Ignore SELinux relabel on unsupported file systems

We were ignoreing relabel requests on certain unsupported file systems and not on others, this changes to consistently logrus.Debug ENOTSUP file systems. Fixes: https://github.com/containers/podman/discussions/20745 Still needs some work on the Buildah side. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-10-17 19:24:04 +08:00 · 2023-11-22 08:53:55 -05:00
parent b7ca114078
commit ddd6cdfd77
6 changed files with 49 additions and 7 deletions
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@ -440,7 +440,10 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
 		// this is important, otherwise the iptables command will fail
 		err = label.Relabel(runDir, "system_u:object_r:iptables_var_run_t:s0", false)
 		if err != nil {
-			return nil, fmt.Errorf("could not create relabel rootless-netns run directory: %w", err)
+			if !errors.Is(err, unix.ENOTSUP) {
+				return nil, fmt.Errorf("could not create relabel rootless-netns run directory: %w", err)
+			}
+			logrus.Debugf("Labeling not supported on %q", runDir)
 		}
 		// create systemd run directory
 		err = os.MkdirAll(filepath.Join(runDir, "systemd"), 0700)