containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[makefile] disable security labeling instead of using --privileged 

$(CURDIR) is mounted in podman as is which causes issues on systems with SELinux
as then the container cannot read or write anything inside /src/. This has been
worked around with the --privileged flag, but that's a rather brutal
solution. Adding :Z is also suboptimal, as that requires a full relabeling after
every run. Instead, we disable security labeling via `--security-opt
label=disable` for this development container allowing us to run `make
vendor-in-container` unprivileged.

Signed-off-by: Dan Čermák <dcermak@suse.com>
This commit is contained in:
Dan Čermák 2022-08-25 10:56:41 +02:00
parent d68eea6014
commit dcb4d43570
No known key found for this signature in database
GPG Key ID: 8F8C178E966641D3
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile
View File

@ -285,8 +285,9 @@ vendor:
.PHONY: vendor-in-container .PHONY: vendor-in-container
vendor-in-container: vendor-in-container:
podman run --privileged --rm --env HOME=/root \ podman run --rm --env HOME=/root \
-v $(CURDIR):/src -w /src \ -v $(CURDIR):/src -w /src \
--security-opt label=disable \
docker.io/library/golang:1.17 \ docker.io/library/golang:1.17 \
make vendor make vendor