wip: compatibility with rootless podman and selinux

[rriemann]

Dears,

thanks for openxpi and the docker setup. I have tried to spin it up on Fedora Kinoite that comes with rootless podman and SELinux.

In such situation, the boot fails for several reasons (my best guesses here):

• [x] SELinux prevents the containers from reading config files at ./openxpki-config/contrib/sql/schema-mariadb.sql and ./openxpki-config
• [ ] I suspect a race conditions between the containers to create the /var/run/mysqld folder or the socket in it. If the openxpki containers win this race, then the mariadb container fails with:

[db]              | 2024-10-18 21:24:11 0 [ERROR] Can't start server : Bind on unix socket: Permission denied
[db]              | 2024-10-18 21:24:11 0 [ERROR] Do you already have another server running on socket: /run/mysqld/mysqld.sock ?

To solve the first issue, I have added the :z flag to the volume mounts and added a flag.

Resources:

• https://docs.podman.io/en/latest/markdown/podman-run.1.html#volume-v-source-volume-host-dir-container-dir-options
• https://github.com/MariaDB/mariadb-docker/issues/363 https://github.com/containers/podman/issues/8216

A current work around is to not rely on the socket, but instead use TCP to connect to the database.