From e238d366083cfa7937b9f582846b0ca94ad9734a Mon Sep 17 00:00:00 2001 From: Avi Avraham Date: Mon, 25 May 2026 18:42:07 +0300 Subject: [PATCH 1/3] docs: add SELinux/RHEL notice to container quick start sections Users on RHEL, Fedora, and other SELinux-enforcing systems hit Permission denied and dubious ownership errors when following the Quick Start examples. The fix is documented in the Podman Rootless Mode section but there was no indication to look there. Added callouts to both README.md and CONTAINER.md Quick Start sections. Co-Authored-By: Claude Opus 4.6 --- CONTAINER.md | 2 ++ README.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/CONTAINER.md b/CONTAINER.md index f1bfebae..9fdf1a43 100644 --- a/CONTAINER.md +++ b/CONTAINER.md @@ -22,6 +22,8 @@ podman run --rm \ open ~/agentready-reports/report-latest.html ``` +> **RHEL / Fedora / SELinux users:** The commands above will fail with `Permission denied` or `dubious ownership` errors. See [Podman Rootless Mode](#podman-rootless-mode) for the required flags. + ## Usage ### Assess AgentReady Itself diff --git a/README.md b/README.md index 2beaf90d..d1cc16f1 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,8 @@ podman run --rm \ open ~/agentready-reports/report-latest.html ``` +> **RHEL / Fedora / SELinux users:** The commands above will fail on systems with SELinux enforcing. See the [Podman Rootless Mode](CONTAINER.md#podman-rootless-mode) section for required flags. + [See full container documentation →](CONTAINER.md) ### Python Package From ff6ac873e2f3fd134334c42999897cc03bcb16e4 Mon Sep 17 00:00:00 2001 From: Avi Avraham Date: Tue, 26 May 2026 16:38:16 +0300 Subject: [PATCH 2/3] docs: add :Z volume flags to Quick Start commands instead of callout Per review feedback, add SELinux :Z labels directly to the podman run volume mounts. The flag is silently ignored on non-SELinux systems, making it safe as the default for all users. Co-Authored-By: Claude Opus 4.6 --- CONTAINER.md | 6 ++---- README.md | 10 ++++------ 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/CONTAINER.md b/CONTAINER.md index 9fdf1a43..8b2b096d 100644 --- a/CONTAINER.md +++ b/CONTAINER.md @@ -13,8 +13,8 @@ mkdir -p ~/agentready-reports # Assess repository podman run --rm \ - -v /path/to/repo:/repo:ro \ - -v ~/agentready-reports:/reports \ + -v /path/to/repo:/repo:ro,Z \ + -v ~/agentready-reports:/reports:Z \ ghcr.io/ambient-code/agentready:latest \ assess /repo --output-dir /reports @@ -22,8 +22,6 @@ podman run --rm \ open ~/agentready-reports/report-latest.html ``` -> **RHEL / Fedora / SELinux users:** The commands above will fail with `Permission denied` or `dubious ownership` errors. See [Podman Rootless Mode](#podman-rootless-mode) for the required flags. - ## Usage ### Assess AgentReady Itself diff --git a/README.md b/README.md index d1cc16f1..5c45ea25 100644 --- a/README.md +++ b/README.md @@ -34,16 +34,16 @@ mkdir -p ~/agentready-reports # Assess AgentReady itself git clone https://github.com/ambient-code/agentready /tmp/agentready podman run --rm \ - -v /tmp/agentready:/repo:ro \ - -v ~/agentready-reports:/reports \ + -v /tmp/agentready:/repo:ro,Z \ + -v ~/agentready-reports:/reports:Z \ ghcr.io/ambient-code/agentready:latest \ assess /repo --output-dir /reports # Assess your repository # For large repos, add -i flag to confirm the size warning podman run --rm \ - -v /path/to/your/repo:/repo:ro \ - -v ~/agentready-reports:/reports \ + -v /path/to/your/repo:/repo:ro,Z \ + -v ~/agentready-reports:/reports:Z \ ghcr.io/ambient-code/agentready:latest \ assess /repo --output-dir /reports @@ -51,8 +51,6 @@ podman run --rm \ open ~/agentready-reports/report-latest.html ``` -> **RHEL / Fedora / SELinux users:** The commands above will fail on systems with SELinux enforcing. See the [Podman Rootless Mode](CONTAINER.md#podman-rootless-mode) section for required flags. - [See full container documentation →](CONTAINER.md) ### Python Package