Makefile: podman should have correct selinux label

pasta only works when we run as container_runtime_exec_t, now that pasta is the default this means that the current binary will not work when doing local dev without manually fixing the label. There are also other parts where the correct label is important. So as a simple fix always set the proper label in the bin/podman target. This also means we can drop this line from the hack/bats script. Signed-off-by: Paul Holzinger <[email protected]>
containers · Mar 5, 2024 · 02403c2 · 02403c2
1 parent 3e1d2ab
commit 02403c2
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 3 deletions.
diff --git a/Makefile b/Makefile
@@ -355,6 +355,7 @@ endif
 		$(GO_LDFLAGS) '$(LDFLAGS_PODMAN)' \
 		-tags "$(BUILDTAGS)" \
 		-o $@ ./cmd/podman
+	test -z "${SELINUXOPT}" || chcon -t container_runtime_exec_t $@
 
 # Disambiguate Linux vs Darwin/Windows platform binaries under distinct "bin" dirs
 $(SRCBINDIR):

diff --git a/hack/bats b/hack/bats
@@ -64,9 +64,6 @@ Examples:
 export PODMAN=${PODMAN:-$(pwd)/bin/podman}
 export QUADLET=${QUADLET:-$(pwd)/bin/quadlet}
 
-# Because 'make' doesn't do this by default
-chcon -t container_runtime_exec_t $PODMAN
-
 # Directory in which
 TESTS=test/system