Skip to content

Add SELinux option for volume bind mount #356

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
recursiveGecko wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add SELinux option for volume bind mount #356

recursiveGecko wants to merge 1 commit into from

Conversation

@recursiveGecko
Copy link

@recursiveGecko recursiveGecko commented Sep 29, 2025
edited by coderabbitai bot
Loading

On systems with SELinux, bind mounts in user folders don't have the necessary SELinux labels to be accessed by containers. Adding the z option allows the mount to be accessed by any container and it shouldn't have any side effects on other systems.

Docs: https://docs.docker.com/reference/compose-file/services/#volumes

image

Before:

image image

After:

image image

Summary by CodeRabbit

  • Bug Fixes

    • Resolved permission conflicts on SELinux-enabled systems by adjusting container volume options, reducing startup failures and read/write errors during local and self-hosted deployments.

  • Chores

    • Updated Docker Compose volume configuration to be SELinux-compatible for broader platform support.
    • Maintains existing service behavior and health checks with no user-facing changes.

@coderabbitai
Copy link

coderabbitai bot commented Sep 29, 2025
edited
Loading

Walkthrough

Updated docker-compose volume mount for the comet service to append the SELinux volume option modifier “:z” on the host path mapping, without altering target paths or other service configuration.

Changes

Cohort / File(s) Summary
Docker Compose volume options
deployment/docker-compose.yml		 Adjusted comet service volume from ./data/comet:/app/data to ./data/comet:/app/data:z to include SELinux-compatible context sharing. No other service or healthcheck changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

I nudge a mount with gentle “:z” flair,
So SELinux smiles and grants us share.
A tiny tweak in compose’s sea,
Keeps comet’s data roaming free.
Hop, hop—configs align just right,
Carrots cached, containers bright! 🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title clearly and concisely describes the primary change of adding an SELinux mount option to the volume bind in Docker Compose, which aligns directly with the modifications in deployment/docker-compose.yml and the PR’s objectives. It highlights the most significant intent without unnecessary detail or noise, allowing teammates to quickly understand the focus of the changeset.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

  • Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
  • Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Sep 29, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 10b6131 and 5acd09c.

📒 Files selected for processing (1)
  • deployment/docker-compose.yml (1 hunks)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@recursiveGecko