From aad34693189426581d4fd1dd94b1cd7aed9ab80f Mon Sep 17 00:00:00 2001 From: Avi Avraham Date: Thu, 28 May 2026 14:42:32 +0300 Subject: [PATCH 3/3] docs: use consistent lowercase :z SELinux labels across all podman examples Standardize on :z (shared label) instead of :Z (private label) for all podman volume mounts. Adds :z to examples that previously had no SELinux label. Docker/CI examples left unchanged as SELinux labels are Podman-specific. --- CONTAINER.md | 32 ++++++++++++++++---------------- README.md | 8 ++++---- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/CONTAINER.md b/CONTAINER.md index 8b2b096d..31cd8536 100644 --- a/CONTAINER.md +++ b/CONTAINER.md @@ -13,8 +13,8 @@ mkdir -p ~/agentready-reports # Assess repository podman run --rm \ - -v /path/to/repo:/repo:ro,Z \ - -v ~/agentready-reports:/reports:Z \ + -v /path/to/repo:/repo:ro,z \ + -v ~/agentready-reports:/reports:z \ ghcr.io/ambient-code/agentready:latest \ assess /repo --output-dir /reports @@ -35,8 +35,8 @@ mkdir -p ~/agentready-reports # Run assessment podman run --rm \ - -v /tmp/agentready:/repo:ro \ - -v ~/agentready-reports:/reports \ + -v /tmp/agentready:/repo:ro,z \ + -v ~/agentready-reports:/reports:z \ ghcr.io/ambient-code/agentready:latest \ assess /repo --output-dir /reports @@ -52,22 +52,22 @@ mkdir -p ./agentready-reports # Local repository podman run --rm \ - -v $(pwd):/repo:ro \ - -v $(pwd)/agentready-reports:/reports \ + -v $(pwd):/repo:ro,z \ + -v $(pwd)/agentready-reports:/reports:z \ ghcr.io/ambient-code/agentready:latest \ assess /repo --output-dir /reports # With additional options podman run --rm \ - -v $(pwd):/repo:ro \ - -v $(pwd)/agentready-reports:/reports \ + -v $(pwd):/repo:ro,z \ + -v $(pwd)/agentready-reports:/reports:z \ ghcr.io/ambient-code/agentready:latest \ assess /repo --output-dir /reports --verbose # Exclude specific assessors podman run --rm \ - -v $(pwd):/repo:ro \ - -v $(pwd)/agentready-reports:/reports \ + -v $(pwd):/repo:ro,z \ + -v $(pwd)/agentready-reports:/reports:z \ ghcr.io/ambient-code/agentready:latest \ assess /repo --output-dir /reports -e type_annotations -e test_execution ``` @@ -77,8 +77,8 @@ podman run --rm \ ```bash # Mount writable output directory podman run --rm \ - -v /path/to/repo:/repo:ro \ - -v $(pwd)/reports:/reports \ + -v /path/to/repo:/repo:ro,z \ + -v $(pwd)/reports:/reports:z \ ghcr.io/ambient-code/agentready:latest \ assess /repo --output-dir /reports @@ -227,8 +227,8 @@ Mount a writable output directory to save reports to your host filesystem: ```bash mkdir -p ~/agentready-reports podman run --rm \ - -v /repo:/repo:ro \ - -v ~/agentready-reports:/reports \ + -v /repo:/repo:ro,z \ + -v ~/agentready-reports:/reports:z \ ghcr.io/ambient-code/agentready:latest \ assess /repo --output-dir /reports ``` @@ -258,8 +258,8 @@ podman run --rm \ -e GIT_CONFIG_COUNT=1 \ -e GIT_CONFIG_KEY_0=safe.directory \ -e GIT_CONFIG_VALUE_0=/repo \ - -v $(pwd):/repo:ro \ - -v $(pwd)/agentready-reports:/reports \ + -v $(pwd):/repo:ro,z \ + -v $(pwd)/agentready-reports:/reports:z \ ghcr.io/ambient-code/agentready:latest \ assess /repo --output-dir /reports ``` diff --git a/README.md b/README.md index 5c45ea25..ae28a732 100644 --- a/README.md +++ b/README.md @@ -34,16 +34,16 @@ mkdir -p ~/agentready-reports # Assess AgentReady itself git clone https://github.com/ambient-code/agentready /tmp/agentready podman run --rm \ - -v /tmp/agentready:/repo:ro,Z \ - -v ~/agentready-reports:/reports:Z \ + -v /tmp/agentready:/repo:ro,z \ + -v ~/agentready-reports:/reports:z \ ghcr.io/ambient-code/agentready:latest \ assess /repo --output-dir /reports # Assess your repository # For large repos, add -i flag to confirm the size warning podman run --rm \ - -v /path/to/your/repo:/repo:ro,Z \ - -v ~/agentready-reports:/reports:Z \ + -v /path/to/your/repo:/repo:ro,z \ + -v ~/agentready-reports:/reports:z \ ghcr.io/ambient-code/agentready:latest \ assess /repo --output-dir /reports