From 503dbb30754f7b6e6b3927e09e4871598587663c Mon Sep 17 00:00:00 2001
From: Sami Altamimi <139174515+saminaltamimi@users.noreply.github.com>
Date: Thu, 6 Nov 2025 11:54:36 -0600
Subject: [PATCH] Build with more privileged permissions

Bootc upstream currently recommends the following:

`--cap-add=all --security-opt=label=type:container_runtime_t --device /dev/fuse`

If you look at the corresponding issue (https://gitlab.com/fedora/bootc/base-images/-/issues/43)

it becomes clear that `--userns=host --security-opt=label=type:container_runtime_t` will suffice.

Although the image builds now, following upstream guidance (especially if you're like me and you change the Containerfile) is probably better.
---
 Justfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Justfile b/Justfile
index 65308b6..8984cff 100644
--- a/Justfile
+++ b/Justfile
@@ -4,7 +4,7 @@ base_dir := env("BUILD_BASE_DIR", ".")
 filesystem := env("BUILD_FILESYSTEM", "ext4")
 
 build-containerfile $image_name=image_name:
-    sudo podman build -t "${image_name}:latest" .
+    sudo podman build -t "${image_name}:latest" . --userns=host --security-opt=label=type:container_runtime_t
 
 bootc *ARGS:
     sudo podman run \