From dcb4d43570e852d9a87221d1ca83c205fa32d5a3 Mon Sep 17 00:00:00 2001
From: Dan Čermák <dcermak@suse.com>
Date: Thu, 25 Aug 2022 10:56:41 +0200
Subject: [makefile] disable security labeling instead of using --privileged
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

$(CURDIR) is mounted in podman as is which causes issues on systems with SELinux
as then the container cannot read or write anything inside /src/. This has been
worked around with the --privileged flag, but that's a rather brutal
solution. Adding :Z is also suboptimal, as that requires a full relabeling after
every run. Instead, we disable security labeling via `--security-opt
label=disable` for this development container allowing us to run `make
vendor-in-container` unprivileged.

Signed-off-by: Dan Čermák <dcermak@suse.com>
---
 Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index d10c9cf19..0ced638a6 100644
--- a/Makefile
+++ b/Makefile
@@ -285,8 +285,9 @@ vendor:
 
 .PHONY: vendor-in-container
 vendor-in-container:
-	podman run --privileged --rm --env HOME=/root \
+	podman run --rm --env HOME=/root \
 		-v $(CURDIR):/src -w /src \
+		--security-opt label=disable \
 		docker.io/library/golang:1.17 \
 		make vendor
 
-- 
cgit v1.2.3-54-g00ecf