From abee3c9619c2d366dc744e05f4a0456e9ad12e56 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Wed, 31 Jul 2024 16:45:47 -0400
Subject: [PATCH] Show SELinux label on failure

We are seeing EINVAL errors with container engines setting SELinux
labels. It would be helpful to see what Labels the engines are trying
to set.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 go-selinux/selinux_linux.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go
index b7462f1..25394e7 100644
--- a/go-selinux/selinux_linux.go
+++ b/go-selinux/selinux_linux.go
@@ -329,7 +329,7 @@ func lSetFileLabel(fpath string, label string) error {
 			break
 		}
 		if err != unix.EINTR {
-			return &os.PathError{Op: "lsetxattr", Path: fpath, Err: err}
+			return &os.PathError{Op: "lsetxattr", Path: fpath, Err: fmt.Errorf("label=%s: %w", label, err)}
 		}
 	}
 
@@ -348,7 +348,7 @@ func setFileLabel(fpath string, label string) error {
 			break
 		}
 		if err != unix.EINTR {
-			return &os.PathError{Op: "setxattr", Path: fpath, Err: err}
+			return &os.PathError{Op: "setxattr", Path: fpath, Err: fmt.Errorf("label=%s: %w", label, err)}
 		}
 	}