mount directory to container won't work with podman

Question

As I have fedora I tried to run the nginx example from their tutorial, i don't get nginx to show any content.

When i run the this container:

podman run --name mynginx1 -p 8080:80 -d nginx

I get the Welcome to nginx! page.

But when i try to run the example with a directory mounted:

podman run --name mynginx2 \
  --mount type=bind,source=/home/simon/Dokumente/podman/nginx/content,target=/usr/share/nginx/html \
  -p 9080:80 -d nginx

I also get the Welcome to nginx! page, but I have an index.html file in that source directory.

What is the problem with that container?

Answer 1

Yes , indeed it's a SElinux issue as @harik , but disabling selinux is not a secure option, rather apply the Z flag when mounting the volume, this deals with applying the appropriate labels as mentioned here and also here

podman run --name mynginx2 \
  -v /home/simon/Dokumente/podman/nginx/content:/usr/share/nginx/html:Z \
  -p 9080:80 -d nginx

Answer 2

You can run the podman command with the --privileged flag to disable host isolation:

$ podman run --name mynginx2 --privileged \
  --mount type=bind,source=/home/simon/Dokumente/podman/nginx/content,target=/usr/share/nginx/html \
  -p 9080:80 -d nginx

From the podman man page:

--privileged=true|false

Give extended privileges to this container. The default is false.

By default, Podman containers are unprivileged (=false) and cannot, for example, modify parts of the operating system. This is because by default a container is only allowed limited access to devices. A "privileged" container is given the same access to devices as the user launching the container.

A privileged container turns off the security features that isolate the container from the host. Dropped Capabilities, limited devices, read-only mount points, Apparmor/SELinux separation, and Seccomp filters are all disabled.

Rootless containers cannot have more privileges than the account that launched them.