From d5f87d744b7a9f136d40f057b4d56fafd2d615be Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 6 Feb 2024 17:52:34 -0500 Subject: [PATCH] ci: Use `BOOTC_SKIP_SELINUX_HOST_CHECK`, test labeling of /etc As we work to change ostree to set up the labels for things even in a selinux-host-disabled case, let's test it here. --- .github/workflows/bootc.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/bootc.yaml b/.github/workflows/bootc.yaml index 2df323e63d..5d1cee8730 100644 --- a/.github/workflows/bootc.yaml +++ b/.github/workflows/bootc.yaml @@ -35,7 +35,9 @@ jobs: - name: bootc install run: | set -xeuo pipefail - sudo podman run --rm -ti --privileged -v /:/target --pid=host --security-opt label=disable \ + sudo podman run --env BOOTC_SKIP_SELINUX_HOST_CHECK=1 --rm -ti --privileged -v /:/target --pid=host --security-opt label=disable \ -v /var/lib/containers:/var/lib/containers \ localhost/test:latest bootc install to-filesystem --skip-fetch-check \ - --disable-selinux --replace=alongside /target + --replace=alongside /target + # Verify labeling for /etc + sudo ls -dZ /ostree/deploy/default/deploy/*.0/etc |grep :etc_t: