diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-09-27 20:12:43 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-27 20:12:43 +0200 |
| commit | b794b61817e944ebd22fc74f62f54960877fe6db (patch) | |
| tree | e0ffc40e57d9b0b332c037073aa43750008b3368 | |
| parent | ecf05dd7a761d25b3e3474d7e8d4e7bb242bb984 (diff) | |
| parent | c1ae7f1934c66fa3b925076c50898b5bb724c59b (diff) | |
| download | podman-b794b61817e944ebd22fc74f62f54960877fe6db.tar.gz podman-b794b61817e944ebd22fc74f62f54960877fe6db.tar.bz2 podman-b794b61817e944ebd22fc74f62f54960877fe6db.zip | |
Merge pull request #15937 from rhatdan/man
[CI:DOCS] Add SELinux information about boolean for using random devices
| -rw-r--r-- | docs/source/markdown/options/device.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/source/markdown/options/device.md b/docs/source/markdown/options/device.md index 619c70a9b..bd6d7f9d9 100644 --- a/docs/source/markdown/options/device.md +++ b/docs/source/markdown/options/device.md @@ -12,3 +12,11 @@ The <<container|pod>> will only store the major and minor numbers of the host de Podman may load kernel modules required for using the specified device. The devices that Podman will load modules for when necessary are: /dev/fuse. + +In rootless mode, the new device is bind mounted in the container from the host +rather than Podman creating it within the container space. Because the bind +mount retains its SELinux label on SELinux systems, the container can get +permission denied when accessing the mounted device. Modify SELinux settings to +allow containers to use all device labels via the following command: + +$ sudo setsebool -P container_use_devices=true |