JoelColledge
commented
1 year ago Sounds reasonable. I'm not aware that any of the contributors to this project so far use SELinux. So someone else will have to step in. Patches welcome!
Closed C-512L closed 1 year ago
JoelColledge
commented
1 year ago Sounds reasonable. I'm not aware that any of the contributors to this project so far use SELinux. So someone else will have to step in. Patches welcome!
Using containers which read any mounted volume fails if SELinux is in enforcing mode. This could be fixed by using the
Zflag for container volumes but it may not be the perfect solution since it relabels the SELinux files/directories of the workspace. This is supported by both docker and podman. Another option could be disabling labels entirely using--security-opt label=disable, which is something other tools which wrap around a container engine like distrobox do.