I’ve decided to give Fedora CoreOS a try on a server as I’m a huge fan of Fedora Workstation - the best OS I’ve had, hands down.
However, I’ve stumbled upon an unexpected SELinux setup when I was trying to build a simple image like:
WORKDIR /srv/ COPY ./package.json ./yarn.lock ./ ENV PATH /srv/node_modules/.bin:$PATH RUN yarn install --production
The last command fails with
EACCES: permission denied, open '/srv/package.json' as SELinux denies access to
SELinux is preventing node from read access on the file package.json..
From my point of view, this is a bit unexpected. Changing
Dockerfiles to add labels doesn’t make sense to me. I guess labelling with
container_file_t in CI once the source code gets pulled would make a bit more sense?