Disable SELinux in disk and iso builder containers

Signed-off-by: David Cassany <[email protected]>

Makefile

@@ -91,15 +91,15 @@ pull-os:
 build-iso:
 	@echo Building $(ARCH) ISO
 	mkdir -p $(ROOT_DIR)/build
-	$(DOCKER) run --rm -v $(DOCKER_SOCK):$(DOCKER_SOCK) -v $(ROOT_DIR)/build:/build \
+	$(DOCKER) run --security-opt label:disable --rm -v $(DOCKER_SOCK):$(DOCKER_SOCK) -v $(ROOT_DIR)/build:/build \
 		--entrypoint /usr/bin/elemental $(TOOLKIT_REPO):$(VERSION) --debug build-iso --bootloader-in-rootfs -n elemental-$(FLAVOR).$(ARCH) \
 		--local --platform $(PLATFORM) -o /build $(REPO):$(VERSION)
 
 .PHONY: build-disk
 build-disk:
 	@echo Building $(ARCH) disk
 	mkdir -p $(ROOT_DIR)/build
-	$(DOCKER) run --rm -v $(DOCKER_SOCK):$(DOCKER_SOCK) -v $(ROOT_DIR)/build:/build \
+	$(DOCKER) run --security-opt label:disable --rm -v $(DOCKER_SOCK):$(DOCKER_SOCK) -v $(ROOT_DIR)/build:/build \
 		--entrypoint /usr/bin/elemental \
 		$(TOOLKIT_REPO):$(VERSION) --debug build-disk --platform $(PLATFORM) --expandable -n elemental-$(FLAVOR).$(ARCH) --local \
 		-o /build --system $(REPO):$(VERSION)

pkg/elemental/elemental.go

@@ -702,11 +702,6 @@ func ApplySELinuxLabels(c types.Config, rootDir string, bind map[string]string)
 		extraPaths = append(extraPaths, v)
 	}
 
-	err = utils.ChrootedCallback(&c, rootDir, bind, func() error { return SelinuxRelabel(c, "/", extraPaths...) })
-	if err != nil {
-		return err
-	}
-
 	contextsFile := filepath.Join(rootDir, cnst.SELinuxTargetedContextFile)
 	existsCon, _ := utils.Exists(c.Fs, contextsFile)
 
@@ -719,6 +714,11 @@ func ApplySELinuxLabels(c types.Config, rootDir string, bind map[string]string)
 		c.Logger.Debugf("SELinux setfiles output: %s", string(out))
 	}
 
+	err = utils.ChrootedCallback(&c, rootDir, bind, func() error { return SelinuxRelabel(c, "/", extraPaths...) })
+	if err != nil {
+		return err
+	}
+
 	return err
 }