Use SelinuxContext.SHARED by default for mounting (#7187)

jeroen-vd-nl · monosoul · eddumelendez · web-flow · commit 9220816be660 · 2023-06-20T12:30:07.000-06:00
Co-authored-by: monosoul &lt;Kloz.Klaud@gmail.com&gt;
Co-authored-by: Eddú Meléndez &lt;eddu.melendez@gmail.com&gt;
diff --git a/core/src/main/java/org/testcontainers/containers/Container.java b/core/src/main/java/org/testcontainers/containers/Container.java
@@ -79,7 +79,7 @@ class ExecResult {
      * @param mode          the bind mode
      */
     default void addFileSystemBind(final String hostPath, final String containerPath, final BindMode mode) {
-        addFileSystemBind(hostPath, containerPath, mode, SelinuxContext.NONE);
+        addFileSystemBind(hostPath, containerPath, mode, SelinuxContext.SHARED);
     }
 
     /**
@@ -303,7 +303,7 @@ default SELF withClasspathResourceMapping(
         final String containerPath,
         final BindMode mode
     ) {
-        withClasspathResourceMapping(resourcePath, containerPath, mode, SelinuxContext.NONE);
+        withClasspathResourceMapping(resourcePath, containerPath, mode, SelinuxContext.SHARED);
         return self();
     }
 
diff --git a/core/src/main/java/org/testcontainers/containers/GenericContainer.java b/core/src/main/java/org/testcontainers/containers/GenericContainer.java
@@ -1290,7 +1290,7 @@ public SELF withClasspathResourceMapping(
         final String containerPath,
         final BindMode mode
     ) {
-        return withClasspathResourceMapping(resourcePath, containerPath, mode, SelinuxContext.NONE);
+        return withClasspathResourceMapping(resourcePath, containerPath, mode, SelinuxContext.SHARED);
     }
 
     /**
@@ -1305,10 +1305,10 @@ public SELF withClasspathResourceMapping(
     ) {
         final MountableFile mountableFile = MountableFile.forClasspathResource(resourcePath);
 
-        if (mode == BindMode.READ_ONLY && selinuxContext == SelinuxContext.NONE) {
-            withCopyFileToContainer(mountableFile, containerPath);
-        } else {
+        if (mode == BindMode.READ_WRITE) {
             addFileSystemBind(mountableFile.getResolvedPath(), containerPath, mode, selinuxContext);
+        } else {
+            withCopyFileToContainer(mountableFile, containerPath);
         }
 
         return self();
diff --git a/core/src/test/java/org/testcontainers/junit/CopyFileToContainerTest.java b/core/src/test/java/org/testcontainers/junit/CopyFileToContainerTest.java
@@ -49,15 +49,12 @@ public void shouldUseCopyOnlyWithReadOnlyClasspathResources() {
         String resource = "/test_copy_to_container.txt";
         GenericContainer<?> container = new GenericContainer<>(TestImages.TINY_IMAGE)
             .withClasspathResourceMapping(resource, "/readOnly", BindMode.READ_ONLY)
-            .withClasspathResourceMapping(resource, "/readOnlyNoSelinux", BindMode.READ_ONLY)
             .withClasspathResourceMapping(resource, "/readOnlyShared", BindMode.READ_ONLY, SelinuxContext.SHARED)
             .withClasspathResourceMapping(resource, "/readWrite", BindMode.READ_WRITE);
 
         Map<MountableFile, String> copyMap = container.getCopyToFileContainerPathMap();
         assertThat(copyMap).as("uses copy for read-only").containsValue("/readOnly");
-        assertThat(copyMap).as("uses copy for read-only and no Selinux").containsValue("/readOnlyNoSelinux");
-
-        assertThat(copyMap).as("uses mount for read-only with Selinux").doesNotContainValue("/readOnlyShared");
+        assertThat(copyMap).as("uses copy for read-only with Selinux").containsValue("/readOnlyShared");
         assertThat(copyMap).as("uses mount for read-write").doesNotContainValue("/readWrite");
     }
 
