Attempting a podman play on another VM

The podman saga continues. The podman equivalent of a docker-compose.yml can be created from a pod with the following command:

podman generate kube (name of pod) > (filename).yaml

So I did that with the pod that I’d created with an SELinux context. Now it was time to try it on another Fedora 31 VM to see if it would work. To be on the safe side, I started off creating the phpIPAM folder, chowning it to nobody and chmoding it to 777.

Then I ran:

# podman play kube phpIPAM-withSELinux.yaml

That triggered it to grab the images from Docker Hub. As per usual, the CPU spiked like crazy as it did Podman things. Not sure if this is due to the VM, Podman not having a daemon, something else…. But just something to note. At the end it printed out:


Interestingly, it doesn’t appear that I had to punch a hole through the firewall this time. Perhaps that was just a consequence of me not knowing exactly what was happening on my first attempts with Podman.

Unfortunately, the SELinux :Z attribute doesn’t appear to have come over. That makes sense as when I did a diff with the previous yaml I’d created, I didn’t see anything about that. First let me try the setsebool command.

# setsebool -P container_manage_cgroup true 

So now I want to try one of the other commands I found while trying to figure out the SELinux issue.

# chcon -Rt svirt_sandbox_file_t phpipam/

Then I rebooted the container. This does not appear to be enough to get it working. The SELinux page had some solutions it wanted me to type. So I try those.

After doing:

# ausearch -c 'chown' --raw | audit2allow -M my-chown # semodule -X 300 -i my-chown.pp
# semodule -i my-chown.pp

It appears to actually run the phpIPAM install. And I got to a login page!

I think I’m ready to start converting all my docker-compose files to podman play yaml files and start migrating things on my main server.