From 3eb80c52b129b4fbe8bd041fd0ba3ee0262e823a Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 28 Mar 2023 16:05:53 +0000 Subject: [PATCH] Support SELinux in docker-compose.yml examples (fix #324) (#1957) Signed-off-by: J0WI --- .../mariadb/apache/docker-compose.yml | 6 ++--- .../insecure/mariadb/fpm/docker-compose.yml | 8 +++--- .../postgres/apache/docker-compose.yml | 6 ++--- .../insecure/postgres/fpm/docker-compose.yml | 8 +++--- .../mariadb/apache/docker-compose.yml | 24 ++++++++--------- .../mariadb/fpm/docker-compose.yml | 26 +++++++++---------- .../postgres/apache/docker-compose.yml | 24 ++++++++--------- .../postgres/fpm/docker-compose.yml | 26 +++++++++---------- 8 files changed, 64 insertions(+), 64 deletions(-) diff --git a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml index 61ea1fc9..11ff5bf9 100644 --- a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml @@ -6,7 +6,7 @@ services: command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW restart: always volumes: - - db:/var/lib/mysql + - db:/var/lib/mysql:Z environment: - MYSQL_ROOT_PASSWORD= - MARIADB_AUTO_UPGRADE=1 @@ -24,7 +24,7 @@ services: ports: - 127.0.0.1:8080:80 volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z environment: - MYSQL_HOST=db - REDIS_HOST=redis @@ -38,7 +38,7 @@ services: image: nextcloud:apache restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z entrypoint: /cron.sh depends_on: - db diff --git a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml index 1b527b9e..e293a92c 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml @@ -6,7 +6,7 @@ services: command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW restart: always volumes: - - db:/var/lib/mysql + - db:/var/lib/mysql:Z environment: - MYSQL_ROOT_PASSWORD= - MARIADB_AUTO_UPGRADE=1 @@ -22,7 +22,7 @@ services: image: nextcloud:fpm-alpine restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z environment: - MYSQL_HOST=db - REDIS_HOST=redis @@ -38,7 +38,7 @@ services: ports: - 127.0.0.1:8080:80 volumes: - - nextcloud:/var/www/html:ro + - nextcloud:/var/www/html:z,ro depends_on: - app @@ -46,7 +46,7 @@ services: image: nextcloud:fpm-alpine restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z entrypoint: /cron.sh depends_on: - db diff --git a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml index 882f161e..0a48bd05 100644 --- a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml @@ -5,7 +5,7 @@ services: image: postgres:alpine restart: always volumes: - - db:/var/lib/postgresql/data + - db:/var/lib/postgresql/data:Z env_file: - db.env @@ -19,7 +19,7 @@ services: ports: - 127.0.0.1:8080:80 volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z environment: - POSTGRES_HOST=db - REDIS_HOST=redis @@ -33,7 +33,7 @@ services: image: nextcloud:apache restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z entrypoint: /cron.sh depends_on: - db diff --git a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml index 85fecdf1..97343ad9 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml @@ -5,7 +5,7 @@ services: image: postgres:alpine restart: always volumes: - - db:/var/lib/postgresql/data + - db:/var/lib/postgresql/data:z env_file: - db.env @@ -17,7 +17,7 @@ services: image: nextcloud:fpm-alpine restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z environment: - POSTGRES_HOST=db - REDIS_HOST=redis @@ -33,7 +33,7 @@ services: ports: - 127.0.0.1:8080:80 volumes: - - nextcloud:/var/www/html:ro + - nextcloud:/var/www/html:z,ro depends_on: - app @@ -41,7 +41,7 @@ services: image: nextcloud:fpm-alpine restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z entrypoint: /cron.sh depends_on: - db diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml index 4cf50d60..b88a3594 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml @@ -6,7 +6,7 @@ services: command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW restart: always volumes: - - db:/var/lib/mysql + - db:/var/lib/mysql:Z environment: - MYSQL_ROOT_PASSWORD= - MARIADB_AUTO_UPGRADE=1 @@ -22,7 +22,7 @@ services: image: nextcloud:apache restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z environment: - VIRTUAL_HOST= - LETSENCRYPT_HOST= @@ -42,7 +42,7 @@ services: image: nextcloud:apache restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z entrypoint: /cron.sh depends_on: - db @@ -57,10 +57,10 @@ services: labels: com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" volumes: - - certs:/etc/nginx/certs:ro - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/tmp/docker.sock:ro + - certs:/etc/nginx/certs:z,ro + - vhost.d:/etc/nginx/vhost.d:z + - html:/usr/share/nginx/html:z + - /var/run/docker.sock:/tmp/docker.sock:z,ro networks: - proxy-tier @@ -68,11 +68,11 @@ services: image: nginxproxy/acme-companion restart: always volumes: - - certs:/etc/nginx/certs - - acme:/etc/acme.sh - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/var/run/docker.sock:ro + - certs:/etc/nginx/certs:z + - acme:/etc/acme.sh:z + - vhost.d:/etc/nginx/vhost.d:z + - html:/usr/share/nginx/html:z + - /var/run/docker.sock:/var/run/docker.sock:z,ro networks: - proxy-tier depends_on: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml index 9667b5fe..94196e9f 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml @@ -6,7 +6,7 @@ services: command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW restart: always volumes: - - db:/var/lib/mysql + - db:/var/lib/mysql:Z environment: - MYSQL_ROOT_PASSWORD= - MARIADB_AUTO_UPGRADE=1 @@ -22,7 +22,7 @@ services: image: nextcloud:fpm-alpine restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z environment: - MYSQL_HOST=db - REDIS_HOST=redis @@ -36,7 +36,7 @@ services: build: ./web restart: always volumes: - - nextcloud:/var/www/html:ro + - nextcloud:/var/www/html:z,ro environment: - VIRTUAL_HOST= - LETSENCRYPT_HOST= @@ -51,7 +51,7 @@ services: image: nextcloud:fpm-alpine restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z entrypoint: /cron.sh depends_on: - db @@ -66,10 +66,10 @@ services: labels: com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" volumes: - - certs:/etc/nginx/certs:ro - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/tmp/docker.sock:ro + - certs:/etc/nginx/certs:z,ro + - vhost.d:/etc/nginx/vhost.d:z + - html:/usr/share/nginx/html:z + - /var/run/docker.sock:/tmp/docker.sock:z,ro networks: - proxy-tier @@ -77,11 +77,11 @@ services: image: nginxproxy/acme-companion restart: always volumes: - - certs:/etc/nginx/certs - - acme:/etc/acme.sh - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/var/run/docker.sock:ro + - certs:/etc/nginx/certs:z + - acme:/etc/acme.sh:z + - vhost.d:/etc/nginx/vhost.d:z + - html:/usr/share/nginx/html:z + - /var/run/docker.sock:/var/run/docker.sock:z,ro networks: - proxy-tier depends_on: diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml index 11b99c5e..243e06cf 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml @@ -5,7 +5,7 @@ services: image: postgres:alpine restart: always volumes: - - db:/var/lib/postgresql/data + - db:/var/lib/postgresql/data:Z env_file: - db.env @@ -17,7 +17,7 @@ services: image: nextcloud:apache restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z environment: - VIRTUAL_HOST= - LETSENCRYPT_HOST= @@ -37,7 +37,7 @@ services: image: nextcloud:apache restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z entrypoint: /cron.sh depends_on: - db @@ -52,10 +52,10 @@ services: labels: com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" volumes: - - certs:/etc/nginx/certs:ro - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/tmp/docker.sock:ro + - certs:/etc/nginx/certs:z,ro + - vhost.d:/etc/nginx/vhost.d:z + - html:/usr/share/nginx/html:z + - /var/run/docker.sock:/tmp/docker.sock:z,ro networks: - proxy-tier @@ -63,11 +63,11 @@ services: image: nginxproxy/acme-companion restart: always volumes: - - certs:/etc/nginx/certs - - acme:/etc/acme.sh - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/var/run/docker.sock:ro + - certs:/etc/nginx/certs:z + - acme:/etc/acme.sh:z + - vhost.d:/etc/nginx/vhost.d:z + - html:/usr/share/nginx/html:z + - /var/run/docker.sock:/var/run/docker.sock:z,ro networks: - proxy-tier depends_on: diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml index 6e411741..008d74af 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml @@ -5,7 +5,7 @@ services: image: postgres:alpine restart: always volumes: - - db:/var/lib/postgresql/data + - db:/var/lib/postgresql/data:Z env_file: - db.env @@ -17,7 +17,7 @@ services: image: nextcloud:fpm-alpine restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z environment: - POSTGRES_HOST=db - REDIS_HOST=redis @@ -31,7 +31,7 @@ services: build: ./web restart: always volumes: - - nextcloud:/var/www/html:ro + - nextcloud:/var/www/html:z,ro environment: - VIRTUAL_HOST= - LETSENCRYPT_HOST= @@ -46,7 +46,7 @@ services: image: nextcloud:fpm-alpine restart: always volumes: - - nextcloud:/var/www/html + - nextcloud:/var/www/html:z entrypoint: /cron.sh depends_on: - db @@ -61,10 +61,10 @@ services: labels: com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" volumes: - - certs:/etc/nginx/certs:ro - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/tmp/docker.sock:ro + - certs:/etc/nginx/certs:z,ro + - vhost.d:/etc/nginx/vhost.d:z + - html:/usr/share/nginx/html:z + - /var/run/docker.sock:/tmp/docker.sock:z,ro networks: - proxy-tier @@ -72,11 +72,11 @@ services: image: nginxproxy/acme-companion restart: always volumes: - - certs:/etc/nginx/certs - - acme:/etc/acme.sh - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/var/run/docker.sock:ro + - certs:/etc/nginx/certs:z + - acme:/etc/acme.sh:z + - vhost.d:/etc/nginx/vhost.d:z + - html:/usr/share/nginx/html:z + - /var/run/docker.sock:/var/run/docker.sock:z,ro networks: - proxy-tier depends_on: