From 206cce2fb281352c4ac6aa3b333255c462a1a10b Mon Sep 17 00:00:00 2001
From: Robert Riemann <robert.riemann@edps.europa.eu>
Date: Fri, 18 Oct 2024 23:27:38 +0200
Subject: [PATCH] wip: compatibility with rootless podman and selinux

---
 docker-compose.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index ecbe4a5..92dd748 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,11 +4,12 @@ services:
   db:
 #    restart: always
     image: mariadb:10
+    security_opt: label=disable
     command: --default-authentication-plugin=mysql_native_password
     volumes:
       - openxpkidb:/var/lib/mysql
       - openxpkidbsocket:/var/run/mysqld/
-      - ./openxpki-config/contrib/sql/schema-mariadb.sql:/docker-entrypoint-initdb.d/schema-mariadb.sql
+      - ./openxpki-config/contrib/sql/schema-mariadb.sql:/docker-entrypoint-initdb.d/schema-mariadb.sql:z
     environment:
       MYSQL_DATABASE: openxpki
       MYSQL_USER: openxpki
@@ -18,9 +19,10 @@ services:
   openxpki-server:
 #    restart: always
     image: whiterabbitsecurity/openxpki3
+    security_opt: label=disable
     command: /usr/bin/openxpkictl start --no-detach
     volumes:
-      - ./openxpki-config:/etc/openxpki
+      - ./openxpki-config:/etc/openxpki:z
       - openxpkilog:/var/log/openxpki
       - openxpkisocket:/var/openxpki/
       - openxpkidbsocket:/var/run/mysqld/
@@ -33,12 +35,13 @@ services:
   openxpki-client:
 #    restart: always
     image: whiterabbitsecurity/openxpki3
+    security_opt: label=disable
     command: /usr/bin/start-apache
     ports:
       - "8080:80/tcp"
       - "8443:443/tcp"
     volumes:
-      - ./openxpki-config:/etc/openxpki
+      - ./openxpki-config:/etc/openxpki:z
       - openxpkilog:/var/log/openxpki
       - openxpkisocket:/var/openxpki/
       - openxpkidbsocket:/var/run/mysqld/