Document SELinux label requirements for the rootfs argument

When using the rootfs argument, SELinux systems fails silently when the files are not properly labeled. Related #3628 Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com>
author: Tristan Cacqueray <tdecacqu@redhat.com> 2019-07-23 15:23:25 +0000
committer: Tristan Cacqueray <tdecacqu@redhat.com> 2019-07-24 08:25:36 -0400
commit: e2067836a41488b962425c9e993d59c269e77d07 (patch)
tree: 618a013ce38b2a25baca0ac6c5b8b9901b32ece6 /docs/podman-run.1.md
parent: 091778354efa2d61e86ec9eea9323fa7809875c8 (diff)
download: podman-e2067836a41488b962425c9e993d59c269e77d07.tar.gz
podman-e2067836a41488b962425c9e993d59c269e77d07.tar.bz2
podman-e2067836a41488b962425c9e993d59c269e77d07.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
index d6c7ae055..c4747d234 100644
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@@ -646,6 +646,9 @@ If specified, the first argument refers to an exploded container on the file sys
 This is useful to run a container without requiring any image management, the rootfs
 of the container is assumed to be managed externally.
 
+Note: On `SELinux` systems, the rootfs needs the correct label, which is by default
+`unconfined_u:object_r:container_file_t`.
+
 **--security-opt**=*option*
 
 Security Options
author	Tristan Cacqueray <tdecacqu@redhat.com>	2019-07-23 15:23:25 +0000
committer	Tristan Cacqueray <tdecacqu@redhat.com>	2019-07-24 08:25:36 -0400
commit	e2067836a41488b962425c9e993d59c269e77d07 (patch)
tree	618a013ce38b2a25baca0ac6c5b8b9901b32ece6 /docs/podman-run.1.md
parent	091778354efa2d61e86ec9eea9323fa7809875c8 (diff)
download	podman-e2067836a41488b962425c9e993d59c269e77d07.tar.gz podman-e2067836a41488b962425c9e993d59c269e77d07.tar.bz2 podman-e2067836a41488b962425c9e993d59c269e77d07.zip