Should not hardcode binding with rw,z or rw,Z permisions

[dmiles96]

I need to put "alloc_dir" on an NFS mount, so I can share data between tasks (/alloc for a task group does not cut it). Since I run with SELinux on, I mount NFS using something like this:

defaults,nolock,context="system_u:object_r:svirt_sandbox_file_t:s0"

If I then run docker via the CLI and pass in a path rooted at the nfs mount, with rw permissions, it works. But, if I set "alloc_dir", in the node configuration, to a path rooted at the nfs mount, it fails. I'm not an SELinux master, but I don't think re-labeling (using rw,z/rw,Z) is allowed with an nfs mount. The mount needs to be created with the context set (which I do in fstab, using the snippet I mentioned above). So, hardcoding a z or Z won't work in all scenarios. At the least, that needs to be an option people can turn off and on.

[diptanu]

I think we want this to be configurable, since this can vary based on the use cases and environments. We will try to get this in for 0.4

[diptanu]

@dmiles96 This was made tunable via adding the docker.volumes.selinuxlabel in Nomad client config in the 0.4 release. Closing this, please re-open if that didn't solve your use case.

[github-actions]

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.