fixup! fix: only set SELinux labels when enabled

siderolabs · Sep 2, 2024 · ce5d242 · ce5d242
1 parent ffcec42
commit ce5d242
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/internal/pkg/mount/v2/mount.go b/internal/pkg/mount/v2/mount.go
@@ -15,6 +15,8 @@ import (
 
 	"github.com/siderolabs/go-retry/retry"
 	"golang.org/x/sys/unix"
+
+	"github.com/siderolabs/talos/internal/pkg/selinux"
 )
 
 // Point represents a mount point.
@@ -228,8 +230,11 @@ func (p *Point) mount() error {
 
 	if p.selinuxLabel != "" {
 		fmt.Printf("relabeling mount %s to %s\n", p.target, p.selinuxLabel)
-		return unix.Setxattr(p.target, "security.selinux", []byte(p.selinuxLabel), 0)
+
+		return selinux.SetLabel(p.target, p.selinuxLabel)
 	}
+
+	return nil
 }
 
 func (p *Point) unmount(printer func(string, ...any)) error {