aboutsummaryrefslogtreecommitdiff
path: root/Makefile
diff options
context:
space:
mode:
authorDan Čermák <dcermak@suse.com>2022-08-25 10:56:41 +0200
committerDan Čermák <dcermak@suse.com>2022-08-29 09:03:52 +0200
commitdcb4d43570e852d9a87221d1ca83c205fa32d5a3 (patch)
tree2e1a1ed41af702dd280be246fd519d73c6637cd0 /Makefile
parentd68eea60148e9fa4e24697104caa691b7e783380 (diff)
downloadpodman-dcb4d43570e852d9a87221d1ca83c205fa32d5a3.tar.gz
podman-dcb4d43570e852d9a87221d1ca83c205fa32d5a3.tar.bz2
podman-dcb4d43570e852d9a87221d1ca83c205fa32d5a3.zip
[makefile] disable security labeling instead of using --privileged
$(CURDIR) is mounted in podman as is which causes issues on systems with SELinux as then the container cannot read or write anything inside /src/. This has been worked around with the --privileged flag, but that's a rather brutal solution. Adding :Z is also suboptimal, as that requires a full relabeling after every run. Instead, we disable security labeling via `--security-opt label=disable` for this development container allowing us to run `make vendor-in-container` unprivileged. Signed-off-by: Dan Čermák <dcermak@suse.com>
Diffstat (limited to 'Makefile')
-rw-r--r--Makefile3
1 files changed, 2 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index d10c9cf19..0ced638a6 100644
--- a/Makefile
+++ b/Makefile
@@ -285,8 +285,9 @@ vendor:
.PHONY: vendor-in-container
vendor-in-container:
- podman run --privileged --rm --env HOME=/root \
+ podman run --rm --env HOME=/root \
-v $(CURDIR):/src -w /src \
+ --security-opt label=disable \
docker.io/library/golang:1.17 \
make vendor