Merge pull request #297 from cytopia/mount-options

Mount options: Allow SE Linux machines
2025-04-13 05:43:06 +00:00 · 2018-08-11 11:29:43 +02:00 · 2018-08-11 11:29:43 +02:00 · ebdd729212
commit ebdd729212
parent 75836f6afc dead8eac3d
5 changed files with 126 additions and 25 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -166,37 +166,37 @@ services:
      # HOST-DIRECTORY : DOCKER-DIRECTORY

      # Mount custom intranet
-      - ${DEVILBOX_PATH}/.devilbox/www:/var/www/default:ro
+      - ${DEVILBOX_PATH}/.devilbox/www:/var/www/default:ro${MOUNT_OPTIONS}

      # Mount custom mass virtual hosting
-      - ${HOST_PATH_HTTPD_DATADIR}:/shared/httpd
+      - ${HOST_PATH_HTTPD_DATADIR}:/shared/httpd:rw${MOUNT_OPTIONS}

      # Mount logs
-      - ${DEVILBOX_PATH}/log/php-fpm-${PHP_SERVER}:/var/log/php
+      - ${DEVILBOX_PATH}/log/php-fpm-${PHP_SERVER}:/var/log/php:rw${MOUNT_OPTIONS}

      # Mount Mail directory
-      - ${DEVILBOX_PATH}/mail:/var/mail
+      - ${DEVILBOX_PATH}/mail:/var/mail:rw${MOUNT_OPTIONS}

      # Mount DB Backup directory
-      - ${DEVILBOX_PATH}/backups:/shared/backups
+      - ${DEVILBOX_PATH}/backups:/shared/backups:rw${MOUNT_OPTIONS}

      # Mount devilbox user-defined *.ini files in order
      # to overwrite the default PHP.ini configuration
-      - ${DEVILBOX_PATH}/cfg/php-ini-${PHP_SERVER}:/etc/php-custom.d:ro
+      - ${DEVILBOX_PATH}/cfg/php-ini-${PHP_SERVER}:/etc/php-custom.d:ro${MOUNT_OPTIONS}

      # Mount devilbox user-defined PHP-FPM *.conf files in order
      # to overwrite the default PHP-FPM configuration
-      - ${DEVILBOX_PATH}/cfg/php-fpm-${PHP_SERVER}:/etc/php-fpm-custom.d:ro
+      - ${DEVILBOX_PATH}/cfg/php-fpm-${PHP_SERVER}:/etc/php-fpm-custom.d:ro${MOUNT_OPTIONS}

      # Mount devilbox user-defined *.so files in order
      # to load custom PHP modules
-      - ${DEVILBOX_PATH}/mod/php-fpm-${PHP_SERVER}:/usr/lib64/php/custom-modules:ro
+      - ${DEVILBOX_PATH}/mod/php-fpm-${PHP_SERVER}:/usr/lib64/php/custom-modules:ro${MOUNT_OPTIONS}

      # Mount devilbox user-defined bash config
-      - ${DEVILBOX_PATH}/bash:/etc/bashrc-devilbox.d
+      - ${DEVILBOX_PATH}/bash:/etc/bashrc-devilbox.d:rw${MOUNT_OPTIONS}

      # Certificate Authority public key
-      - ${DEVILBOX_PATH}/ca:/ca
+      - ${DEVILBOX_PATH}/ca:/ca:rw${MOUNT_OPTIONS}

    depends_on:
      - bind
@ -273,22 +273,22 @@ services:
      # HOST-DIRECTORY : DOCKER-DIRECTORY

      # Mount custom intranet
-      - ${DEVILBOX_PATH}/.devilbox/www:/var/www/default:ro
+      - ${DEVILBOX_PATH}/.devilbox/www:/var/www/default:ro${MOUNT_OPTIONS}

      # Mount custom mass virtual hosting
-      - ${HOST_PATH_HTTPD_DATADIR}:/shared/httpd
+      - ${HOST_PATH_HTTPD_DATADIR}:/shared/httpd:rw${MOUNT_OPTIONS}

      # Mount custom web server config directory
-      - ${DEVILBOX_PATH}/cfg/${HTTPD_SERVER}:/etc/httpd-custom.d
+      - ${DEVILBOX_PATH}/cfg/${HTTPD_SERVER}:/etc/httpd-custom.d:rw${MOUNT_OPTIONS}

