opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-20 00:27:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

[makefile] disable security labeling instead of using --privileged

Browse Source 
$(CURDIR) is mounted in podman as is which causes issues on systems with SELinux
as then the container cannot read or write anything inside /src/. This has been
worked around with the --privileged flag, but that's a rather brutal
solution. Adding :Z is also suboptimal, as that requires a full relabeling after
every run. Instead, we disable security labeling via `--security-opt
label=disable` for this development container allowing us to run `make
vendor-in-container` unprivileged.

Signed-off-by: Dan Čermák <dcermak@suse.com>
This commit is contained in:
Dan Čermák
2022-08-25 10:56:41 +02:00
parent d68eea6014
commit dcb4d43570
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile
View File

@ -285,8 +285,9 @@ vendor:
.PHONY: vendor-in-container
vendor-in-container:
podman run --privileged --rm --env HOME=/root \
podman run --rm --env HOME=/root \
-v $(CURDIR):/src -w /src \
--security-opt label=disable \
docker.io/library/golang:1.17 \
make vendor