From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 8 Jan 2024 10:32:27 +0000 (+0100)
Subject: Start virtiofsd with --security-label
X-Git-Tag: v20~9^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2250%2Fhead;p=thirdparty%2Fmkosi.git

Start virtiofsd with --security-label

This makes sure selinux relabeling works as expected when booting
off virtiofs
---

diff --git a/mkosi/qemu.py b/mkosi/qemu.py
index 68ed168be..fbf403b67 100644
--- a/mkosi/qemu.py
+++ b/mkosi/qemu.py
@@ -322,6 +322,9 @@ def start_virtiofsd(config: Config, directory: Path, *, uidmap: bool) -> Iterato
         "--sandbox=chroot",
     ]
 
+    if not uidmap:
+        cmdline += ["--security-label"]
+
     # We create the socket ourselves and pass the fd to virtiofsd to avoid race conditions where we start qemu
     # before virtiofsd has had the chance to create the socket (or where we try to chown it first).
     with (