From 02403c2e6d5c52c7ead901fb01d1d5c57bc90f8a Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Tue, 5 Mar 2024 11:02:44 +0100
Subject: [PATCH] Makefile: podman should have correct selinux label

pasta only works when we run as container_runtime_exec_t, now that pasta
is the default this means that the current binary will not work when
doing local dev without manually fixing the label.

There are also other parts where the correct label is important. So as a
simple fix always set the proper label in the bin/podman target.
This also means we can drop this line from the hack/bats script.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 Makefile  | 1 +
 hack/bats | 3 ---
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index dcaebd1729..e73638bda4 100644
--- a/Makefile
+++ b/Makefile
@@ -355,6 +355,7 @@ endif
 		$(GO_LDFLAGS) '$(LDFLAGS_PODMAN)' \
 		-tags "$(BUILDTAGS)" \
 		-o $@ ./cmd/podman
+	test -z "${SELINUXOPT}" || chcon -t container_runtime_exec_t $@
 
 # Disambiguate Linux vs Darwin/Windows platform binaries under distinct "bin" dirs
 $(SRCBINDIR):
diff --git a/hack/bats b/hack/bats
index ba26e0444a..20d4faaa08 100755
--- a/hack/bats
+++ b/hack/bats
@@ -64,9 +64,6 @@ Examples:
 export PODMAN=${PODMAN:-$(pwd)/bin/podman}
 export QUADLET=${QUADLET:-$(pwd)/bin/quadlet}
 
-# Because 'make' doesn't do this by default
-chcon -t container_runtime_exec_t $PODMAN
-
 # Directory in which
 TESTS=test/system