Skip to content

Commit

Permalink
fix: Set security-opt option with Podman
Browse files Browse the repository at this point in the history 
Without `--security-opt label=disabled` some make commands fail because the container has no access to files in $HOME:

```
$ DOCKER=podman make test
<... snip ...>
podman run --rm -it --name argocd-test-client -u 1000:1000 -e HOME=/home/user <...snip...> --userns keep-id  argocd-test-tools:latest bash -c "make TEST_MODULE= test-local"
make: stat: Makefile: Permission denied
make: *** No rule to make target 'test-local'.  Stop.
```

The container use can't access any file in the mounted volume:

```
user@0878ba4be4ce:/go/src/github.com/argoproj/argo-cd$ ls -l
ls: cannot open directory '.': Permission denied
```

Passing `--security-opt label=disabled` runs the container in the SELinux context of the user starting it. This makes the content of the volumes accessible.


Signed-off-by: Thomas Mueller <thomas@chaschperli.ch>
  • Loading branch information
@vinzent
vinzent committed Oct 28, 2024
1 parent 29d5229 commit bc4e553
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ GOCACHE?=$(HOME)/.cache/go-build
# Docker command to use
DOCKER?=docker
ifeq ($(DOCKER),podman)
PODMAN_ARGS=--userns keep-id
PODMAN_ARGS=--userns keep-id --security-opt label=disable
else
PODMAN_ARGS=
endif
Expand Down

0 comments on commit bc4e553

Please sign in to comment.