Note on installing MailWizz

Mailwizz has a pretty convenient ‘one-command install’ available here. However I hit a snag when trying to run it

[cc lang=”bash”]
RUN schema.sql…
/root/mailwizz-install.sh: line 7: /var/www/mailwizz/html/apps/common/data/install-sql/schema.sql: Permission denied
[/cc]

The reason is SELinux doesn’t allow the docker daemon to read anything outside /usr/ directory. To give docker permission you need to use the z option. According to project Atomic:

If you want to volume mount content under /var, for example, into a container you need to set the labels on this content. In the docker run man page we mention this.

man docker-run
...
When  using  SELinux,  be  aware that the host has no knowledge of container SELinux policy. Therefore, in the above example, if SELinux policy  is enforced,  the /var/db directory is not  writable to the container. A "Permission Denied" message will occur and an avc: message in the host's syslog.

To  work  around  this, at time of writing this man page, the following command needs to be run in order for the  proper  SELinux  policy  type label to be attached to the host directory:

# chcon -Rt svirt_sandbox_file_t /var/db

This got easier recently since Docker finally merged a patch which will be showing up in docker-1.7 (We have been carrying the patch in docker-1.6 on RHEL, CentOS, and Fedora).

This patch adds support for z and Z as options on the volume mounts (-v).

For example:

  docker run -v /var/db:/var/db:z rhel7 /bin/sh

Will automatically do the chcon -Rt svirt_sandbox_file_t /var/db described in the man page.

Even better, you can use Z.

  docker run -v /var/db:/var/db:Z rhel7 /bin/sh

This will label the content inside the container with the exact MCS label that the container will run with, basically it runs chcon -Rt svirt_sandbox_file_t -l s0:c1,c2 /var/db where s0:c1,c2 differs for each container.

 

In essence, after you encounter the error above, navigate to the docker-compose.yml file and add ‘:z’ to the volumes, like this:


mailwizz-php:
build: .
dockerfile: php-fpm/Dockerfile
container_name: mailwizz-php
volumes:
- ./mailwizz:/var/www/mailwizz:z

...
mailwizz-webserver:
build: .
dockerfile: caddy/Dockerfile
container_name: mailwizz-webserver
volumes:
- ./mailwizz:/var/www/mailwizz:z
- ./caddy/Caddyfile:/etc/Caddyfile:z
- ./caddy/certs:/root/.caddy:z

Then, rebuild the images with

docker-compose up --build --force-recreate --remove-orphans -d

Finally, run the installation command

docker exec -it mailwizz-php /root/mailwizz-install.sh

And voilà! Your Mailwizz server is now up and running.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.