Open haakobja opened 3 days ago
--security-opt=label=disable
or --security-opt=label=nested
or a more restrictive label= value?
- That's how fedora-toolbox:latest (toolbox) and distrobox start containers:
distrobox-create [--nvidia] [--unshare-all] [--help]
https://github.com/89luca89/distrobox/blob/c05b6a43769bfa56d572a457f1420e0e2589fe3b/distrobox-create#L661distrobox-enter [--aditional-flags] [--name] [--/-e <bash -l>]
distrobox-enter
# justMY_VAR=value distrobox-enter --additional-flags "--preserve-fds" --name test -- bash -l
https://github.com/89luca89/distrobox/blob/main/distrobox-enter
What happened?
Unable to access mounted workspace directory due to SELinux permissions
What did you expect to happen instead?
Use workspace directory as expected
How can we reproduce the bug?
My
devcontainer.json
: none (cloned a fresh git repo)Local Environment:
DevPod Provider:
Anything else we need to know?
I use Podman and its Docker compatibility mode.
There are three workarounds for this:
:Z
in .devcontainer.json as described in https://github.com/loft-sh/devpod/issues/970#issuecomment-2297652537, but this is not viable if the devcontainer is used by others[container]
in $HOME/.config/containers/containers.confI think :Z or :z (private or shared SELinux context) or label=false should be set by DevPod.