From d52d2af4b403a4a90f29937ac38a3f75d280dd24 Mon Sep 17 00:00:00 2001
From: Hao Liu <haoli@redhat.com>
Date: Wed, 4 May 2022 21:31:24 -0400
Subject: [PATCH] change SELinux label for EE volume mount

- The `z` option indicates that the bind mount content is shared among multiple containers.
- The `Z` option indicates that the bind mount content is private and unshared.

If multiple container attempt to mount the same directory `Z` option will cause a raise condition where only the last container started will have access to the file.

Ref: https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label
Signed-off-by: Hao Liu <haoli@redhat.com>
---
 awx/main/tasks/jobs.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/awx/main/tasks/jobs.py b/awx/main/tasks/jobs.py
index 63b07d1d8a..2963af669c 100644
--- a/awx/main/tasks/jobs.py
+++ b/awx/main/tasks/jobs.py
@@ -1451,8 +1451,8 @@ class RunProjectUpdate(BaseTask):
         params.setdefault('container_volume_mounts', [])
         params['container_volume_mounts'].extend(
             [
-                f"{project_path}:{project_path}:Z",
-                f"{cache_path}:{cache_path}:Z",
+                f"{project_path}:{project_path}:z",
+                f"{cache_path}:{cache_path}:z",
             ]
         )
         return params