From b7f3176614e70ff2e39f2fd27c75782611b6b8ea Mon Sep 17 00:00:00 2001
From: Allison Karlitskaya <allison.karlitskaya@redhat.com>
Date: Tue, 17 May 2022 14:13:31 +0200
Subject: [PATCH] services.setup: workaround podman symlink relabelling bug

---
 images/scripts/services.setup | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/images/scripts/services.setup b/images/scripts/services.setup
index b4e40f5074..9af3ce4838 100755
--- a/images/scripts/services.setup
+++ b/images/scripts/services.setup
@@ -35,6 +35,12 @@ EOF
 chmod 755 /root/run-freeipa
 /root/run-freeipa
 
+# HACK: Podman fails to relabel symlinks properly, accidentally relabelling their targets instead
+# https://github.com/opencontainers/selinux/pull/173
+# Disable relabelling for subsequent runs and make SELinux permissive.
+sed -i 's/data:Z/data/' /root/run-freeipa
+sed -i 's/enforcing/permissive/' /etc/selinux/config
+
 podman logs -f freeipa &
 LOGS=$!