eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-02-16 18:50:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Merge pull request #4047 from nextcloud/enh/4039/disable-selinux

Browse source 
disable SELinux for AIO containers
This commit is contained in:
Simon L 2024-01-17 09:47:56 +01:00 committed by GitHub
commit 18237f59a7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
php/src/Docker/DockerActionManager.php
View file

@ -522,6 +522,9 @@ class DockerActionManager
$requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"]; $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
} }
// Disable SELinux for AIO containers so that it does not break them
$requestBody['HostConfig']['SecurityOpt'] = ["label:disable"];
$mounts = []; $mounts = [];
// Special things for the backup container which should not be exposed in the containers.json // Special things for the backup container which should not be exposed in the containers.json
@ -553,9 +556,6 @@ class DockerActionManager
} }
$mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]]; $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
} }
// Special things for the watchtower and docker-socket-proxy container which should not be exposed in the containers.json
} elseif ($container->GetIdentifier() === 'nextcloud-aio-watchtower' || $container->GetIdentifier() === 'nextcloud-aio-docker-socket-proxy') {
$requestBody['HostConfig']['SecurityOpt'] = ["label:disable"];
} }
if (count($mounts) > 0) { if (count($mounts) > 0) {