Skip to content

Add SELinux labels to docker-compose bind mounts#6511

Open
jarednorman wants to merge 1 commit into
solidusio:mainfrom
SuperGoodSoft:selinux-podman-fix
Open

Add SELinux labels to docker-compose bind mounts#6511
jarednorman wants to merge 1 commit into
solidusio:mainfrom
SuperGoodSoft:selinux-podman-fix

Conversation

@jarednorman

@jarednorman jarednorman commented Jul 3, 2026

Copy link
Copy Markdown
Member

On SELinux-enforcing hosts (e.g. Fedora, RHEL) running podman, bind mounts without the "z" label are blocked by SELinux, so the project directory appears empty inside the container and bundler exits with "Could not locate Gemfile". The label is a no-op where SELinux is not enforcing, so this is safe for Docker users.

I've not actually tested this because I'm not running Podman on a Linux system that enforces SELinux.

On SELinux-enforcing hosts (e.g. Fedora, RHEL) running podman, bind
mounts without the "z" label are blocked by SELinux, so the project
directory appears empty inside the container and bundler exits with
"Could not locate Gemfile". The label is a no-op where SELinux is not
enforcing, so this is safe for Docker users.
@jarednorman jarednorman requested a review from a team as a code owner July 3, 2026 18:28
@github-actions github-actions Bot added the changelog:repository Changes to the repository not within any gem label Jul 3, 2026
@codecov

codecov Bot commented Jul 3, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.68%. Comparing base (8d781ac) to head (3d7a87a).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #6511   +/-   ##
=======================================
  Coverage   89.68%   89.68%           
=======================================
  Files         993      993           
  Lines       20863    20863           
=======================================
  Hits        18712    18712           
  Misses       2151     2151           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@tvdeyen tvdeyen left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TIL about the z flag in docker compose mounts. Makes sense. Thank you

@tvdeyen

tvdeyen commented Jul 4, 2026

Copy link
Copy Markdown
Member

The linter issues are fixed in another PR ready for review ✌🏻

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

changelog:repository Changes to the repository not within any gem

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants