[Freeipa-users] ipa-restore in docker container

Hi all, I am currently migrating a server from a locally installed FreeIPA setup to a CoreOS container setup and cannot find any documentation for this. I am assuming i am doing something wrong or missing something as i cannot find anyone else having an issue or even attempting it either. This is a fresh installed OS from an ignition file so should have no weirdness coming in from anywhere else. podman launch line: bin/podman run --name ipa \ -h thenom-srv1.thenom.local --read-only \ -v /var/lib/ipa-data:/data:Z \ -e IPA_SERVER_IP=192.168.101.6 \ -p 80:80 -p 443:443 -p 389:389 -p 636:636 -p 88:88 -p 464:464 -p 88:88/udp -p 464:464/udp -p 123:123/udp \ quay.io/freeipa/freeipa-server:fedora-36 I have finally got a fresh install running in a container but i am now trying to restore a backup into it from my old server. I have copied a ipa-full directory from my old service into the containers data volume folder on the host. I bash exec into the running IPA container then run ipa-restore /data/ipa-full-2022-11-11-04-03-19, type in my directory manager password and accept the prompts then just get a mass stream of tar errors and then fail: ... tar: setfileconat: Cannot set SELinux context for file 'var/lib/ipa/pki-ca': Permission denied tar: var/lib/ipa: Directory renamed before its status could be extracted tar: setfileconat: Cannot set SELinux context for file 'var/lib/pki/pki-tomcat/lib': Permission denied tar: setfileconat: Cannot set SELinux context for file 'var/lib/pki/pki-tomcat/ca': Permission denied tar: setfileconat: Cannot set SELinux context for file 'var/lib/pki/pki-tomcat': Permission denied tar: var/lib/pki: Directory renamed before its status could be extracted tar: etc/httpd/alias: Directory renamed before its status could be extracted tar: setfileconat: Cannot set SELinux context for file 'etc/pki/pki-tomcat/ca': Permission denied tar: etc/pki/pki-tomcat: Directory renamed before its status could be extracted tar: Exiting with failure status due to previous errors Restoring umask to 18 NSS is built without support of the legacy database(DBM) directory '/etc/ipa/nssdb' The ipa-restore command failed. See /data/var/log/iparestore.log for more information I get similar in the iparestore.log: ... tar: setfileconat: Cannot set SELinux context for file './THENOM-LOCAL/DBVERSION': Operation not supported tar: setfileconat: Cannot set SELinux context for file './THENOM-LOCAL/dse_instance.ldif': Operation not supported tar: setfileconat: Cannot set SELinux context for file './THENOM-LOCAL/dse_index.ldif': Operation not supported tar: setfileconat: Cannot set SELinux context for file './THENOM-LOCAL': Operation not supported tar: setfileconat: Cannot set SELinux context for file './files.tar': Operation not supported tar: setfileconat: Cannot set SELinux context for file '.': Operation not supported 2022-11-13T11:55:38Z DEBUG Starting external process 2022-11-13T11:55:38Z DEBUG args=['tar', '--xattrs', '--selinux', '-xzf', '/tmp/tmp7pt67l7sipa/ipa/files.tar', 'etc/ipa/default.conf'] 2022-11-13T11:55:40Z DEBUG Process finished, return code=0 2022-11-13T11:55:40Z DEBUG stdout= 2022-11-13T11:55:40Z DEBUG stderr=tar: setfileconat: Cannot set SELinux context for file 'etc/ipa/default.conf': Operation not supported This seems to make sense because from what i have read the selinux context on these /data files should be system_u:object_r:container_file_t and i am guessing unchanged\unchangeable due to the environment its running in. Any advice appreciated, thanks in advance. Simon