Merge pull request #911 from charliemirabile/selinux

Add support for selinux in verbose bind mount specification
2025-04-11 11:08:47 +02:00 · 2024-05-19 11:13:45 +03:00 · 2024-05-19 11:13:45 +03:00 · 5d4de80ab7
commit 5d4de80ab7
parent 23ad5c3ef7 3e1f7d554b
2 changed files with 25 additions and 0 deletions
--- a/podman_compose.py
+++ b/podman_compose.py
@ -431,6 +431,11 @@ def mount_desc_to_mount_args(compose, mount_desc, srv_name, cnt_name):  # pylint
        tmpfs_mode = tmpfs_opts.get("mode", None)
        if tmpfs_mode:
            opts.append(f"tmpfs-mode={tmpfs_mode}")
+    if mount_type == "bind":
+        bind_opts = mount_desc.get("bind", {})
+        selinux = bind_opts.get("selinux", None)
+        if selinux is not None:
+            opts.append(selinux)
    opts = ",".join(opts)
    if mount_type == "bind":
        return f"type=bind,source={source},destination={target},{opts}".rstrip(",")
@ -496,6 +501,12 @@ def mount_desc_to_volume_args(compose, mount_desc, srv_name, cnt_name):  # pylin
    read_only = mount_desc.get("read_only", None)
    if read_only is not None:
        opts.append("ro" if read_only else "rw")
+    if mount_type == "bind":
+        bind_opts = mount_desc.get("bind", {})
+        selinux = bind_opts.get("selinux", None)
+        if selinux is not None:
+            opts.append(selinux)
+
    args = f"{source}:{target}"
    if opts:
        args += ":" + ",".join(opts)
--- a/tests/selinux/docker-compose.yml
+++ b/tests/selinux/docker-compose.yml
@ -0,0 +1,14 @@
+version: "3"
+services:
+  web1:
+    image: busybox
+    command: httpd -f -p 80 -h /var/www/html
+    volumes:
+      - type: bind
+        source: ./docker-compose.yml
+        target: /var/www/html/index.html
+        bind:
+          selinux: z
+    ports:
+      - "8080:80"
+