Note on installing MailWizz
Mailwizz has a pretty convenient ‘one-command install’ available here. However I hit a snag when trying to run it
[cc lang=”bash”]
RUN schema.sql…
/root/mailwizz-install.sh: line 7: /var/www/mailwizz/html/apps/common/data/install-sql/schema.sql: Permission denied
[/cc]
The reason is SELinux doesn’t allow the docker daemon to read anything outside /usr/ directory. To give docker permission you need to use the z option. According to project Atomic:
If you want to volume mount content under
/var
, for example, into a container you need to set the labels on this content. In thedocker run
man page we mention this.man docker-run ... When using SELinux, be aware that the host has no knowledge of container SELinux policy. Therefore, in the above example, if SELinux policy is enforced, the /var/db directory is not writable to the container. A "Permission Denied" message will occur and an avc: message in the host's syslog. To work around this, at time of writing this man page, the following command needs to be run in order for the proper SELinux policy type label to be attached to the host directory: # chcon -Rt svirt_sandbox_file_t /var/db
This got easier recently since Docker finally merged a patch which will be showing up in docker-1.7 (We have been carrying the patch in docker-1.6 on RHEL, CentOS, and Fedora).
This patch adds support for
zandZas options on the volume mounts (-v).For example:
docker run -v /var/db:/var/db:z rhel7 /bin/sh
Will automatically do the
chcon -Rt svirt_sandbox_file_t /var/db
described in the man page.Even better, you can use
Z
.docker run -v /var/db:/var/db:Z rhel7 /bin/sh
This will label the content inside the container with the exact MCS label that the container will run with, basically it runs
chcon -Rt svirt_sandbox_file_t -l s0:c1,c2 /var/db
wheres0:c1,c2
differs for each container.
In essence, after you encounter the error above, navigate to the docker-compose.yml file and add ‘:z’ to the volumes, like this:
mailwizz-php:
build: .
dockerfile: php-fpm/Dockerfile
container_name: mailwizz-php
volumes:
- ./mailwizz:/var/www/mailwizz:z
...
mailwizz-webserver:
build: .
dockerfile: caddy/Dockerfile
container_name: mailwizz-webserver
volumes:
- ./mailwizz:/var/www/mailwizz:z
- ./caddy/Caddyfile:/etc/Caddyfile:z
- ./caddy/certs:/root/.caddy:z
Then, rebuild the images with
docker-compose up --build --force-recreate --remove-orphans -d
Finally, run the installation command
docker exec -it mailwizz-php /root/mailwizz-install.sh
And voilĂ ! Your Mailwizz server is now up and running.