I'm trying to setup a docker container pducharme/unifi-video-controller on fedora 31. SElinux is preventing this container to mount. With selinux set to permissive the container runs fine. time->Mon Mar 9 22:31:34 2020 type=AVC msg=audit(1583807494.146:39157): avc: denied { mount } for pid=1744176 comm="mount" name="/" dev="tmpfs" ino=6140956 scontext=system_u:system_r:container_t:s0:c392,c980 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=0 ---- time->Mon Mar 9 22:31:34 2020 type=AVC msg=audit(1583807494.146:39158): avc: denied { mount } for pid=1744176 comm="mount" name="/" dev="tmpfs" ino=6140957 scontext=system_u:system_r:container_t:s0:c392,c980 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=0
The Container must be attempting to execute a mount command? This would be blocked by SELinux as well as CAP_SYS_ADMIN capability. Most likely you would need to run this container without these protections. podman run --security-opt label=disable --cap-add CAP_SYS_ADMIN ...