fix: volume bind-mounts on selinux/fedora#1393
Conversation
I recently started running tutor on Fedora and realised that it was not working out of the box because of SELinux. That's because some bind-mounted volumes are shared between different containers. Without the "z" option, this sharing is disabled. The "z" label is ignored in environments that do not use SELinux. This feature is documented here: https://docs.docker.com/engine/storage/bind-mounts/#configure-the-selinux-label
ahmed-arb
force-pushed
the
regisb/fedora-selinux
branch
from
4bdd08d to
231e663
Compare
|
While this PR LGTM, I have concerns about this being an issue with every single plugin that will be used alongside tutor. Anyone running SELinux will have to hope that the maintainer resolves this upstream or that they manually override each volume mount. Would it be possible to check that we are running SELinux (by running Alternatively, we could just document that plugin developers should add a |
We can check the OS, but post-processing the rendered Docker Compose YAML to append the I think we should just document this and rely on maintainers to do their part in making their plugins SELinux-compatible. |
I agree but we should definitely update this in the |
|
Let's merge this and open an issue to track this. |
5 participants
I recently started running tutor on Fedora and realised that it was not working out of the box because of SELinux. That's because some bind-mounted volumes are shared between different containers. Without the "z" option, this sharing is disabled.
The "z" label is ignored in environments that do not use SELinux.
This feature is documented here:
https://docs.docker.com/engine/storage/bind-mounts/#configure-the-selinux-label