Merge pull request #642 from jimmidyson/docker-selinux

Add selinux labelling option to docker_image hook type
2026-01-14 04:50:20 -06:00 · 2017-11-02 17:50:28 -05:00
parent 3b10ef419d 2e5b4fcf4c
commit 61aa43ddd2
1 changed files with 4 additions and 1 deletions
--- a/pre_commit/languages/docker.py
+++ b/pre_commit/languages/docker.py
@@ -82,7 +82,10 @@ def docker_cmd():
        'docker', 'run',
        '--rm',
        '-u', '{}:{}'.format(os.getuid(), os.getgid()),
-        '-v', '{}:/src:rw'.format(os.getcwd()),
+        # https://docs.docker.com/engine/reference/commandline/run/#mount-volumes-from-container-volumes-from
+        # The `Z` option tells Docker to label the content with a private
+        # unshared label. Only the current container can use a private volume.
+        '-v', '{}:/src:rw,Z'.format(os.getcwd()),
        '--workdir', '/src',
    )