SELinux prevents containers from accessing the podman socket because this is basically a free container escape. If you want a container to have access to it, you need to run it with SELinux disabled (--security-opt label=disable) or privileged (--privileged).
Rootless containers will only have access to the rootless podman instance and rootfull containers to the system podman instance.
I went ahead and did a clean install of Silverblue… just to test how enabling podman socket should work on a clean system. I layered only podman-compose and cockpit with some of the cockpit extensions like cockpit-podman and then rebooted.
I also made my user account a lingering one, and lowered the privileged port to 53.
I also did cp /etc/containers/registries.conf $HOME/.config/containers/ and added “ghcr.io” to it.
ls -al /run/user/1000/podman/podman.sock
total 0
drwxr-xr-x. 2 asterix asterix 40 Feb 6 12:04 .
drwxr-xr-x. 3 asterix asterix 60 Feb 6 12:04 ..
This is not right.
Is it necessary to add a system environment variable for docker that links to this path?
I have not found any documentation indicating I am missing a step here…
Note sudo has not been used at all in relation to podman or podman-compose on this system.
edit: a reboot fixed this… still strange as I ran the start commands`.
EDIT FOUND THE ISSUE:
After I run podman system reset , the socket is gone!
After a reboot, it is back.
I now have it running, and did not need sudo semanage permissive -a container_t, only had to add privileged: true to the compose file for this container (also did not need :Z for the socket volume).