Skip to content

fix: add --security-opt label=disable to buildah from (2026.2)#114

Merged
k-rister merged 2 commits into
2026.2from
selinux-buildah-fix-2026.2
May 8, 2026
Merged

fix: add --security-opt label=disable to buildah from (2026.2)#114
k-rister merged 2 commits into
2026.2from
selinux-buildah-fix-2026.2

Conversation

@k-rister
Copy link
Copy Markdown
Contributor

@k-rister k-rister commented May 7, 2026

Summary

Backport exit code cleanup and SELinux buildah fix to 2026.2. Fixes DNS resolution failures during engine image builds on systems with SELinux enforcing.

Adds --security-opt label=disable to buildah from to prevent SELinux MCS category mismatch when buildah runs inside a podman container.

Test plan

  • Build an engine image on a system with SELinux enforcing
  • Verify DNS resolution works inside the buildah chroot

🤖 Generated with Claude Code

k-rister and others added 2 commits May 7, 2026 16:59
@k-rister @claude
feat: replace dead exit codes with UNAVAILABLE markers
2bf7fee 
Replace 26 exit codes inherited from workshop.pl that are no longer
used in the Python implementation with sequentially numbered
UNAVAILABLE_N entries. Preserves numeric values to prevent reuse and
maintain stable exit code semantics.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@k-rister @claude
fix: add --security-opt label=disable to buildah from
d9ea6ff 
Prevents SELinux MCS category mismatch when buildah runs inside a
podman container. Without this, the nested buildah container gets
different MCS labels than the outer container, blocking access to
/etc/resolv.conf and causing DNS resolution failures during image
builds.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@k-rister k-rister self-assigned this May 7, 2026
@k-rister k-rister requested a review from a team May 7, 2026 22:00
@project-crucible-tracking project-crucible-tracking Bot moved this to In Progress in Crucible Tracking May 7, 2026
@k-rister k-rister merged commit 1532a78 into 2026.2 May 8, 2026
2 checks passed
@k-rister k-rister deleted the selinux-buildah-fix-2026.2 branch May 8, 2026 15:05
@github-project-automation github-project-automation Bot moved this from In Progress to Done in Crucible Tracking May 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@atheurer atheurer atheurer approved these changes

Assignees

@k-rister k-rister

Labels

None yet

Projects

Crucible Tracking
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@k-rister @atheurer