Fix permission denied error in Docker container on SELinux systems

Labeling systems like SELinux require that proper labels are placed on volume content mounted into a <<container|pod>>. Without a label, the security system might prevent the processes running inside the <<container|pod>> from using the content. By default, Podman does not change the labels set by the OS.[1]

1. https://docs.podman.io/en/v4.4/markdown/options/volume.html#Footnote1

Author: scadu

hooks/command

@@ -47,8 +47,8 @@ if [[ "${BUILDKITE_PLUGIN_JUNIT_ANNOTATE_RUN_IN_DOCKER:-true}" =~ "true" ]]; the
     --log-level "error" \
     run \
       --rm \
-      --volume "$artifacts_dir:/junits" \
-      --volume "$PLUGIN_DIR/ruby:/src" \
+      --volume "$artifacts_dir:/junits:Z" \
+      --volume "$PLUGIN_DIR/ruby:/src:Z" \
       --env "BUILDKITE_PLUGIN_JUNIT_ANNOTATE_JOB_UUID_FILE_PATTERN=${BUILDKITE_PLUGIN_JUNIT_ANNOTATE_JOB_UUID_FILE_PATTERN:-}" \
       --env "BUILDKITE_PLUGIN_JUNIT_ANNOTATE_FAILURE_FORMAT=${BUILDKITE_PLUGIN_JUNIT_ANNOTATE_FAILURE_FORMAT:-}" \
       --env "BUILDKITE_PLUGIN_JUNIT_ANNOTATE_REPORT_SLOWEST=${BUILDKITE_PLUGIN_JUNIT_ANNOTATE_REPORT_SLOWEST:-}" \