From 49f8a4224cc22f94169cfb70d30d8afffa2e319a Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Sun, 10 May 2020 16:19:42 +0200
Subject: [PATCH] SELinux: fix ENOTSUP errors not being detected when
 relabeling

Commit 12c7541f1f2d616967f9eecce182789de7e2a238 updated the
opencontainers/selinux dependency to v1.3.1, which had a breaking
change in the errors that were returned.

Before v1.3.1, the "raw" `syscall.ENOTSUP` was returned if the
underlying filesystem did not support xattrs, but later versions
wrapped the error, which caused our detection to fail.

This patch uses `errors.Is()` to check for the underlying error.
This requires github.com/pkg/errors v0.9.1 or above (older versions
could use `errors.Cause()`, but are not compatible with "native"
wrapping of errors in Go 1.13 and up, and could potentially cause
these errors to not being detected again.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 container/container_unix.go | 3 +--
 volume/mounts/mounts.go     | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/container/container_unix.go b/container/container_unix.go
index 8ab86121d9..d5c9837532 100644
--- a/container/container_unix.go
+++ b/container/container_unix.go
@@ -20,7 +20,6 @@ import (
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
 )
 
 const (
@@ -147,7 +146,7 @@ func (container *Container) CopyImagePathContent(v volume.Volume, destination st
 			logrus.Warnf("error while unmounting volume %s: %v", v.Name(), err)
 		}
 	}()
-	if err := label.Relabel(path, container.MountLabel, true); err != nil && err != unix.ENOTSUP {
+	if err := label.Relabel(path, container.MountLabel, true); err != nil && !errors.Is(err, syscall.ENOTSUP) {
 		return err
 	}
 	return copyExistingContents(rootfs, path)
diff --git a/volume/mounts/mounts.go b/volume/mounts/mounts.go
index 5bf169f6e0..c441e51ed9 100644
--- a/volume/mounts/mounts.go
+++ b/volume/mounts/mounts.go
@@ -113,7 +113,7 @@ func (m *MountPoint) Setup(mountLabel string, rootIDs idtools.Identity, checkFun
 			return
 		}
 		err = label.Relabel(sourcePath, mountLabel, label.IsShared(m.Mode))
-		if err == syscall.ENOTSUP {
+		if errors.Is(err, syscall.ENOTSUP) {
 			err = nil
 		}
 		if err != nil {