From ed8315b29f1f7a0fa84fa96fc7b7f28c884bdd72 Mon Sep 17 00:00:00 2001 From: nawan Date: Fri, 16 Feb 2024 01:05:41 +0700 Subject: [PATCH] =?UTF-8?q?Edit=20=E2=80=98podman=E2=80=99:=20tambahkan=20?= =?UTF-8?q?pemecahan=20masalah=20tidak=20dapat=20mount=20volume,=20izin=20?= =?UTF-8?q?ditolak?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- podman.myco | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/podman.myco b/podman.myco index e6f3026..6647698 100644 --- a/podman.myco +++ b/podman.myco @@ -45,4 +45,10 @@ rootless_networking = "cni" = Kenapa tidak bisa menggunakan sudo dengan Podman //rootless//? > All of this still doesn't explain why you cannot use sudo and su with rootless containers. The answer is that sudo and su do not create a login session. There are many historical reasons for this, most stemming from the fact that sudo and su are somewhat irregular (one user becoming another user, instead of a fresh login). See this GitHub issue for details. Given this, rootless Podman cannot be used with sudo and su unless loginctl enable-linger is used to force a persistent user session to be created for the user. --- [[https://www.redhat.com/sysadmin/sudo-rootless-podman | Why can't I use sudo with rootless Podman?]] \ No newline at end of file +-- [[https://www.redhat.com/sysadmin/sudo-rootless-podman | Why can't I use sudo with rootless Podman?]] + += Tidak bisa //mount// volume ke //rootless container//, izin ditolak +Dari [[https://github.com/containers/podman/blob/main/troubleshooting.md#2-cant-use-volume-mount-get-permission-denied]] disebutkan: +> Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might prevent the processes running inside the container from using the content. By default, Podman does not change the labels set by the OS. +> +> To change a label in the container context, you can add either of two suffixes :z or :Z to the volume mount. These suffixes tell Podman to relabel file objects on the shared volumes. The z option tells Podman that two containers share the volume content. As a result, Podman labels the content with a shared content label. Shared volume labels allow all containers to read/write content. The Z option tells Podman to label the content with a private unshared label. Only the current container can use a private volume. \ No newline at end of file