Map the project directory to /project in the docker container

[kwerle]

This will give us access to the whole codebase. Also:

• Gemfile
• rubocop config

[xenithorb]

If you do this don't forget to add :z to the volume for us SELinux users please! (It should be innocuous on non-selinux systems)

[kwerle]

If you do this don't forget to add :z to the volume for us SELinux users please!

Why - what's that about? Can you supply a web ref?

[xenithorb]

Certainly:

Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might prevent the processes running inside the container from using the content. By default, Docker does not change the labels set by the OS.

To change the label in the container context, you can add either of two suffixes :z or :Z to the volume mount. These suffixes tell Docker to relabel file objects on the shared volumes. The z option tells Docker that two containers share the volume content. As a result, Docker labels the content with a shared content label. Shared volume labels allow all containers to read/write content. The Z option tells Docker to label the content with a private unshared label. Only the current container can use a private volume.

From: https://docs.docker.com/engine/reference/commandline/run/#mount-volumes-from-container-volumes-from

It is not limitied to -v or --volumes-from, it can also be used in docker-compose under the volume: definition.

The reason I ask for this is that without it, the container will have a really hard time running on operating systems like: Fedora (me), RHEL, CentOS while also trying to access files in the user's $HOME.

Perhaps this is a good time to request the feature to export arbitrary volumes to the container, while also being able to supply options such as :ro, :rw (but why?), :z and :Z?

[xenithorb]

IMHO, for this particular use case :ro,z is probably the best combination.

[kwerle]

That is all great info - thanks! I may [eventually] go RW so I can write some cache data for large projects. But starting ro,z seems like a good plan.

…

On Wed, Feb 28, 2018 at 9:24 AM, Mike Goodwin ***@***.***> wrote: IMHO, for this particular use case :ro,z is probably the best combination. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#5 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABbGNFSv6pWkQD-Cfn5C2sqKU2WIC-Pks5tZYpbgaJpZM4QmHps> .

-- kurt@CircleW.org http://www.CircleW.org/kurt/

[thedrow]

Right now I'm getting Something when horribly wrong: Configuration file not found: /project/.rubocop.yml repeatedly since the Dockerfile doesn't contain this file.

[kwerle]

@thedrow Resolved. Sorry - really should have opened another ticket for that one.

And this issue is done.