Skip to content

wip: compatibility with rootless podman and selinux #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rriemann wants to merge 1 commit into
base: master
Choose a base branch
from
Open

wip: compatibility with rootless podman and selinux #34

rriemann wants to merge 1 commit into from

Conversation

@rriemann
Copy link

@rriemann rriemann commented Oct 18, 2024

Dears,

thanks for openxpi and the docker setup. I have tried to spin it up on Fedora Kinoite that comes with rootless podman and SELinux.

In such situation, the boot fails for several reasons (my best guesses here):

  • SELinux prevents the containers from reading config files at ./openxpki-config/contrib/sql/schema-mariadb.sql and ./openxpki-config
  • I suspect a race conditions between the containers to create the /var/run/mysqld folder or the socket in it. If the openxpki containers win this race, then the mariadb container fails with:
[db]              | 2024-10-18 21:24:11 0 [ERROR] Can't start server : Bind on unix socket: Permission denied
[db]              | 2024-10-18 21:24:11 0 [ERROR] Do you already have another server running on socket: /run/mysqld/mysqld.sock ?

To solve the first issue, I have added the :z flag to the volume mounts and added a flag.

Resources:

A current work around is to not rely on the socket, but instead use TCP to connect to the database.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rriemann