From 3ad216ab0c866c3f0ee28968c4ba3a0d1736a1ea Mon Sep 17 00:00:00 2001
From: Kyle Pope <kyle.a.pope@outlook.com>
Date: Wed, 18 Mar 2026 04:38:16 +0800
Subject: [PATCH] Fix act_runner: add :z SELinux label to Docker socket mount

SELinux in enforcing mode blocks container access to the Docker
socket. The :z flag relabels the socket for shared container access.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 docker-compose.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yaml b/docker-compose.yaml
index e61be19..217f3c9 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -69,7 +69,7 @@ services:
     user: "0:0"
     volumes:
       - act_runner_data:/data
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/run/docker.sock:/var/run/docker.sock:z
     environment:
       - DOCKER_HOST=unix:///var/run/docker.sock
       - GITEA_INSTANCE_URL=https://git.sentinelforest.xyz