readlinkfs: ignore security.selinux xattrs

Packages built on a host with selinux enabled will inherit filesytem xattr labels from the host and result in 'operation not permitted' errors when installed in an unpriv'd docker container. fixes #787
chainguard-dev · Oct 25, 2023 · bc5a41d · bc5a41d
1 parent df84354
commit bc5a41d
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/pkg/build/readlinkfs.go b/pkg/build/readlinkfs.go
@@ -93,6 +93,7 @@ func stringsFromByteSlice(buf []byte) []string {
 var xattrIgnoreList = map[string]bool{
 	"com.apple.provenance": true,
 	"security.csm":         true,
+	"security.selinux":     true,
 }
 
 func (f *rlfs) ListXattrs(path string) (map[string][]byte, error) {