (already configured and working) and configured a podman container, mounting the same directory. But while SElinux is on, the container cannot access the mounted directory. Turning SElinux off (setenforce 0) "solves" that.
So currently I’ve tried using public_content_rw_t on that directory, but still not works.
# first try
$ semanage fcontext -a -t samba_share_t "/srv/downloads(/.*)?"
$ restorecon -Rv /srv/downloads
# second try
$ semanage fcontext -m -t public_content_rw_t "/srv/downloads(/.*)?"
$ restorecon -Rv /srv/downloads
In both cases, podman container is not able to access the same directory. SElinux is preventing it (logs: setroubleshoot[1232603]: SELinux is preventing java from write access on the directory /srv/downloads). For example using: podman exec -it $CONTAINER ls -l /downloads (mounted /srv/downloads:/downloads with rw).
I want to run my server with SElinux. What do I need to configure, that both processes are able to use the same directory?