walters added a new comment to an issue you are following:
I could see /var/srv/containers
Sure. Though what else would one be doing in `/srv` on AH/Silverblue? That said I'm
fine with a subdirectory.
Labeling something container_file_t:s0 allows all of the containers
to attack each others content based on SELinux.
One use case I have is for different "pet" containers to be able to easily
exchange data. Or in general, to run a perhaps less-trusted container, point it at `-v
/srv/somedata`, and then kill it. At that point I can safely interact with
To rephrase the original rationale: If you prefix your bind mount with `/srv` then you
don't have to worry about SELinux labeling.
 Or whatever prefix we decide on
To reply, visit the link below or just reply to this email