      # Mount custom vhost-templates
-      - ${DEVILBOX_PATH}/cfg/vhost-gen:/etc/vhost-gen.d
+      - ${DEVILBOX_PATH}/cfg/vhost-gen:/etc/vhost-gen.d:rw${MOUNT_OPTIONS}

      # Mount logs
-      - ${DEVILBOX_PATH}/log/${HTTPD_SERVER}:/var/log/${HTTPD_SERVER}
+      - ${DEVILBOX_PATH}/log/${HTTPD_SERVER}:/var/log/${HTTPD_SERVER}:rw${MOUNT_OPTIONS}

      # Certificate Authority public key
-      - ${DEVILBOX_PATH}/ca:/ca
+      - ${DEVILBOX_PATH}/ca:/ca:rw${MOUNT_OPTIONS}

    depends_on:
      - bind
@ -342,17 +342,17 @@ services:
      # HOST-DIRECTORY : DOCKER-DIRECTORY

      # Mount logs
-      - ${DEVILBOX_PATH}/log/${MYSQL_SERVER}:/var/log/mysql
+      - ${DEVILBOX_PATH}/log/${MYSQL_SERVER}:/var/log/mysql:rw${MOUNT_OPTIONS}

      # Mount devilbox default overwrites
-      - ${DEVILBOX_PATH}/.devilbox/etc/${MYSQL_SERVER}:/etc/mysql/conf.d:ro
+      - ${DEVILBOX_PATH}/.devilbox/etc/${MYSQL_SERVER}:/etc/mysql/conf.d:ro${MOUNT_OPTIONS}

      # Mount devilbox user-defined cnf files in order
      # to overwrite the MySQL server configuration
-      - ${DEVILBOX_PATH}/cfg/${MYSQL_SERVER}:/etc/mysql/docker-default.d:ro
+      - ${DEVILBOX_PATH}/cfg/${MYSQL_SERVER}:/etc/mysql/docker-default.d:ro${MOUNT_OPTIONS}

      # Mount MySQL Data directory
-      - ${HOST_PATH_MYSQL_DATADIR}/${MYSQL_SERVER}:/var/lib/mysql
+      - ${HOST_PATH_MYSQL_DATADIR}/${MYSQL_SERVER}:/var/lib/mysql:rw${MOUNT_OPTIONS}

    depends_on:
      - bind
@ -386,10 +386,10 @@ services:
      # HOST-DIRECTORY : DOCKER-DIRECTORY

      # Mount logs
-      - ${DEVILBOX_PATH}/log/pgsql-${PGSQL_SERVER}:/var/log/postgresql
+      - ${DEVILBOX_PATH}/log/pgsql-${PGSQL_SERVER}:/var/log/postgresql:rw${MOUNT_OPTIONS}

      # Mount PostgreSQL Data directory
-      - ${HOST_PATH_PGSQL_DATADIR}/${PGSQL_SERVER}:/var/lib/postgresql/data/pgdata
+      - ${HOST_PATH_PGSQL_DATADIR}/${PGSQL_SERVER}:/var/lib/postgresql/data/pgdata:rw${MOUNT_OPTIONS}

    depends_on:
      - bind
@ -417,7 +417,7 @@ services:
      # HOST-DIRECTORY : DOCKER-DIRECTORY

      # Mount logs
-      - ${DEVILBOX_PATH}/log/redis-${REDIS_SERVER}:/var/log/redis
+      - ${DEVILBOX_PATH}/log/redis-${REDIS_SERVER}:/var/log/redis:rw${MOUNT_OPTIONS}

    depends_on:
      - bind
@ -445,7 +445,7 @@ services:
      # HOST-DIRECTORY : DOCKER-DIRECTORY

      # Mount logs
-      - ${DEVILBOX_PATH}/log/memcd-${MEMCD_SERVER}:/var/log/memcd
+      - ${DEVILBOX_PATH}/log/memcd-${MEMCD_SERVER}:/var/log/memcd:rw${MOUNT_OPTIONS}

    depends_on:
      - bind
@ -473,7 +473,7 @@ services:
      # HOST-DIRECTORY : DOCKER-DIRECTORY

