There are plenty of questions about permissions and podman but I cannot wrap my head around answers to those, could you please give me a noob answer on how to get this working?
I run podman run --rm --name tilemill -t -p 20009:20009 -p 20008:20008 -v ~/Documents/MapBox:/root/Documents/MapBox -e PGHOST=postgis -e PGDATABASE=gis -e PGUSER=docker -e PGPASSWORD=docker localhost/osm-bright
but I get errors like these [tilemill] { Error: EACCES: permission denied, mkdir '/root/Documents/MapBox/export'
I tried to chmod 777 ~/Documents/MapBox but that’s not enough.
Hello @omichalek,
If you are on Silverblue then you cannot mkdir '/root/Documents/MapBox/export' because that is part of the immutable area of the filesystem.
I thought that command should be mapping it to ~/Documents/MapBox shouldn’t it? Confirmed also by that after creating the dir inside Documents, the error changed.
Sorry, I was mistaken, you are right this should be volume mounting the ~/Documents/MapBox as /root/Documents/MapBox of the container, my bad for not reading carefully enough. I will have to check this a bit more, be back soon.
This has to do with the SELinux labels. Here you’ve some info about it:
By default, Silverblue has SELinux actived, so it can be a bit confusing the whole label thing and permissions. I’m still trying to wrap my head around that, but basically the issue is the labels.
NOTE: Be aware that after run that command the SELinux context labels will change for that directory (inside, but also outside the container). If the directory is for the container it’s ok, but change your entire HOME or a directory that need specific label, might give you some headaches.
To check the labels you can run:
ls -Z ~/Documents/
The flag -Z will show you the labels. Do it before and after running the podman command and you’ll see the difference.
At first, you’ll see something like:
unconfined_u:object_r:user_home_t:s0 MapBox
After the podman run it will looks like:
system_u:object_r:container_file_t:s0 MapBox
Anyway, it should work for your case. I hope it helps.
I can’t access a directory with single-file-cli on Fedora 39:
podman run --volume /tmp/singlefile:/usr/src/app/out:Z singlefile "https://www.wikipedia.org" wikipedia.html
the error message:
EACCES: permission denied, open './../../out/wikipedia.html' URL: https://www.wikipedia.org
Stack: Error: EACCES: permission denied, open './../../out/wikipedia.html'
at Object.openSync (node:fs:600:3)
at Object.writeFileSync (node:fs:2221:35)
at capturePage (/usr/src/app/node_modules/single-file-cli/single-file-cli-api.js:271:7)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async runNextTask (/usr/src/app/node_modules/single-file-cli/single-file-cli-api.js:176:20)
at async Promise.all (index 0)
at async capture (/usr/src/app/node_modules/single-file-cli/single-file-cli-api.js:127:2)
at async run (/usr/src/app/node_modules/single-file-cli/single-file:54:2)