Use SELinux mount flag for secrets

Signed-off-by: Henry Reed <github.69ofd@simplelogin.com>
2022-10-18 18:24:41 -07:00 · 2022-10-18 18:24:41 -07:00 · 874192568f
commit 874192568f
parent 0b853f29f4
1 changed files with 1 additions and 1 deletions
--- a/podman_compose.py
+++ b/podman_compose.py
@ -578,7 +578,7 @@ def get_secret_args(compose, cnt, secret):
        source_file = os.path.realpath(
            os.path.join(basedir, os.path.expanduser(source_file))
        )
-        volume_ref = ["--volume", f"{source_file}:{dest_file}:ro,rprivate,rbind"]
+        volume_ref = ["--volume", f"{source_file}:{dest_file}:Z,ro,rprivate,rbind"]
        if uid or gid or mode:
            sec = target if target else secret_name
            log(