From 5020cfe91c825a6c936d6a22bebfb0280cc27e9f Mon Sep 17 00:00:00 2001
From: Aditya R <arajan@redhat.com>
Date: Fri, 1 Apr 2022 11:29:54 +0530
Subject: [PATCH] selinux: don't use lsetxattr on /proc/self/fd/%d

lsetxattr always fails with ENOTSUP when it tries to relabel
/proc/self/fd/%d but in this case we are acutally intrested on the
actual file pointed by the `/proc/self/fd/%d` not in the `symlink` so use `Chcon` instead of
`Relabel` since `Relabel` was configured here https://github.com/opencontainers/selinux/pull/173
to use `lsetxattr` instead of `setxattr`.

[ NO NEW TESTS NEEDED ]
[ NO TEST NEEDED ]

Signed-off-by: Aditya R <arajan@redhat.com>
---
 selinux.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/selinux.go b/selinux.go
index e7e9fd8c27e..67fd0c4ee2e 100644
--- a/selinux.go
+++ b/selinux.go
@@ -7,7 +7,6 @@ import (
 
 	"github.com/opencontainers/runtime-tools/generate"
 	selinux "github.com/opencontainers/selinux/go-selinux"
-	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 )
 
@@ -33,7 +32,7 @@ func runLabelStdioPipes(stdioPipe [][]int, processLabel, mountLabel string) erro
 	}
 	for i := range stdioPipe {
 		pipeFdName := fmt.Sprintf("/proc/self/fd/%d", stdioPipe[i][0])
-		if err := label.Relabel(pipeFdName, pipeContext, false); err != nil {
+		if err := selinux.Chcon(pipeFdName, pipeContext, false); err != nil {
 			return errors.Wrapf(err, "setting file label on %q", pipeFdName)
 		}
 	}