SELinux & Podman Permissions Error
I’m having some permission issues between RL9 and my custom container OS (RL9 based); any help would be appreciated.
Backstory
This container is one of several in a sequence of specialized container builds. For the container design, I took inspiration from RHEL ubi9 containers, but for reasons that RL patrons may appreciate, I built my container off from RL9 with buildah from scratch; aptly calling my containers “rbi9.” Life has been good, until my image file permissions snag.
Host Stack: x86_64, RL v9.1, Podman v4.2, Buildah v1.27.3, Podman Compose v1.0.3
Container Stack: RL v9, Systemd -v250, Nginx v1.20.1, MariaDB v10.5.16, PHP v4.0.27
Note: anything in the description below that is contained within <> brackets has been intentionally omitted.
Issue at Hand
The web server acts as expected; except when I try load images (perhaps other media) into the page, the container reports in …/nginx/error.log:
..<system deets and url of image>... failed (13:Permission denied) ...<client & host details>
When viewing the file permissions as root from within the container, via podman exec. I get the following output:
ls: cannot access '/var/www/html/images/<image_file_name>.jpg': permission denied
total 0
-????????? ? ? ? ? ? <image_file_name>.jpg
Answering the Obvious First
- This is a very new build with minor changes from the default settings.
- In the container-compose.yml all pertinent volumes are mounted with the appended
:z
option. Not sure that it matters, but the host OS is on XFS and all the persistent containers files are on ZFS pool/volumes. - I’ve reviewed the nginx mime.type, nginx.conf, etc. and those are solid.
- nginx is configured for user ‘nginx’.
- No, I don’t want to use any of the “off the shelf” solutions. This is an exercise in being a control freak.
I can post the pertinent info from any files or logs as needed, please just advise. Any troubleshooting thoughts on this issue would be helpful.
Thanks,
shimmy