selinux issues running the pods

[mykaul]

(Podman, Fedora 37).

I'm trying to run the basic example, using 'podman run' (instead of 'docker run'). It doesn't work and I'm trying to slowly address issues. At least one of them is related to selinux (maybe something I need to fix on my side!):

Feb 02 13:00:09 ykaul audisp-syslog[1601]: type=AVC msg=audit(1675335609.187:451): avc:  denied  { ioctl } for  pid=18412 comm="sirmordred" path="/home/grimoire/conf/setup.cfg" dev="dm-3" ino=9716465 ioctlcmd=0x5401 scontext=system_u:system_r:container_t:s0:c841,c917 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
Feb 02 13:00:09 ykaul audisp-syslog[1601]: type=AVC msg=audit(1675335609.187:450): avc:  denied  { open } for  pid=18412 comm="sirmordred" path="/home/grimoire/conf/setup.cfg" dev="dm-3" ino=9716465 scontext=system_u:system_r:container_t:s0:c841,c917 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
Feb 02 13:00:09 ykaul audisp-syslog[1601]: type=AVC msg=audit(1675335609.187:449): avc:  denied  { read } for  pid=18412 comm="sirmordred" name="setup-docker.cfg" dev="dm-3" ino=9716465 scontext=system_u:system_r:container_t:s0:c841,c917 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
Feb 02 13:00:09 ykaul audit[18412]: AVC avc:  denied  { ioctl } for  pid=18412 comm="sirmordred" path="/home/grimoire/conf/setup.cfg" dev="dm-3" ino=9716465 ioctlcmd=0x5401 scontext=system_u:system_r:container_t:s0:c841,c917 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
Feb 02 13:00:09 ykaul audit[18412]: AVC avc:  denied  { open } for  pid=18412 comm="sirmordred" path="/home/grimoire/conf/setup.cfg" dev="dm-3" ino=9716465 scontext=system_u:system_r:container_t:s0:c841,c917 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
Feb 02 13:00:09 ykaul audit[18412]: AVC avc:  denied  { read } for  pid=18412 comm="sirmordred" name="setup-docker.cfg" dev="dm-3" ino=9716465 scontext=system_u:system_r:container_t:s0:c841,c917 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1

[mykaul]

Perhaps these will be useful:

eb 02 13:50:59 ykaul setroubleshoot[30703]: SELinux is preventing sirmordred from open access on the file /home/grimoire/logs/all.log.
                                             
                                             *****  Plugin restorecon (99.5 confidence) suggests   ************************
                                             
                                             If you want to fix the label. 
                                             /home/grimoire/logs/all.log default label should be user_home_t.
                                             Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
                                             Do
                                             # /sbin/restorecon -v /home/grimoire/logs/all.log
                                             
                                             *****  Plugin catchall (1.49 confidence) suggests   **************************
                                             
                                             If you believe that sirmordred should be allowed open access on the all.log file by default.
                                             Then you should report this as a bug.
                                             You can generate a local policy module to allow this access.
                                             Do
                                             allow this access for now by executing:
                                             # ausearch -c 'sirmordred' --raw | audit2allow -M my-sirmordred
                                             # semodule -X 300 -i my-sirmordred.pp
                                             
Feb 02 13:50:59 ykaul setroubleshoot[30703]: SELinux is preventing sirmordred from open access on the file /home/grimoire/logs/all.log. For complete SELinux messages run: sealert -l 2efcfd32-7636-46eb-8d8d-adba3e5fb420
Feb 02 13:50:59 ykaul setroubleshoot[30703]: SELinux is preventing sirmordred from ioctl access on the file /home/grimoire/conf/setup.cfg.
                                             
                                             *****  Plugin catchall (100. confidence) suggests   **************************
                                             
                                             If you believe that sirmordred should be allowed ioctl access on the setup.cfg file by default.
                                             Then you should report this as a bug.
                                             You can generate a local policy module to allow this access.
                                             Do
                                             allow this access for now by executing:
                                             # ausearch -c 'sirmordred' --raw | audit2allow -M my-sirmordred
                                             # semodule -X 300 -i my-sirmordred.pp
                                             
Feb 02 13:50:59 ykaul setroubleshoot[30703]: SELinux is preventing sirmordred from ioctl access on the file /home/grimoire/conf/setup.cfg. For complete SELinux messages run: sealert -l 2e2a672b-28b5-4713-96c1-f3e540408d4f
Feb 02 13:50:59 ykaul setroubleshoot[30703]: SELinux is preventing sirmordred from open access on the file /home/grimoire/conf/setup.cfg.
                                             
                                             *****  Plugin catchall (100. confidence) suggests   **************************
                                             
                                             If you believe that sirmordred should be allowed open access on the setup.cfg file by default.
                                             Then you should report this as a bug.
                                             You can generate a local policy module to allow this access.
                                             Do
                                             allow this access for now by executing:
                                             # ausearch -c 'sirmordred' --raw | audit2allow -M my-sirmordred
                                             # semodule -X 300 -i my-sirmordred.pp
                                             
Feb 02 13:50:59 ykaul setroubleshoot[30703]: SELinux is preventing sirmordred from open access on the file /home/grimoire/conf/setup.cfg. For complete SELinux messages run: sealert -l 998153e9-e23c-4675-938d-ef76415f2114
Feb 02 13:50:59 ykaul setroubleshoot[30703]: SELinux is preventing sirmordred from read access on the file setup.cfg.
                                             
                                             *****  Plugin catchall (100. confidence) suggests   **************************
                                             
                                             If you believe that sirmordred should be allowed read access on the setup.cfg file by default.
                                             Then you should report this as a bug.
                                             You can generate a local policy module to allow this access.
                                             Do
                                             allow this access for now by executing:
                                             # ausearch -c 'sirmordred' --raw | audit2allow -M my-sirmordred
                                             # semodule -X 300 -i my-sirmordred.pp