Docker volumes and SELinux

Don't you just love SELinux? It makes life so easy! 🙄 Anyhow if you are trying to get a docker container to access a volume you have added and getting permission errors, when things otherwise look good - well you can guess from the title.

So what can we do?

The temp or semi-permanent fix is to re-label the directory and everything in it that holds your volume. In my case I was trying to get docker to play with some web site code:

[user@computer ~/web/play]$ tree
├── code
│   ├── composer.json
│   └── public
etc, etc

The fix was to re-label the directories and files you want to access inside the container with "svirt_sandbox_file_t".

Fortunately the docker guys realised this was a PITA, and made docker do this for you. Simply add ':z' to . the end of your volume parameter!

[user@computer ~/web/play]$ docker run --rm -it -v $PWD/code:/app:z composer composer install
blah blah blah...

Hooray for the docker dudes!