From a0a0d5663b31329b4d8b051e4b9647fdac9bcc81 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 8 Jan 2024 11:32:27 +0100
Subject: [PATCH] Start virtiofsd with --security-label

This makes sure selinux relabeling works as expected when booting
off virtiofs
---
 mkosi/qemu.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mkosi/qemu.py b/mkosi/qemu.py
index 68ed168be..fbf403b67 100644
--- a/mkosi/qemu.py
+++ b/mkosi/qemu.py
@@ -322,6 +322,9 @@ def start_virtiofsd(config: Config, directory: Path, *, uidmap: bool) -> Iterato
         "--sandbox=chroot",
     ]
 
+    if not uidmap:
+        cmdline += ["--security-label"]
+
     # We create the socket ourselves and pass the fd to virtiofsd to avoid race conditions where we start qemu
     # before virtiofsd has had the chance to create the socket (or where we try to chown it first).
     with (
-- 
2.47.2