( golgota | 2024. 10. 04., p – 09:10 )

Na kidebuggoltam neki:

[root@22ab9cc1cc1a /]# cat /etc/redhat-release 
Fedora release 40 (Forty)
[root@22ab9cc1cc1a /]# mysqld -v
bash: /usr/sbin/mysqld: Operation not permitted
[root@22ab9cc1cc1a my.cnf.d]# grep datadir mysql-server.cnf 
datadir=/var/lib/mysql
root@22ab9cc1cc1a my.cnf.d]# su - mysql -s /bin/bash
[mysql@22ab9cc1cc1a ~]$ id
uid=27(mysql) gid=27(mysql) groups=27(mysql)
[mysql@22ab9cc1cc1a ~]$ cd /var/lib/mysql
[mysql@22ab9cc1cc1a mysql]$ touch xxx
[mysql@22ab9cc1cc1a mysql]$ # Ez bezony megyen
[mysql@22ab9cc1cc1a mysql]$ cd
[mysql@22ab9cc1cc1a ~]$ /usr/libexec/mysqld --log-error-verbosity=3 --console
bash: /usr/libexec/mysqld: Operation not permitted

Szoval bezony maga a binaris keptelen megcsinalni a dolgokat, de miert is? Mert bezony a containernek nincs meg a capabilitije hozza

Ha "--privileged" akkor meg siman indulna, de bezony ott meg az a baj, hogy root-kent nem akarja futtatni magat :D

$ podman run --privileged --name mysql -d fedora:latest /bin/sh -c "while true; do sleep 5000;done"
505e08d85ba2f18a2bf3389ac1b87ab82349c30bda98e34f85c2474a6038ca1c
$ podman exec -ti mysql /bin/bash                                                      
[root@505e08d85ba2 /]# dnf install -y mysql-server
...
[root@505e08d85ba2 /]# mysqld
2024-10-04T07:05:37.423911Z 0 [System] [MY-010116] [Server] /usr/libexec/mysqld (mysqld 8.0.39) starting as process 239
2024-10-04T07:05:37.425570Z 0 [ERROR] [MY-010123] [Server] Fatal error: Please read "Security" section of the manual to find out how to run mysqld as root!
2024-10-04T07:05:37.425622Z 0 [ERROR] [MY-010119] [Server] Aborting
2024-10-04T07:05:37.425830Z 0 [System] [MY-010910] [Server] /usr/libexec/mysqld: Shutdown complete (mysqld 8.0.39)  Source distribution.

Szoval tehat a megoldas hogy a containernek meg kell adni a CAP-et es kesz, de ne inditsuk privileged-del :D