As the title says, I need a rootless podman container to have access to SSL keys (created with certbot, of course) from the host (Fedora CoreOS, SELinux active) machine, since the main server on the host will be running in that container. However, it would obviously be bad to set the permissions on the keys too permissively, or just wrongly in general, so what should I do?
Should I set the group on the keys to the containers
group I have the podman container running as part of, add allow read-access to the keys to that group? This seems like the right move, but if so, I don't know how to change the owner on the keys, because chown
doesn't work.