Show SELinux label on failure

We are seeing EINVAL errors with container engines setting SELinux labels. It would be helpful to see what Labels the engines are trying to set. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
opencontainers · Aug 2, 2024 · 2f20e83 · 2f20e83
1 parent bb1ec25
commit 2f20e83
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go
@@ -329,7 +329,7 @@ func lSetFileLabel(fpath string, label string) error {
 			break
 		}
 		if err != unix.EINTR {
-			return &os.PathError{Op: "lsetxattr", Path: fpath, Err: err}
+			return &os.PathError{Op: fmt.Sprintf("lsetxattr(label=%q)", label), Path: fpath, Err: err}
 		}
 	}
 
@@ -348,7 +348,7 @@ func setFileLabel(fpath string, label string) error {
 			break
 		}
 		if err != unix.EINTR {
-			return &os.PathError{Op: "setxattr", Path: fpath, Err: err}
+			return &os.PathError{Op: fmt.Sprintf("setxattr(label=%q)", label), Path: fpath, Err: err}
 		}
 	}