install: Drop code/test uses of --security-opt

We think this is unnecessary now; part of improving the ergonomics of `bootc install` in general, but especially with the `to-existing-root` path. Once this lands, at some point later then we can also remove it from all of the documentation. But the most safe thing is to leave it in the docs for a bit longer. Closes: containers#928 Signed-off-by: Colin Walters <[email protected]>
cgwalters · Dec 2, 2024 · 6b62ba1 · 6b62ba1
1 parent 5ad7494
commit 6b62ba1
Show file tree

Hide file tree

Showing 5 changed files with 2 additions and 13 deletions.
diff --git a/ostree-ext/.github/workflows/bootc.yml b/ostree-ext/.github/workflows/bootc.yml
@@ -59,7 +59,7 @@ jobs:
       - name: Integration tests
         run: |
           set -xeuo pipefail
-          sudo podman run --rm -ti --privileged -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \
+          sudo podman run --rm -ti --privileged -v ./usr/bin/bootc:/usr/bin/bootc --pid=host \
             quay.io/centos-bootc/centos-bootc-dev:stream9 bootc install to-filesystem \
             --karg=foo=bar --disable-selinux --replace=alongside /target
 
diff --git a/tests-integration/src/install.rs b/tests-integration/src/install.rs
@@ -11,15 +11,7 @@ use fn_error_context::context;
 use libtest_mimic::Trial;
 use xshell::{cmd, Shell};
 
-pub(crate) const BASE_ARGS: &[&str] = &[
-    "podman",
-    "run",
-    "--rm",
-    "--privileged",
-    "--pid=host",
-    "--security-opt",
-    "label=disable",
-];
+pub(crate) const BASE_ARGS: &[&str] = &["podman", "run", "--rm", "--privileged", "--pid=host"];
 
 // Arbitrary
 const NON_DEFAULT_STATEROOT: &str = "foo";

diff --git a/tests/e2e/bootc-install.sh b/tests/e2e/bootc-install.sh
@@ -233,7 +233,6 @@ case "$TEST_CASE" in
             --rm \
             --privileged \
             --pid=host \
-            --security-opt label=type:unconfined_t \
             -v .:/output \
             "$TEST_IMAGE_URL" \
             bootc install to-disk --filesystem "$ROOTFS" --generic-image --via-loopback /output/disk.raw

diff --git a/tests/e2e/playbooks/install.yaml b/tests/e2e/playbooks/install.yaml
@@ -54,7 +54,6 @@
          --privileged \
          --tls-verify=false \
          --pid=host \
-         --security-opt label=type:unconfined_t \
          {{ test_image_url }} \
          bootc install to-existing-root"
       become: true

diff --git a/tests/plugins/bootc-install.py b/tests/plugins/bootc-install.py
@@ -234,7 +234,6 @@ def _build_bootc_disk(self, containerimage: str, image_builder: str) -> None:
         tmt.utils.Command(
             "podman", "run", "--rm", "--privileged",
             "-v", f'{CONTAINER_STORAGE_DIR}:{CONTAINER_STORAGE_DIR}',
-            "--security-opt", "label=type:unconfined_t",
             "-v", f"{self.workdir}:/output",
             image_builder, "build",
             "--type", "qcow2",