From e75c1417a4a754ac9feb4a424fddf432410c9de5 Mon Sep 17 00:00:00 2001
From: redbeardymcgee <redbeardymcgee@proton.me>
Date: Sat, 8 Nov 2025 20:55:24 -0600
Subject: [PATCH] set SELinux label for volumes

`:Z` means the volume is not shared between containers. `:z` allows
other containers to share the volume, implying read/write.

Most volumes should be labeled `:Z` unless the volume must be shared
between multiple containers.
---
 docs/community-installation-guide.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/community-installation-guide.md b/docs/community-installation-guide.md
index ee55eb2..340eaca 100644
--- a/docs/community-installation-guide.md
+++ b/docs/community-installation-guide.md
@@ -145,7 +145,7 @@ AutoUpdate=registry
 Network=invidious.network
 HostName=invidious
 
-Volume=./config.yml:/invidious/config/config.yml
+Volume=./config.yml:/invidious/config/config.yml:Z
 ```
 
 ```ini
@@ -168,7 +168,7 @@ AutoUpdate=registry
 Network=invidious.network
 HostName=invidious-db
 
-Volume=invidious-db:/var/lib/postgresql/data
+Volume=invidious-db:/var/lib/postgresql/data:Z
 
 Environment=POSTGRES_DB=invidious
 Environment=POSTGRES_USER=kemal
@@ -199,7 +199,7 @@ AutoUpdate=registry
 Network=invidious.network
 HostName=invidious-companion
 
-Volume=invidious-companion-cache:/var/tmp/youtubei.js:rw
+Volume=invidious-companion-cache:/var/tmp/youtubei.js:rw,Z
 
 # WARNING: The container will fail to start without this env var
 # NOTE: The podman secret is preferred, but you may set the env var directly like this