From f0cf940cb531ea64bef91d609923015c74e9e9cd Mon Sep 17 00:00:00 2001
From: Jimmi Dyson <jimmidyson@gmail.com>
Date: Mon, 23 Oct 2017 11:08:06 +0100
Subject: [PATCH 1/2] Add selinux labelling option to docker_image hook type

---
 pre_commit/languages/docker.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pre_commit/languages/docker.py b/pre_commit/languages/docker.py
index 3dddf618..0d063cb9 100644
--- a/pre_commit/languages/docker.py
+++ b/pre_commit/languages/docker.py
@@ -82,7 +82,7 @@ def docker_cmd():
         'docker', 'run',
         '--rm',
         '-u', '{}:{}'.format(os.getuid(), os.getgid()),
-        '-v', '{}:/src:rw'.format(os.getcwd()),
+        '-v', '{}:/src:rw,Z'.format(os.getcwd()),
         '--workdir', '/src',
     )
 

From 2e5b4fcf4c1d816803091d2781c105cc4e44175c Mon Sep 17 00:00:00 2001
From: Anthony Sottile <asottile@umich.edu>
Date: Thu, 2 Nov 2017 15:30:08 -0700
Subject: [PATCH 2/2] Add comment about Z flag for selinux

---
 pre_commit/languages/docker.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pre_commit/languages/docker.py b/pre_commit/languages/docker.py
index 0d063cb9..f5eed752 100644
--- a/pre_commit/languages/docker.py
+++ b/pre_commit/languages/docker.py
@@ -82,6 +82,9 @@ def docker_cmd():
         'docker', 'run',
         '--rm',
         '-u', '{}:{}'.format(os.getuid(), os.getgid()),
+        # https://docs.docker.com/engine/reference/commandline/run/#mount-volumes-from-container-volumes-from
+        # The `Z` option tells Docker to label the content with a private
+        # unshared label. Only the current container can use a private volume.
         '-v', '{}:/src:rw,Z'.format(os.getcwd()),
         '--workdir', '/src',
     )