Description of problem: SELinux is preventing sbis-daemon from 'create' accesses on the directory __pycache__. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that sbis-daemon should be allowed create access on the __pycache__ directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'sbis-daemon' --raw | audit2allow -M my-sbisdaemon # semodule -X 300 -i my-sbisdaemon.pp Additional Information: Source Context system_u:system_r:container_t:s0:c801,c995 Target Context system_u:object_r:user_home_t:s0 Target Objects __pycache__ [ dir ] Source sbis-daemon Source Path sbis-daemon Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-38.8-1.fc39.noarch Local Policy RPM selinux-policy-targeted-38.8-1.fc39.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 6.3.0- 0.rc3.20230323gitfff5a5e7f528.32.fc39.x86_64+debug #1 SMP PREEMPT_DYNAMIC Thu Mar 23 17:04:23 UTC 2023 x86_64 Alert Count 2 First Seen 2023-03-24 20:25:20 +05 Last Seen 2023-03-24 20:42:30 +05 Local ID 06681341-c01e-4be3-a6db-021146312d8f Raw Audit Messages type=AVC msg=audit(1679672550.840:2162): avc: denied { create } for pid=109086 comm="FutureInvoke" name="__pycache__" scontext=system_u:system_r:container_t:s0:c801,c995 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=1 Hash: sbis-daemon,container_t,user_home_t,dir,create Version-Release number of selected component: selinux-policy-targeted-38.8-1.fc39.noarch Additional info: reporter: libreport-2.17.9 reason: SELinux is preventing sbis-daemon from 'create' accesses on the directory __pycache__. package: selinux-policy-targeted-38.8-1.fc39.noarch component: selinux-policy hashmarkername: setroubleshoot type: libreport kernel: 6.3.0-0.rc3.20230324git1e760fa3596e.34.fc39.x86_64+debug component: selinux-policy
Created attachment 1953869 [details] File: description
Created attachment 1953870 [details] File: os_info
Did you volume mount in a directory in your homedir without using :Z or :z?
(In reply to Daniel Walsh from comment #3) > Did you volume mount in a directory in your homedir without using :Z or :z? With :Z podman didn't work on MacOS. My launcher script unified for both OS. % podman run -v "/Users/mikhail/packaging-work/git/stend/local-config.ini":"/root/services/www/config.ini":Z -v "/Users/mikhail/packaging-work/git/stend/local-config-ps.ini":"/root/services/www-ps/config.ini":Z --platform=linux/amd64 --rm --name="stend" --hostname="10-206-131-237.vpn.mycompany.com" --net=bridge -p=2001:2001 -p=2002:2002 --shm-size=1g --memory="16g" --memory-swap="32g" dev-image-store.mycompany.com/local_stand/product:23.1100-latest Error: preparing container 50d674cb7d8e419fce1b089d30bddd17778c27ac182ab680d10ce93dd4ff1a67 for attach: lsetxattr /Users/mikhail/packaging-work/git/stend/local-config.ini: operation not supported
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle. Changing version to 39.