Cannot mount cifs-drive over docker with SE-Linux enabled for docker

I have docker container which wants access to a drive on its host, which in turn is mounted with cifs from a server on the local network. If you mount it normally with a -v host:container and try to access it from the container, you get an access denied. If you try the old classic SE-Linux-friendly -v host:container:Z, it will look like this from the container: root@c3ada26b1d90:/# l /data/* /data/backup: ls: cannot access '/data/backup/config.json': Permission denied 27177a66e938a02ae784c0bc9ccd74751a32c00f4fcaee22ef1d78894c70553a-stdin| config.json init-stdin| 27177a66e938a02ae784c0bc9ccd74751a32c00f4fcaee22ef1d78894c70553a-stdout| init-stderr| init-stdout| To make it work, you have to change the SE-Linux-type from cifs_t to something more container-y. In your /etc/fstab, you can mount it like this: ...

Example smb.conf

# This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #======================= Global Settings ===================================== [global] netbios name = David workgroup = WORKGROUP server string = David wins support = true dns proxy = no hosts allow = 192.168.1. security = user map to guest = Bad User default service = global #server signing = mandatory ; Doesn't seem to work on OSX #log level = 2 log file = /var/log/samba/%m.log max log size = 50 public = yes available = yes browseable = yes only guest = yes read only = yes ; Disable printers load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes #============================ Share Definitions ============================== [ftp] comment = Public Stuff path = /var/ftp/public read only = no directory mask = 5777 create mask = 5677

April 27, 2015  |  🏷️Samba 🏷️Cifs