Step-by-step guide
To preserve the context of a directory structure if it is desired to be placed in a non standard location you need to create the root directory under a directory that has the desired context
For example the directory /var/lib/docker (the usual location for containers) context is container_var_lib_t , which is desired to be to allow containers to write data in providing that the container user has the right UID/GID access rights% ls -ldZ /var/lib/docker drwx--x--x. root root system_u:object_r:container_var_lib_t:s0 /var/lib/docker
Creating a directory in that location will inherit the desired context without the need of creating a new policy. As you see below the data directory inherited the container_var_lib_t context
% mkdir /var/lib/docker/data % ls -ldZ /var/lib/docker/data drwxr-x---. root root unconfined_u:object_r:container_var_lib_t:s0 /var/lib/docker/data
Now we can move the new directory in the desired location without be worried that selinux will complain about if the container wants to mount or access data
% mv /var/lib/docker/data / % ls -ldZ /data drwxr-x---. root root unconfined_u:object_r:container_var_lib_t:s0 /data
If you create the directory direct as root in the root partition, or copy instead of moving it it will have the context default_t
Related articles
Content by label
There is no content with the specified labels
Overview
Content Tools