From 9fa002bf3bfbbeb1f7fcb6c675eec16b0683997f Mon Sep 17 00:00:00 2001
From: Wes Turner <wes@wrd.nu>
Date: Mon, 29 Jun 2020 06:00:41 -0400
Subject: [PATCH] SEC: add :z/:Z to volumes for SELinux in
 {local,production}.yml

---
 {{cookiecutter.project_slug}}/local.yml      | 8 ++++----
 {{cookiecutter.project_slug}}/production.yml | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/{{cookiecutter.project_slug}}/local.yml b/{{cookiecutter.project_slug}}/local.yml
index 528e59b2c..757f4b752 100644
--- a/{{cookiecutter.project_slug}}/local.yml
+++ b/{{cookiecutter.project_slug}}/local.yml
@@ -17,7 +17,7 @@ services:
       - mailhog
       {%- endif %}
     volumes:
-      - .:/app
+      - .:/app:z
     env_file:
       - ./.envs/.local/.django
       - ./.envs/.local/.postgres
@@ -32,8 +32,8 @@ services:
     image: {{ cookiecutter.project_slug }}_production_postgres
     container_name: postgres
     volumes:
-      - local_postgres_data:/var/lib/postgresql/data
-      - local_postgres_data_backups:/backups
+      - local_postgres_data:/var/lib/postgresql/data:Z
+      - local_postgres_data_backups:/backups:z
     env_file:
       - ./.envs/.local/.postgres
 
@@ -113,7 +113,7 @@ services:
     depends_on:
       - django
     volumes:
-      - .:/app
+      - .:/app:z
       # http://jdlm.info/articles/2016/03/06/lessons-building-node-app-docker.html
       - /app/node_modules
     command: npm run dev
diff --git a/{{cookiecutter.project_slug}}/production.yml b/{{cookiecutter.project_slug}}/production.yml
index 2cd2af132..bbed09af8 100644
--- a/{{cookiecutter.project_slug}}/production.yml
+++ b/{{cookiecutter.project_slug}}/production.yml
@@ -25,8 +25,8 @@ services:
       dockerfile: ./compose/production/postgres/Dockerfile
     image: {{ cookiecutter.project_slug }}_production_postgres
     volumes:
-      - production_postgres_data:/var/lib/postgresql/data
-      - production_postgres_data_backups:/backups
+      - production_postgres_data:/var/lib/postgresql/data:Z
+      - production_postgres_data_backups:/backups:z
     env_file:
       - ./.envs/.production/.postgres
 
@@ -38,7 +38,7 @@ services:
     depends_on:
       - django
     volumes:
-      - production_traefik:/etc/traefik/acme
+      - production_traefik:/etc/traefik/acme:Z
     ports:
       - "0.0.0.0:80:80"
       - "0.0.0.0:443:443"
@@ -75,5 +75,5 @@ services:
     env_file:
       - ./.envs/.production/.django
     volumes:
-      - production_postgres_data_backups:/backups
+      - production_postgres_data_backups:/backups:z
   {%- endif %}