Received: from mail-vs1-f45.google.com (mail-vs1-f45.google.com [209.85.217.45])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 67F5C782CD0
	for <~alpine/devel@lists.alpinelinux.org>; Wed, 19 May 2021 04:32:30 +0000 (UTC)
Received: by mail-vs1-f45.google.com with SMTP id i29so369012vsr.11
        for <~alpine/devel@lists.alpinelinux.org>; Tue, 18 May 2021 21:32:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=Q6yKj2RkIH0N0B40if9vxCg95Fw3Zi58WFIsK9R1k7M=;
        b=aThvYqxkV/53b4zBdMGFAQ1ZeqZZij2y4paIHBxDCS1IUyAsKG8hYsiK/QN6kI1KU0
         SNBJJUGd1dzznSDC3+fqNeXhSr+lun4Zj1bfFdQy86QDVqkBHuCL8jL+O67nQOTDOf1w
         ZmrsBwsJxTllfDXFyIuZFVM//atkpwXUBsxl6xohSQ7Z+Hg89VCHfRP4fxbCVCL+YdO3
         NkCFiMokFnd/CYQzQA4HRE2hRkhyVZw+nUWE6VslhRs7b4dt5dZxpamq15IQQlEIYepo
         DKRjgnHB1gkIBwvT4CeQdSiRk8ZfCO4tmi5tID6bWAo4jz+o3YbwWLvq37VSVn286Csn
         LQ4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=Q6yKj2RkIH0N0B40if9vxCg95Fw3Zi58WFIsK9R1k7M=;
        b=A+io5ehsFHVNLmR/AIkdBo2I4TNyeKDelhbs5WPV8WhXLwFOnNdL1Wtvc/tvvhm6h6
         z+njCgTBACHjD19SfpWCiMq9/nqQE1jY1+KVtoeF1zIZ7/4GgNbJjDQFdx+oVINWMpuw
         y3QnCg2eNhwpP7rDYOu1ZmJz8kR7bnfvD/L3sbNWWRXZHbE+9H8E6ChRr8SqYWBIWsGS
         lFEB5gXob1RiJ4tdeXlDht9dl2AKun4814yhK9KY0mz9dSOHudNe+ryDrYHfVyUoArf7
         1tYSlm9AJXsWuZZM7uj0U4M2xmIG7noE4ikFP/2oWeida3RoO0WPWVf5cNZPuV5v2FIS
         REDA==
X-Gm-Message-State: AOAM530k2THdJZh06shd90n3uhbbe3y67pkG/pJk2+Jl8Uc77DhmLNlH
	dN0QCH73grQtcbwrYYfzQn2D6XZONSxxavKWk2g=
X-Google-Smtp-Source: ABdhPJwalsEEaW3C1G+U0O8yR8KjNEpdG0q3Hum2CyeLVPHJK/5f1P9jzEQJgR87Et3tx6GdV1Vl55ySW0CKyNg7JLg=
X-Received: by 2002:a67:5e07:: with SMTP id s7mr11378635vsb.32.1621398749182;
 Tue, 18 May 2021 21:32:29 -0700 (PDT)
MIME-Version: 1.0
References: <CA+gy4ieuXLuQddxmPuiucyZbut=14cR8tgmGrh0qE9qLDBivmg@mail.gmail.com>
 <20210505091919.5257051e@vostro> <CA+gy4ifNQ0L2ji-tOoqYv0LQgJ0QwPc6_m5rTyr=UMGeAakfUA@mail.gmail.com>
 <1f35d58e-12df-4e2a-61ae-4b75be6164ca@dereferenced.org>
In-Reply-To: <1f35d58e-12df-4e2a-61ae-4b75be6164ca@dereferenced.org>
From: Ross Younger <crazyscot@gmail.com>
Date: Wed, 19 May 2021 16:32:18 +1200
Message-ID: <CA+gy4ic8+wsgmiQrsLVyb_XVepz+uofet5w0L2cnJmtO-r8GvQ@mail.gmail.com>
Subject: Re: Containerised APK builds and security xattrs
To: Ariadne Conill <ariadne@dereferenced.org>
Cc: Timo Teras <timo.teras@iki.fi>, ~alpine/devel@lists.alpinelinux.org
Content-Type: text/plain; charset="UTF-8"

Hi,

On Thu, 6 May 2021 at 02:26, Ariadne Conill <ariadne@dereferenced.org> wrote:
> Alpine itself does not use SELinux, so there should not be anything in
> abuild adding selinux label attributes to anything.

The obvious workaround seems to be to patch abuild to not include
selinux labels in built packages. This certainly fits my use case, and
is almost trivial:
https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/99

> It might be worth it
> to see why SELinux labels from the host environment are leaking into the
> container FS?  If you can stop that somehow, it would save you a lot of
> time.

Unfortunately, I was not able to persuade Bitbucket to make any changes here.

Ross