From 5bdefc7e0241c7e0d35b1bee47d27fd765a0535d Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Wed, 31 Jul 2024 16:45:47 -0400
Subject: [PATCH] Show SELinux label on failure

We are seeing EINVAL errors with container engines setting SELinux
labels. It would be helpful to see what Labels the engines are trying
to set.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 go-selinux/selinux_linux.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go
index b7462f1..c80c109 100644
--- a/go-selinux/selinux_linux.go
+++ b/go-selinux/selinux_linux.go
@@ -329,7 +329,7 @@ func lSetFileLabel(fpath string, label string) error {
 			break
 		}
 		if err != unix.EINTR {
-			return &os.PathError{Op: "lsetxattr", Path: fpath, Err: err}
+			return &os.PathError{Op: fmt.Sprintf("lsetxattr(label=%s)", label), Path: fpath, Err: err}
 		}
 	}
 
@@ -348,7 +348,7 @@ func setFileLabel(fpath string, label string) error {
 			break
 		}
 		if err != unix.EINTR {
-			return &os.PathError{Op: "setxattr", Path: fpath, Err: err}
+			return &os.PathError{Op: fmt.Sprintf("setxattr(label=%s)", label), Path: fpath, Err: err}
 		}
 	}