7bda3abbc6
Use the ":z" suffix to tell Docker to relabel file objets on shared volumes. Fixes accessing filesystem via dbuild when SELinux is enabled. Message-Id: <20190128160557.2066-1-penberg@scylladb.com>
40 lines
840 B
Bash
Executable File
40 lines
840 B
Bash
Executable File
#!/bin/bash
|
|
|
|
here="$(realpath $(dirname "$0"))"
|
|
toplevel="$(realpath "$here/../..")"
|
|
group_args=()
|
|
docker_args=()
|
|
|
|
for gid in $(id -G); do
|
|
group_args+=(--group-add "$gid")
|
|
done
|
|
|
|
if [[ "$1" = -* ]]; then
|
|
while [[ "$1" != "--" && $# != 0 ]]; do
|
|
docker_args+=("$1")
|
|
shift
|
|
done
|
|
if [[ "$1" != "--" ]]; then
|
|
echo "Expected '--' to terminate docker flag list"
|
|
exit 1
|
|
fi
|
|
shift
|
|
fi
|
|
|
|
docker run \
|
|
--sig-proxy=true \
|
|
--rm \
|
|
-u "$(id -u):$(id -g)" \
|
|
"${group_args[@]}" \
|
|
--cap-add SYS_PTRACE \
|
|
-v "$PWD:$PWD:z" \
|
|
-v "$toplevel:$toplevel:z" \
|
|
-v /tmp:/tmp:z \
|
|
-v /etc/passwd:/etc/passwd:ro \
|
|
-v /etc/group:/etc/group:ro \
|
|
-v /etc/localtime:/etc/localtime:ro \
|
|
-w "$PWD" \
|
|
"${docker_args[@]}" \
|
|
"$(<"$here/image")" \
|
|
"$@"
|