Skip to content

configure.sh: Add option to disable SELinux labeling for container volumes #8019

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: proton_9.0
Choose a base branch
from
Open

configure.sh: Add option to disable SELinux labeling for container volumes #8019

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions Makefile.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1150,6 +1150,10 @@ else
override DOCKER_OPTS := $(CCACHE_ENV) -e CCACHE_DISABLE=1 $(DOCKER_OPTS)
endif

ifeq ($(DISABLE_LABELING),1)
override DOCKER_OPTS := --security-opt label=disable $(DOCKER_OPTS)
endif

export CARGO_HOME := $(if $(CARGO_HOME),$(CARGO_HOME),$(HOME)/.cargo)
override DOCKER_OPTS := -v $(CARGO_HOME):$(CARGO_HOME)$(CONTAINER_MOUNT_OPTS) -e CARGO_HOME=$(CARGO_HOME) $(DOCKER_OPTS)

Expand Down
13 changes: 12 additions & 1 deletion configure.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,14 +55,19 @@ check_container_engine() {
return 1
fi

label_opt=""
if [[ -n $arg_disable_labeling ]]; then
label_opt="--security-opt label=disable"
fi
touch permission_check
local inner_uid="$($1 run -v "$(pwd):/test$CONTAINER_MOUNT_OPTS" \
$label_opt \
--rm $2 \
stat --format "%u" /test/permission_check 2>&1)"
rm permission_check

if [[ $inner_uid == *"Permission denied"* ]]; then
err "The container cannot access files. Are you using SELinux?"
err "The container cannot access files. If you're using SELinux, try passing --disable-labeling or --relabel-volumes."
die "Please read README.md and check your $1 setup works."
elif [ "$inner_uid" -eq 0 ]; then
# namespace maps the user as root or the build is performed as host's root
Expand Down Expand Up @@ -164,6 +169,9 @@ function configure() {
if [[ -n "$arg_docker_opts" ]]; then
echo "DOCKER_OPTS := $arg_docker_opts"
fi
if [[ -n "$arg_disable_labeling" ]]; then
echo "DISABLE_LABELING := 1"
fi
if [[ -n "$CONTAINER_MOUNT_OPTS" ]]; then
echo "CONTAINER_MOUNT_OPTS := $CONTAINER_MOUNT_OPTS"
fi
Expand Down Expand Up @@ -191,6 +199,7 @@ arg_protonsdk_image=""
arg_build_name=""
arg_container_engine=""
arg_docker_opts=""
arg_disable_labeling=""
arg_relabel_volumes=""
arg_enable_ccache=""
arg_enable_bear=""
Expand Down Expand Up @@ -238,6 +247,8 @@ function parse_args() {
val_used=1
elif [[ $arg = --relabel-volumes ]]; then
arg_relabel_volumes="1"
elif [[ $arg = --disable-labeling ]]; then
arg_disable_labeling="1"
elif [[ $arg = --enable-ccache ]]; then
arg_enable_ccache="1"
elif [[ $arg = --enable-bear ]]; then
Expand Down