containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add SELinux information about boolean for using random devices 

Fixes: https://github.com/containers/podman/issues/15930

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh 2022-09-26 09:50:01 -04:00
parent a0c0971e63
commit c1ae7f1934
No known key found for this signature in database
GPG Key ID: A2DF901DABE2C028
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/source/markdown/options/device.md
View File

@ -12,3 +12,11 @@ The <<container|pod>> will only store the major and minor numbers of the host de
Podman may load kernel modules required for using the specified Podman may load kernel modules required for using the specified
device. The devices that Podman will load modules for when necessary are: device. The devices that Podman will load modules for when necessary are:
/dev/fuse. /dev/fuse.
In rootless mode, the new device is bind mounted in the container from the host
rather than Podman creating it within the container space. Because the bind
mount retains its SELinux label on SELinux systems, the container can get
permission denied when accessing the mounted device. Modify SELinux settings to
allow containers to use all device labels via the following command:
$ sudo setsebool -P container_use_devices=true