From cf27f80cd97c89b9298270a48b0606956afd2785 Mon Sep 17 00:00:00 2001
From: claude-veilor-bot <279801990+s8n-ru@users.noreply.github.com>
Date: Wed, 6 May 2026 21:08:59 +0100
Subject: [PATCH] ci(bluebuild): --security-opt label=disable +
 seccomp=unconfined for files module

BlueBuild's files module fails with 'chmod: Operation not permitted' on
its own bind-mounted /tmp/modules/files/files.sh when run under podman.
Disable SELinux relabeling + seccomp filter on the bluebuild CLI
container so its nested buildah can chmod inside layer mounts.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .github/workflows/build-bluebuild.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build-bluebuild.yml b/.github/workflows/build-bluebuild.yml
index ca8fef6..815092b 100644
--- a/.github/workflows/build-bluebuild.yml
+++ b/.github/workflows/build-bluebuild.yml
@@ -178,6 +178,8 @@ jobs:
 
           podman run --rm \
             --privileged \
+            --security-opt label=disable \
+            --security-opt seccomp=unconfined \
             --entrypoint /usr/bin/bluebuild \
             -v "$PWD:/work" \
             -v /var/lib/containers/storage:/var/lib/containers/storage \