Support Fedora Linux

[basil]

Unlike Ubuntu Linux, Fedora uses SELinux instead of AppArmor, which requires the ":Z" option when bind-mounting local volumes into the container. From the man page:

To change a label in the container context, you can add either of two suffixes :z or :Z to the volume mount. These suffixes tell Docker to relabel file objects on the shared volumes. The z option tells Docker that two containers share the volume content. As a result, Docker labels the content with a shared content label. Shared volume labels allow all containers to read/write content. The Z option tells Docker to label the content with a private unshared label. Only the current container can use a private volume.

Using the :Z option on an Ubuntu system with Docker does not cause harm, but it is effectively ignored since SELinux is not active. Docker will still process the bind mount, and the container should function as expected, provided the AppArmor profile (if any) allows the necessary access. By default, Docker on Ubuntu ships with AppArmor profiles that are permissive enough for most bind-mount use cases.

Implementation notes

I also had to remove the shared temporary directory, as it was not compatible with SELinux either. Fortunately it does not appear to be needed.

Testing done

Ran ./ath-container.sh on Fedora.

Submitter checklist

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests that demonstrate the feature works or the issue is fixed