diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2022-09-26 09:50:01 -0400 |
|---|---|---|
| committer | Daniel J Walsh <dwalsh@redhat.com> | 2022-09-26 15:07:17 -0400 |
| commit | c1ae7f1934c66fa3b925076c50898b5bb724c59b (patch) | |
| tree | 928605d0e491e664cefc549cc0e95a9eaad5b236 | |
| parent | a0c0971e63b42031d05e82c26add5354ae69a7cf (diff) | |
| download | podman-c1ae7f1934c66fa3b925076c50898b5bb724c59b.tar.gz podman-c1ae7f1934c66fa3b925076c50898b5bb724c59b.tar.bz2 podman-c1ae7f1934c66fa3b925076c50898b5bb724c59b.zip | |
Add SELinux information about boolean for using random devices
Fixes: https://github.com/containers/podman/issues/15930
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| -rw-r--r-- | docs/source/markdown/options/device.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/source/markdown/options/device.md b/docs/source/markdown/options/device.md index 619c70a9b..bd6d7f9d9 100644 --- a/docs/source/markdown/options/device.md +++ b/docs/source/markdown/options/device.md @@ -12,3 +12,11 @@ The <<container|pod>> will only store the major and minor numbers of the host de Podman may load kernel modules required for using the specified device. The devices that Podman will load modules for when necessary are: /dev/fuse. + +In rootless mode, the new device is bind mounted in the container from the host +rather than Podman creating it within the container space. Because the bind +mount retains its SELinux label on SELinux systems, the container can get +permission denied when accessing the mounted device. Modify SELinux settings to +allow containers to use all device labels via the following command: + +$ sudo setsebool -P container_use_devices=true |