From f7263399b9146a43b988e011d986d18d180414d2 Mon Sep 17 00:00:00 2001
From: Vladimir Romashchenko
 <52473614+eaglesemanation@users.noreply.github.com>
Date: Fri, 26 Nov 2021 00:18:31 -0500
Subject: [PATCH] feat: SELinux lables for --bind (#906)

---
 go.mod                    | 1 +
 go.sum                    | 2 ++
 pkg/runner/run_context.go | 5 +++++
 3 files changed, 8 insertions(+)

diff --git a/go.mod b/go.mod
index ebbb1c67cfb..81f8cb7a5aa 100644
--- a/go.mod
+++ b/go.mod
@@ -29,6 +29,7 @@ require (
 	github.com/moby/buildkit v0.9.2
 	github.com/opencontainers/image-spec v1.0.1
 	github.com/opencontainers/runc v1.0.2 // indirect
+	github.com/opencontainers/selinux v1.10.0
 	github.com/pkg/errors v0.9.1
 	github.com/robertkrimen/otto v0.0.0-20210614181706-373ff5438452
 	github.com/sabhiram/go-gitignore v0.0.0-20201211210132-54b8a0bf510f
diff --git a/go.sum b/go.sum
index 9c27908730c..fd6632209ac 100644
--- a/go.sum
+++ b/go.sum
@@ -956,6 +956,8 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo
 github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
 github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
 github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
+github.com/opencontainers/selinux v1.10.0 h1:rAiKF8hTcgLI3w0DHm6i0ylVVcOrlgR1kK99DRLDhyU=
+github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
 github.com/opentracing-contrib/go-stdlib v1.0.0/go.mod h1:qtI1ogk+2JhVPIXVc6q+NHziSmy2W5GbdQZFUHADCBU=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
diff --git a/pkg/runner/run_context.go b/pkg/runner/run_context.go
index b7e7a17112b..40a65f22365 100755
--- a/pkg/runner/run_context.go
+++ b/pkg/runner/run_context.go
@@ -17,6 +17,8 @@ import (
 	"github.com/mitchellh/go-homedir"
 	log "github.com/sirupsen/logrus"
 
+	selinux "github.com/opencontainers/selinux/go-selinux"
+
 	"github.com/nektos/act/pkg/common"
 	"github.com/nektos/act/pkg/container"
 	"github.com/nektos/act/pkg/model"
@@ -90,6 +92,9 @@ func (rc *RunContext) GetBindsAndMounts() ([]string, map[string]string) {
 		if runtime.GOOS == "darwin" {
 			bindModifiers = ":delegated"
 		}
+		if selinux.GetEnabled() {
+			bindModifiers = ":z"
+		}
 		binds = append(binds, fmt.Sprintf("%s:%s%s", rc.Config.Workdir, rc.Config.ContainerWorkdir(), bindModifiers))
 	} else {
 		mounts[name] = rc.Config.ContainerWorkdir()