      # Mount MongoDB Data directory
-      - ${HOST_PATH_MONGO_DATADIR}/${MONGO_SERVER}:/data/db
+      - ${HOST_PATH_MONGO_DATADIR}/${MONGO_SERVER}:/data/db:rw${MOUNT_OPTIONS}

    depends_on:
      - bind
--- a/docs/_includes/links/docker.rst
+++ b/docs/_includes/links/docker.rst
@ -115,3 +115,26 @@
   <a target="_blank" href="https://docs.docker.com/toolbox/toolbox_install_windows/#optional-add-shared-directories">
     Docker Toolbox on Windows: add shared directories <img src="https://raw.githubusercontent.com/cytopia/icons/master/11x11/ext-link.png" />
   </a>
+
+..
+   ============================================================
+   Docker Documention
+   ============================================================
+
+.. |ext_lnk_docker_bind_propagation| raw:: html
+
+   <a target="_blank" href="https://docs.docker.com/storage/bind-mounts/#configure-bind-propagation">
+     Docker: Configure bind propagation <img src="https://raw.githubusercontent.com/cytopia/icons/master/11x11/ext-link.png" />
+   </a>
+
+.. |ext_lnk_docker_selinux_label| raw:: html
+
+   <a target="_blank" href="https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label">
+     Docker: Configure the selinux label <img src="https://raw.githubusercontent.com/cytopia/icons/master/11x11/ext-link.png" />
+   </a>
+
+.. |ext_lnk_docker_mount_z_flag| raw:: html
+
+   <a target="_blank" href="https://stackoverflow.com/questions/35218194/what-is-z-flag-in-docker-containers-volumes-from-option/35222815#35222815">
+     Stackoverflow: What is the z flag <img src="https://raw.githubusercontent.com/cytopia/icons/master/11x11/ext-link.png" />
+   </a>
--- a/docs/configuration-files/env-file.rst
+++ b/docs/configuration-files/env-file.rst
@ -787,6 +787,40 @@ downloading libraries with ``composer`` and others.
 Being able to do that on both sides, removes the need to install any development tools (except your
 IDE/editor) on your host and have everything fully encapsulated into the containers itself.

+.. _env_mount_options:
+
+MOUNT_OPTIONS
+-------------
+
+This variable allows you to add custom mount options/flags to all mounted directories.
+Initially only ``rw`` or ``ro`` are applied to mount points, you can however extend this
+before starting up the Devilbox.
+
+
+------------------------------+--------------------+----------------+
+| Name                         | Allowed values     | Default value  |
+==============================+====================+================+
+| ``MOUNT_OPTIONS``            | valid mount option | empty          |
+------------------------------+--------------------+----------------+
+
+If you are on Linux with SELinux enabled, you will want to set this value to ``,z`` to modify
+SELinux labels in order to share mounts among multiple container.
+
+.. seealso::
+   * |ext_lnk_docker_bind_propagation|
+   * |ext_lnk_docker_selinux_label|
+   * |ext_lnk_docker_mount_z_flag|
+
+.. important::
+   When adding custom mount options, ensure to start with a leading ``,``, as those options
+   are prepended to already existing options.
+
+   .. code-block:: bash
+
+      MOUNT_OPTIONS=,z
+      MOUNT_OPTIONS=,cached
+
+

 .. _env_httpd_datadir:

--- a/docs/getting-started/install-the-devilbox.rst
+++ b/docs/getting-started/install-the-devilbox.rst
@ -99,6 +99,30 @@ Open the ``.env`` file with your favorite text editor and adjust those values:
   * :ref:`syncronize_container_permissions`


+OS specific setup
+=================
+
+Linux: SELinux
+--------------
+
+If you have SELinux enabled, you will also have to adjust the :ref:`env_mount_options` to allow
+shared mounts among multiple container:
+
+.. code-block:: bash
+   :caption: .env
+   :emphasize-lines: 3
+
+   host> vi .env
+
+   MOUNT_OPTIONS=,z
+
+.. seealso::
+   * https://github.com/cytopia/devilbox/issues/255
+   * :ref:`env_mount_options`
+   * |ext_lnk_docker_selinux_label|
+   * |ext_lnk_docker_mount_z_flag|
+
+
 Checklist
 =========

--- a/20
+++ b/20
@ -334,6 +334,26 @@ MONGO_SERVER=3.7
 ###
 ################################################################################

+###
+### Global mount options
+###
+### Note: When adding custom mount options, ensure to start with a
+###       leading ',' (comma), as those options are prepended to already
+###       existing mount options.
+###
+### Note: If no mount options are specified, leave this variable empty
+###       and do not add a leading ',' (comman).
+###
+### MOUNT_OPTIONS=,cached
+### MOUNT_OPTIONS=
+###
+### Example: Allow to share mounts accross container with SELINUX enabled
+###
+### MOUNT_OPTIONS=,z
+###
+MOUNT_OPTIONS=
+
+
 ###
 ### Local filesystem path to www projects.
 ###