Merge pull request #23667 from rhatdan/man

[ci:docs] Fix description of :Z to talk about pods
2024-08-27 09:43:43 +00:00 · 2024-08-27 09:43:43 +00:00 · 39f9d4ecae
parent 9892feedd9 1d5bdce3d9
commit 39f9d4ecae
1 changed files with 9 additions and 6 deletions
--- a/docs/source/markdown/options/volume.md
+++ b/docs/source/markdown/options/volume.md
@ -81,12 +81,15 @@ objects on the shared volumes. The **z** option tells Podman that two or more
 content with a shared content label. Shared volume labels allow all containers
 to read/write content. The **Z** option tells Podman to label the content with
 a private unshared label Only the current <<container|pod>> can use a private
-volume. Relabeling walks the file system under the volume and changes the label
-on each file, if the volume has thousands of inodes, this process takes a
-long time, delaying the start of the <<container|pod>>. If the volume
-was previously relabeled with the `z` option, Podman is optimized to not relabel
-a second time. If files are moved into the volume, then the labels can be
-manually change with the `chcon -Rt container_file_t PATH` command.
+volume. Note: all containers within a `pod` share the same SELinux label. This
+means all containers within said pod can read/write volumes shared into the
+container created with the `:Z` on any of one the containers. Relabeling walks
+the file system under the volume and changes the label on each file, if the
+volume has thousands of inodes, this process takes a long time, delaying the
+start of the <<container|pod>>. If the volume was previously relabeled with the
+`z` option, Podman is optimized to not relabel a second time. If files are
+moved into the volume, then the labels can be manually change with the
+`chcon -Rt container_file_t PATH` command.

 Note: Do not relabel system files and directories. Relabeling system content
 might cause other confined services on the machine to fail.  For these types