[Buildroot] [PATCH 5/5] utils/docker-run: make it compatible with SELinux
Yann E. MORIN
yann.morin.1998 at free.fr
Wed Aug 9 21:24:50 UTC 2023
After switching to a fresh Fedora 38 installation with SELinux disabled,
we noticed that utils/docker-run doesn't work as the applications
running inside the container are not allowed to accept the data mounted
through the bind mount.
Since we do not really need to isolate and confine the build, but rather
to provide a known environment, we don;t really need to enforce any
SELinux confinment in the container.
So, we tell docker to turn off label confinement for the container:
https://manpages.org/docker-run
--security-opt=[]
Security Options
[...]
"label=disable" : Turn off label confinement for the container
Suggested-by: Antoine Tenart <atenart at kernel.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
[yann.morin.1998 at free.fr: use Antoine's proposal]
Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
---
utils/docker-run | 1 +
1 file changed, 1 insertion(+)
diff --git a/utils/docker-run b/utils/docker-run
index 83938f8a7a..02cf68c946 100755
--- a/utils/docker-run
+++ b/utils/docker-run
@@ -18,6 +18,7 @@ declare -a docker_opts=(
--rm
--user "$(id -u):$(id -g)"
--workdir "$(pwd)"
+ --security-opt label=disable
)
declare -a mountpoints=(
--
2.25.1
More information about the buildroot
mailing list