System tests: add :Z to volume mounts

selinux-policy-34.9-1.fc34 breaks a behavior we've relied on
since (at least) January 2020:

   - Revert "Add permission open to files_read_inherited_tmp_files()
     interface"

That's probably the correct thing to do, but it breaks our
existing tests. Solution: add ':Z' where needed.

Tested on Ed's laptop, which has the offending selinux-policy
as of 2021-05-31. Tests pass root and rootless. (I mention
this because tests will obviously pass in CI, which has a
much older selinux-policy).

Signed-off-by: Ed Santiago <santiago@redhat.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index ccae703e5..55392ea47 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -600,12 +600,12 @@ json-file | f
     echo "$randomcontent" > $testdir/content
 
     # Workdir does not exist on the image but is volume mounted.
-    run_podman run --rm --workdir /IamNotOnTheImage -v $testdir:/IamNotOnTheImage $IMAGE cat content
+    run_podman run --rm --workdir /IamNotOnTheImage -v $testdir:/IamNotOnTheImage:Z $IMAGE cat content
     is "$output" "$randomcontent" "cat random content"
 
     # Workdir does not exist on the image but is created by the runtime as it's
     # a subdir of a volume.
-    run_podman run --rm --workdir /IamNotOntheImage -v $testdir/content:/IamNotOntheImage/foo $IMAGE cat foo
+    run_podman run --rm --workdir /IamNotOntheImage -v $testdir/content:/IamNotOntheImage/foo:Z $IMAGE cat foo
     is "$output" "$randomcontent" "cat random content"
 
     # Make sure that running on a read-only rootfs works (#9230).