Description
When using VS Code with Podman + SELinux, VS Code currently detects an SELinux-enabled environment by calling getenforce and checking .Host.Security.SELinuxEnabled. If VS Code is running inside a Flatpak, getenforce inside the Flatpak returns "Disabled" even though the host is "Enforcing". That makes VS Code think SELinux is not enabled and it does not pass label=disable, causing permission/SELinux denial issues when building containers with features. If I manually make getenforce return "Enforcing" inside the Flatpak, detection succeeds and the container build works.
Environment
- Host OS: Fedora (or another SELinux‑enforcing distribution).
- VS Code as Flatpak: com.visualstudio.code + com.visualstudio.code.tool.podman.
- Podman version: 5.6.1
- VS Code version: 1.102.1
Steps to reproduce
- Click "Dev Containers: Reopen in Container" from VS Code.
Actual behavior
- Inside a Flatpak sandbox, getenforce reports Disabled and detection fails, so label=disable is not set and builds fail.
Expected behavior
- VS Code should correctly detect the host SELinux state when running inside Flatpak sandboxes and pass label=disable when necessary to avoid SELinux denial issues with Podman.
Suggested fixes / discussion
- Consider additional detection strategies when running inside Flatpak.
Description
When using VS Code with Podman + SELinux, VS Code currently detects an SELinux-enabled environment by calling getenforce and checking .Host.Security.SELinuxEnabled. If VS Code is running inside a Flatpak, getenforce inside the Flatpak returns "Disabled" even though the host is "Enforcing". That makes VS Code think SELinux is not enabled and it does not pass label=disable, causing permission/SELinux denial issues when building containers with features. If I manually make getenforce return "Enforcing" inside the Flatpak, detection succeeds and the container build works.
Environment
Steps to reproduce
Actual behavior
Expected behavior
Suggested fixes / discussion