If you use Docker on an SELinux-enabled Linux distribution like Fedora, you may have run into issues mounting host volumes, and are probably aware of the z flag to modify the SELinux label:

docker run --rm -v /var/www/letsencrypt:/var/www/letsencrypt:z nginx

What isn’t made very clear from the Docker docs is that you can specify multiple flags separated with commas, say ro,z to specify SELinux labeling and read-only:

docker run --rm -v /var/www/letsencrypt:/var/www/letsencrypt:ro,z nginx

Back to posts