Hey everyone! I'm having some trouble with SELinux while using Docker. Whenever I bind files (not directories), I'm unable to read or write to them from within the container. I noticed that adding the `selinux: z/Z` option allows it to work, but do I really have to specify it for every volume? Also, I can't use it with secrets, which isn't working for me either. Is there a way to configure this globally so I don't have to keep doing it? I know a bit about SELinux, but I'd prefer not to disable any security features altogether.
1 Answer
You definitely need to include the `:Z` flag on all of your bind mounts. As for secrets, I'm not entirely sure since secrets in Docker Compose haven't typically supported SELinux labeling. If it's not mandatory for multiple containers to share the same data, you might want to consider using Docker volumes instead. Kudos for wanting to keep SELinux active; a lot of folks just turn it off completely, but it serves a vital purpose.
What do you mean by 'Docker volumes'? Aren't those similar to the volumes in Docker Compose?