On Tue, 2021-07-27 at 08:45 +0000, Sam Morris via FreeIPA-users wrote:
If you can reproduce this on Fedora or CentOS Stream then it's
worth
filing a bug on Red Hat bugzilla (but of course have a search first
to see if this particular behaviour has been seen before).
I migrated the host to CentOS Stream and see the same behaviour with
the same selinux denials.
I think certmonger should be able to do what I'm doing, which is:
podman cp /etc/pki/bloop/blah/derp.cert \
[rando container:/some/path/inside
I have no idea how everyone else manages certs in their containers.
But, that is how I'd like to be able to since it would be a one time
setup on my end. I can think of some workarounds: for example, watch
the folder on the host and kick off my script when the files are
updated. But, that's more complicated than it needs to be.
--
Ranbir