Unable to mount folder on host for Squid in container

Ask Fedora
,
1

Dear Fedora Enthusiasts,

I am trying to use Docker container ubuntu/squid:6.13-25.04_beta to run Squid in Podmam and use local folder on host machine as cache folder for dockerized Squid. The intention is to run Squid in Podman on Raspberry Pi with Fedora Server to cache Fedora, Mint, Ubuntu, and Debian packages. At the moment I am trying to prepare PoC on Fedora 42 on desktop.

I successfully started mentioned container using squid.config file stored on host machine.
podman run -d --name squid-container -e TZ=UTC+1 -p 3128:3128 -v “/home/user/squid.conf”:/etc/squid/squid.conf:Z,ro ubuntu/squid:6.13-25.04_beta
I was able to load updates on Fedora (host machine) as well as on Mint (laptop) and new files appeared in subfolders of /var/spool/squid.

Unfortunately I cannot run container with Squid and use folder on my host machine as Squid cache folder.

Let me show you what I have already tried:

Check enforce status
getenforce # result: Enforcing

Start the Squid container
podman run -d --name squid-container -e TZ=UTC+1 -p 3128:3128 -v /mnt/Entertainment/PoC/squid-cache:/var/spool/squid:Z -v “/home/user/squid.conf”:/etc/squid/squid.conf:Z,ro ubuntu/squid:6.13-25.04_beta

Container created, but exited immediately.

podman logs squid-container
2025/11/15 10:24:44| Created PID file (/run/squid.pid)
2025/11/15 10:24:44| Current Directory is /
2025/11/15 10:24:44| Creating missing swap directories
2025/11/15 10:24:44| /var/spool/squid exists
2025/11/15 10:24:44| Not currently OK to rewrite swap log.
2025/11/15 10:24:44| storeDirWriteCleanLogs: Operation aborted.
2025/11/15 10:24:44| FATAL: Failed to make swap directory /var/spool/squid/00: (13) Permission denied
2025/11/15 10:24:44| Squid Cache (Version 6.13): Terminated abnormally.
2025/11/15 10:24:44| Removing PID file (/run/squid.pid)

Run same image only to check uid and gid in the ubuntu/squid container
podman run --rm ubuntu/squid:6.13-25.04_beta

Opening bash in container
podman exec -it awesome_haibt /bin/bash # awesome_haibt is a container name generated by Podman
root@121288cef9c9:/# id -u
0
root@121288cef9c9:/# id -g
0

Set ownership and permissions to squid-cache folder on host machine to root (uid=0, gid=0)
sudo chown -R 0:0 squid-cache/
sudo chmod -R 775 squid-cache/

Remove old squid-container and create it again
podman rm squid-container
podman run -d --name squid-container -e TZ=UTC+1 -p 3128:3128 -v /mnt/Entertainment/PoC/squid-cache:/var/spool/squid:Z -v “/home/user/squid.conf”:/etc/squid/squid.conf:Z,ro ubuntu/squid:6.13-25.04_beta
Error: lsetxattr(label=system_u:object_r:container_file_t:s0:c352,c845) /mnt/Entertainment/PoC/squid-cache: operation not permitted

Let’s try with uid=13 (proxy user) and gid=13 (proxy group) as typical uid and gid for Squid on Debian/Ubuntu‑based images [information provided by GPT-OSS 120B AI mogel in Duck.ai].
sudo chown -R 13:13 squid-cache/
sudo chmod -R 775 squid-cache/

Remove old squid-container and create it again
podman rm squid-container
podman run -d --name squid-container -e TZ=UTC+1 -p 3128:3128 -v /mnt/Entertainment/PoC/squid-cache:/var/spool/squid:Z -v “/home/user/squid.conf”:/etc/squid/squid.conf:Z,ro ubuntu/squid:6.13-25.04_beta
Error: lsetxattr(label=system_u:object_r:container_file_t:s0:c352,c845) /mnt/Entertainment/PoC/squid-cache: operation not permitted

I set the enforce to false (setenforce 0), removed container and created it again - the same result.
Then I restored enforce to initial setting (setenforce 1).

I also tried to change the label to the generic container‑writeable type
sudo chcon -Rt svirt_sandbox_file_t /mnt/Entertainment/PoC/squid-cache
ls -Zd /mnt/Entertainment/PoC/squid-cache
system_u:object_r:container_file_t:s0:c506,c917 /mnt/Entertainment/PoC/squid-cache
I got the same results (system_u:object_r:container_file_t:…) also for parent directories (PoC, and Entertainment excluding mnt)
[Information from GPT-OSS 120B: If any parent directory is also labeled container_file_t, the relabel may be blocked.]
For unknown reason I am not able to set svirt_sandbox_file_t for squid-cache as well as parent directories.

When I try to create /var/spool/squid structure
podman run --rm -v /mnt/Entertainment/PoC/squid-cache:/var/spool/squid:Z -v “/home/user/squid.conf”:/etc/squid/squid.conf:Z,ro ubuntu/squid:6.13-25.04_beta squid -z
Error: lsetxattr(label=system_u:object_r:container_file_t:s0:c430,c493) /mnt/Entertainment/PoC/squid-cache: operation not permitted

When try with :z (lower-case) as :Z flag forces an exclusive label; :z allows shared use (changed both :Z to :z)
podman run -d --name squid-container -e TZ=UTC+1 -p 3128:3128 -v /mnt/Entertainment/PoC/squid-cache:/var/spool/squid:z -v “/home/user/squid.conf”:/etc/squid/squid.conf:z,ro ubuntu/squid:6.13-25.04_beta
Error: lsetxattr(label=system_u:object_r:container_file_t:s0:c451,c591) /mnt/Entertainment/PoC/squid-cache: operation not permitted

Tried with newly created folder squid-cache2 - the same result.

Any ideas what I am doing wrong?

Kind regards,
Lore Seeker