Skip to content

Commit

Permalink
utils/docker-run: make it compatible with SELinux
Browse files Browse the repository at this point in the history 
After switching to a fresh Fedora 38 installation with SELinux disabled,
we noticed that utils/docker-run doesn't work as the applications
running inside the container are not allowed to accept the data mounted
through the bind mount.

Since we do not really need to isolate and confine the build, but rather
to provide a known environment, we don;t really need to enforce any
SELinux confinment in the container.

So, we tell docker to turn off label confinement for the container:

    https://manpages.org/docker-run

    --security-opt=[]
      Security Options
        [...]
        "label=disable"     : Turn off label confinement for the container

Suggested-by: Antoine Tenart <[email protected]>
Signed-off-by: Thomas Petazzoni <[email protected]>
[[email protected]: use Antoine's proposal]
Signed-off-by: Yann E. MORIN <[email protected]>
  • Loading branch information
@yann-morin-1998
yann-morin-1998 committed Aug 20, 2023
1 parent db777ee commit 3b877dc
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions utils/docker-run
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ declare -a docker_opts=(
--rm
--user "$(id -u):$(id -g)"
--workdir "$(pwd)"
--security-opt label=disable
)

declare -a mountpoints=(
Expand Down

0 comments on commit 3b877dc

Please sign in to comment.