[jira] [Commented] (KAFKA-20039) Fix Docker mount permission errors on SELinux-enabled systems

Sat, 10 Jan 2026 06:05:06 -0800 


    [ 
https://issues.apache.org/jira/browse/KAFKA-20039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18051003#comment-18051003
 ] 

ASF GitHub Bot commented on KAFKA-20039:
----------------------------------------

Parkerhiphop opened a new pull request, #781:
URL: https://github.com/apache/kafka-site/pull/781

   ### Description
   This PR fixes Docker mount permission errors on SELinux-enabled systems by 
appending the `:z` suffix to volume mounts.
   
   - Modified `Makefile` (build and serve targets)
   - Modified `.github/workflows/build-docker-image.yml`
   
   The `:z` flag instructs Docker to relabel the volume content with the 
correct SELinux context. On non-SELinux systems, this flag is ignored by 
Docker, ensuring backward compatibility.
   
   ### JIRA
   https://issues.apache.org/jira/browse/KAFKA-20039
   
   ### Testing & Verification
   I have verified this change locally to ensure no regression on non-SELinux 
environments.
   
   **Environment:**
   - OS: macOS 14.1.2
   - Docker Version: 28.5.2
   - SELinux: Disabled/Not present
   
   **Steps Performed:**
   1. Ran `make build`: Verified that the static site generates successfully 
without errors.
   2. Ran `make serve`: Verified that the local server starts at 
http://localhost:1313 without permission errors.
   
   **Result:**
   The build passed and the site is accessible, confirming that the `:z` flag 
is safely ignored on non-SELinux systems.
   
   **Screenshots:**
   <img width="1024" height="720" alt="image" 
src="https://github.com/user-attachments/assets/b51b6675-5321-43a7-8605-f5454b5d9d92";
 />
   <img width="1023" height="899" alt="image" 
src="https://github.com/user-attachments/assets/9f7da505-c25e-436b-95c7-7618ad948e27";
 />
   




> Fix Docker mount permission errors on SELinux-enabled systems
> -------------------------------------------------------------
>
>                 Key: KAFKA-20039
>                 URL: https://issues.apache.org/jira/browse/KAFKA-20039
>             Project: Kafka
>          Issue Type: Bug
>            Reporter: Chia-Ping Tsai
>            Assignee: Cheng Yi Chang
>            Priority: Minor
>
> When running the Docker command (e.g., via {{{}make serve{}}}) on Linux 
> distributions with SELinux enabled (such as Fedora, RHEL, or CentOS), the 
> container fails to write to the mounted volume. 
> {code:java}
>  Error: command error: failed to load modules: failed to apply mounts 
> for project: failed to open dir "/src": "open /src: permission denied"  make: 
> *** [Makefile:39: serve] 錯誤 1  {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to