Using ad hoc Docker volumes on SELinux systems

I've recently tried running some quick Docker commands using host's directory as a volume:

docker run -i -t -v `pwd`:/mnt debian:jessie bash -c "ls -hal /mnt"
ls: cannot open directory /mnt: Permission denied

I use Fedora as my main OS, which, it turns out, has some pretty nice SELinux settings. These deny access from inside the container to the outside. Said Fedora consists mostly of almost-newest-but-stable everything though, which makes Docker to be in a fairly recent version. A version that understands how to change a SELinux context for the directory we're mounting, by itself ! You need at least Docker v1.7 for this.

docker run -i -t -v `pwd`:/mnt:Z debian:jessie bash -c "ls -hal /mnt"
total 8.0K
drwxrwxr-x.  2 1000 1000 4.0K Dec 30 18:34 .
drwxr-xr-x. 21 root root  242 Dec 30 19:07 ..

Please notice the capital Z as a mount parameter. And that is it. Mostly. Some cleanup remains, as docker leaves the host's directory with a changed SELinux context. To restore it you need to

restorecon -R `pwd`

Or use any other path you'd like instead of `pwd` in the examples above. Happy dockerizing !

RustFest - organization was the best. Also rhymes.

I went to RustFest and it was amazing !

It was clearly the best conference organizational-wise I've been to so far. It made me think of what I really liked there. What made it so awesome and welcomy ? To me this was a large number of small things just coming together. I listing them here for me to remember and for others to use. Let's make conferences at least this friendly, together !

Before the event:

  • very clear emails, repeating messages couple of times in different emails for the important stuff
  • maps of the popular routes provided, e.g. from the airport and bus station
  • supporter ticket sale - two times the price - you pay for another person that wouldn't be able to get a ticket otherwise
  • survey on dietary requirements/allergies
  • survey on childcare needs
  • clear statement of the code of conduct for the conference

During the event:

  • very good MC person

    • keeping people entertained through the tech breaks
    • keeping tabs on the talk length, allowing appropriate amount of questions if the time allowed
  • live captioning of all talks - small screen outside of the view of the main screen with the text live

  • getting the next speaker prepared and mic-tested before the end of the current talk

  • quiet room to rest with clear rules on no talking and interrupting there

  • clear signage for the different parts of the venue (washrooms, quiet room, party space etc)

  • washrooms

    • all same, ungendered

    • basic items for free in said washrooms

      • chewing gum
      • tooth paste
      • tampons, pads
      • baby wipes
  • info desk/registration

    • clear info during registration, handing out programme
    • asking people if they want to be on the photos - giving out lanyards accordingly - flashy red lanyards for people who do not want photos of them taken
  • emergency number to call with stated purpose

    • code of conduct violation
    • if you are lost in the city