Ranbir via FreeIPA-users wrote:
On Tue, 2021-07-27 at 08:45 +0000, Sam Morris via FreeIPA-users
wrote:
> If you can reproduce this on Fedora or CentOS Stream then it's worth
> filing a bug on Red Hat bugzilla (but of course have a search first
> to see if this particular behaviour has been seen before).
I migrated the host to CentOS Stream and see the same behaviour with
the same selinux denials.
I think certmonger should be able to do what I'm doing, which is:
podman cp /etc/pki/bloop/blah/derp.cert \
[rando container:/some/path/inside
I have no idea how everyone else manages certs in their containers.
But, that is how I'd like to be able to since it would be a one time
setup on my end. I can think of some workarounds: for example, watch
the folder on the host and kick off my script when the files are
updated. But, that's more complicated than it needs to be.
We can't anticipate every possible script one may want to run.
It was suggested you ask the SELinux folks about the AVCs you're seeing.
Have you done that?
rob