Unfamiliar with running Docker on a SELinux enabled system, I found myself running into a bunch of file permission errors while creating volumes.
mkdir: can't create directory '/data': Permission denied
$ docker info --format '{{json .SecurityOptions}}'
[
"name=seccomp,profile=/etc/docker/seccomp.json",
"name=selinux"
]
It turns out that this can be resolved by appending the :z flag to the volume
mappings in the docker-compose.yml file, indicating that the volume content
is shared.
services:
server:
volumes:
- ./data:/data:z
From the Docker documentation:
The
zoption tells Docker that two containers share the volume content. As a result, Docker labels the content with a shared content label. Shared volume labels allow all containers to read/write content.
References