© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Hello Jeremy,
well, I get a "permission denied" in the audit.log, without many information.
Having worked on podman case with selinux, I discovered docker was running with no selinux process separation, while podman does enforce this by default. And that's one of the most "annoying" differences, as it makes most of the "it works with docker" fails with podman.
I'm not sure how openshift works with selinux - care to check how your container engine is running? Also, currently, tripleo (and kolla) doesn't flag any container as "infra", meaning there isn't an easy way to distinguish those needing to load modules from the others. Maybe your proto also use this feature?
You can ping me on the IRC (#tripleo - username "Tengu") if you want to discuss this a bit more actively. I'm CET though, and it's nearly the end of the day here - but if you might still catch me ;).