feat: use proper SELinux context for bind mounts
this change solves the issue I recently had after setting SELinux to Enforcing mode and the containers suddenly could not access files from the bind mounts anymore. the solution is to mount volumes with either z (preferable here) or Z to have them automatically relabelled If you volume mount a image with -v /SOURCE:/DESTINATION:z docker will automatically relabel the content for you to s0. If you volume mount with a Z, then the label will be specific to the container, and not be able to be shared between containers. ref: https://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/ pertains: * Makefile (volume args for kaniko) * docker-compose.yml ($PWD to /src mount and a db volume) [skip ci]
This commit is contained in:
parent
c19a2963ec
commit
ab67773917
2
Makefile
2
Makefile
|
@ -10,7 +10,7 @@ pruneargs = system prune -af
|
|||
dcmdrun = $(dcmd) run --rm
|
||||
wdir = /src
|
||||
kanikoimg = gcr.io/kaniko-project/executor
|
||||
dargskaniko = -w=$(wdir) -v $$(pwd):$(wdir) $(kanikoimg)
|
||||
dargskaniko = -w=$(wdir) -v $$(pwd):$(wdir):z $(kanikoimg)
|
||||
kanikoargs = -c=$(wdir) --use-new-run --snapshotMode=redo --no-push
|
||||
krelease = $(dcmdrun) $(dargskaniko) -f=$(dfile) $(kanikoargs)
|
||||
kdebug = $(dcmdrun) $(dargskaniko) -f=$(dfiledev) $(kanikoargs)
|
||||
|
|
|
@ -8,7 +8,7 @@ services:
|
|||
ports:
|
||||
- 127.0.0.1:8001:5000
|
||||
volumes:
|
||||
- ./:/src
|
||||
- $PWD:/src:z
|
||||
environment:
|
||||
ASPNETCORE_ENVIRONMENT: Development
|
||||
DB_CONNECTION_STRING: "User ID=postgres;Password=679968312e029a806c1905c40ec331aa199a1eb86bd0b9eb04057933e449bdc9ef8ef292a39b68cafa5689c901a17266;Server=db;Port=5432;Database=pwt;Integrated Security=true;Pooling=true;"
|
||||
|
@ -26,7 +26,7 @@ services:
|
|||
ports:
|
||||
- 127.0.0.1:5432:5432
|
||||
volumes:
|
||||
- dbdata:/var/lib/postgresql/data
|
||||
- dbdata:/var/lib/postgresql/data:z
|
||||
environment:
|
||||
POSTGRES_USER: postgres
|
||||
POSTGRES_PASSWORD: 679968312e029a806c1905c40ec331aa199a1eb86bd0b9eb04057933e449bdc9ef8ef292a39b68cafa5689c901a17266
|
||||
|
|
Reference in New Issue