From 11bf65dabf07c8c24abb96bcca069557e5c48746 Mon Sep 17 00:00:00 2001 From: Nir Soffer Date: Wed, 9 Jul 2025 00:33:57 +0300 Subject: [PATCH] build: Fix docker run when selinux is enabled (#21017) When mouting volumes we need to use :Z suffix to allow access to the mounted directory. This fixes docker run when running on Fedora an other distros using selinux by default. --- Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 060f079f6e..a8aeab4d04 100644 --- a/Makefile +++ b/Makefile @@ -102,7 +102,7 @@ $(shell mkdir -p $(BUILD_DIR)) CURRENT_GIT_BRANCH ?= $(shell git branch | grep \* | cut -d ' ' -f2) # Use system python if it exists, otherwise use Docker. -PYTHON := $(shell command -v python || echo "docker run --rm -it -v $(shell pwd):/minikube -w /minikube python python") +PYTHON := $(shell command -v python || echo "docker run --rm -it -v $(shell pwd):/minikube:Z -w /minikube python python") BUILD_OS := $(shell uname -s) SHA512SUM=$(shell command -v sha512sum || echo "shasum -a 512") @@ -188,7 +188,7 @@ endef # $(call DOCKER, image, command) define DOCKER - docker run --rm -e GOCACHE=/app/.cache -e IN_DOCKER=1 --user $(shell id -u):$(shell id -g) -w /app -v $(PWD):/app -v $(GOPATH):/go --init $(1) /bin/bash -c '$(2)' + docker run --rm -e GOCACHE=/app/.cache -e IN_DOCKER=1 --user $(shell id -u):$(shell id -g) -w /app -v $(PWD):/app:Z -v $(GOPATH):/go --init $(1) /bin/bash -c '$(2)' endef ifeq ($(BUILD_IN_DOCKER),y) @@ -346,13 +346,13 @@ out/minikube-%.iso: $(shell find "deploy/iso/minikube-iso" -type f) ifeq ($(IN_DOCKER),1) $(MAKE) minikube-iso-$* else - docker run --rm --workdir /mnt --volume $(CURDIR):/mnt $(ISO_DOCKER_EXTRA_ARGS) \ + docker run --rm --workdir /mnt --volume $(CURDIR):/mnt:Z $(ISO_DOCKER_EXTRA_ARGS) \ --user $(shell id -u):$(shell id -g) --env HOME=/tmp --env IN_DOCKER=1 \ $(ISO_BUILD_IMAGE) /bin/bash -lc '/usr/bin/make minikube-iso-$*' endif iso_in_docker: - docker run -it --rm --workdir /mnt --volume $(CURDIR):/mnt $(ISO_DOCKER_EXTRA_ARGS) \ + docker run -it --rm --workdir /mnt --volume $(CURDIR):/mnt:Z $(ISO_DOCKER_EXTRA_ARGS) \ --user $(shell id -u):$(shell id -g) --env HOME=/tmp --env IN_DOCKER=1 \ $(ISO_BUILD_IMAGE) /bin/bash @@ -528,7 +528,7 @@ out/linters/golangci-lint-$(GOLINT_VERSION): .PHONY: lint ifeq ($(MINIKUBE_BUILD_IN_DOCKER),y) lint: - docker run --rm -v `pwd`:/app -w /app golangci/golangci-lint:$(GOLINT_VERSION) \ + docker run --rm -v `pwd`:/app:Z -w /app golangci/golangci-lint:$(GOLINT_VERSION) \ golangci-lint run ${GOLINT_OPTIONS} ./..." # --skip-dirs "cmd/drivers/kvm|cmd/drivers/hyperkit|pkg/drivers/kvm|pkg/drivers/hyperkit" # The "--skip-dirs" parameter is no longer supported in the V2 version. If you need to skip the directory, @@ -662,7 +662,7 @@ out/docker-machine-driver-hyperkit: ifeq ($(MINIKUBE_BUILD_IN_DOCKER),y) docker run --rm -e GOCACHE=/app/.cache -e IN_DOCKER=1 \ --user $(shell id -u):$(shell id -g) -w /app \ - -v $(PWD):/app -v $(GOPATH):/go --init --entrypoint "" \ + -v $(PWD):/app:Z -v $(GOPATH):/go:Z --init --entrypoint "" \ $(HYPERKIT_BUILD_IMAGE) /bin/bash -c 'CC=o64-clang CXX=o64-clang++ /usr/bin/make $@' else $(if $(quiet),@echo " GO $@")