Documentation notes about running Fn on SELinux systems (#507)

Documentation notes about running Fn on SELinux systems

docs/operating/options.md

@@ -2,7 +2,7 @@
 
 ## Default run command for production
 
-This will run with docker in docker. 
+This will run with docker in docker.
 
 ```sh
 docker run --privileged --rm --name fns -it -v $PWD/data:/app/data -p 80:8080 fnproject/fnserver
@@ -50,6 +50,10 @@ One way is to mount the host Docker. Everything is essentially the same except y
 docker run --rm --name functions -it -v /var/run/docker.sock:/var/run/docker.sock -v $PWD/data:/app/data -p 8080:8080 fnproject/fnserver
 ```
 
+On Linux systems where SELinux is enabled and set to "Enforcing", SELinux will stop the container from accessing
+the host docker and the local directory mounted as a volume, so this method cannot be used unless security restrictions
+are disabled.
+
 ### Run outside Docker
 
 You can of course just run the binary directly, you'll just have to change how you set the environment variables above.

docs/operating/selinux.md

@@ -0,0 +1,20 @@
+# Running on SELinux systems
+
+Systems such as OEL 7.x where SELinux is enabled and the security policies are set to "Enforcing" will restrict Fn from
+running containers and mounting volumes.
+
+For local development, you can relax SELinux constraints by running this command in a root shell:
+
+```sh
+setenforce permissive
+```
+
+Then you will be able to run `fn start` as normal.
+
+Alternatively, use the docker-in-docker deployment that a production system would use:
+
+```sh
+docker run --privileged --rm --name fns -it -v $PWD/data:/app/data -p 8080:8080 fnproject/functions
+```
+
+Check the [operating options](options.md) for further details about this.