ci(bluebuild): --security-opt label=disable + seccomp=unconfined for files module

BlueBuild's files module fails with 'chmod: Operation not permitted' on its own bind-mounted /tmp/modules/files/files.sh when run under podman. Disable SELinux relabeling + seccomp filter on the bluebuild CLI container so its nested buildah can chmod inside layer mounts. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-06 21:08:59 +01:00 · 2026-05-06 21:08:59 +01:00 · cf27f80cd9
commit cf27f80cd9
parent 77aa6a7287
1 changed files with 2 additions and 0 deletions
--- a/.github/workflows/build-bluebuild.yml
+++ b/.github/workflows/build-bluebuild.yml
@ -178,6 +178,8 @@ jobs:
          podman run --rm \
            --privileged \
            --security-opt label=disable \
            --security-opt seccomp=unconfined \
            --entrypoint /usr/bin/bluebuild \
            -v "$PWD:/work" \
            -v /var/lib/containers/storage:/var/lib/containers/storage \