SELinux Podman security options

Problem to solve

The documentation mentions problems with SELinux and Podman, and the proposed solution poses a security risk because it disables SELinux in the container.

Proposal

Simply set the MCS category for all containers launched by the runner.

For example:

[[runners]]
[runners.docker]
security_opt = ["label=level:s0:c1000,c1000"]

This will force the MCS category for all volumes created by Podman and resolve cache permission issues.

Who can address the issue

Someone with knowledge of SELinux.

Other links/references

This documentation section was added by MR !5661 (merged).