From 333c985cad0977150b1612fd2b1a1e6261f56b77 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
Date: Tue, 8 Mar 2022 11:10:02 +0200
Subject: [PATCH] containerd: Enable SELinux labeling support by default

This enables containerd to do appropriate SELinux labeling of containers
and files by default. This should not be problematic as Flatcar ships with
SELinux permissive by default.

Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
---
 .../coreos-overlay/app-emulation/containerd/files/config.toml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/files/config.toml b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/files/config.toml
index b5459b93db..c6b44e6634 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/files/config.toml
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/files/config.toml
@@ -27,6 +27,10 @@ runtime = "runc"
 # live restore is not supported
 no_shim = false
 
+[plugins."io.containerd.grpc.v1.cri"]
+# enable SELinux labeling
+enable_selinux = true
+
 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
 # setting runc.options unsets parent settings
 runtime_type = "io.containerd.runc.v2"