Add z permissions option to compose mounts to accommodate SELinux hosts
#3276
Labels
🤖 aspect: dx
Concerns developers' experience with the codebase
🛠 goal: fix
Bug fix
🟨 priority: medium
Not blocking but should be addressed soon
🧱 stack: mgmt
Related to repo management and automations
Comments
sarayourfriend
added
🟨 priority: medium
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Hosts using SELinux (ex. RHEL based Linux distros like Fedora) need the
zoption added to bind mounts to configure file permissions for SELinux docker, otherwise things fail on file permissions issues inside the containers. More information about this is here: https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-labelWhile it's dangerous to indiscriminately use this, because we scope all bind mounts to the repository, it is perfectly safe to add
zto all bind mounts. Folks running SELinux will be conscientious enough to check this. As precedent,pre-commitalso setszby default fordockeranddocker_imagehooks.Fix
Add
zto all bind mounts in docker-compose.yml.Additional context
I've been working around this by adding it temporarily locally and then removing it. The labels only need to be set once, so this has been manageable for the most part, but any time new files are added, I run into the issue again. Having it added in the compose file would make it so I and others using SELinux don't need to hack around this and remember what to do every time we get a confounding file permissions error locally.
The text was updated successfully, but these errors were encountered: