From df129308316475d1b6d29e63e52c66ff3d090516 Mon Sep 17 00:00:00 2001
From: "Jose R. Gonzalez" <jose@flutes.dev>
Date: Wed, 5 Jul 2023 11:41:44 -0500
Subject: [PATCH] add selinux labeling for the mounted kubeconfig

Signed-off-by: Jose R. Gonzalez <jose@flutes.dev>
---
 tests/tests/functional/chart_test.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/tests/functional/chart_test.py b/tests/tests/functional/chart_test.py
index 6f2b3229..4e0e6d9d 100644
--- a/tests/tests/functional/chart_test.py
+++ b/tests/tests/functional/chart_test.py
@@ -299,20 +299,20 @@ def run_verify_podman_image(verifier_image_name,verifier_image_tag,profile_type,
 
     if chart_location.startswith('http:/') or chart_location.startswith('https:/'):
         if pgp_location:
-            out = subprocess.run(["podman", "run", "-v", f"{kubeconfig}:/kubeconfig", "-e", "KUBECONFIG=/kubeconfig", "--rm",
+            out = subprocess.run(["podman", "run", "-v", f"{kubeconfig}:/kubeconfig:z", "-e", "KUBECONFIG=/kubeconfig", "--rm",
                                   f"{verifier_image_name}:{verifier_image_tag}", "verify", "--set", f"profile.vendortype={profile_type}","--pgp-public-key",public_key_location,chart_location], capture_output=True)
         else:
-            out = subprocess.run(["podman", "run", "-v", f"{kubeconfig}:/kubeconfig", "-e", "KUBECONFIG=/kubeconfig", "--rm",
+            out = subprocess.run(["podman", "run", "-v", f"{kubeconfig}:/kubeconfig:z", "-e", "KUBECONFIG=/kubeconfig", "--rm",
                           f"{verifier_image_name}:{verifier_image_tag}", "verify", "--set", f"profile.vendortype={profile_type}", chart_location], capture_output=True)
     else:
         chart_directory = os.path.dirname(os.path.abspath(chart_location))
         chart_name = os.path.basename(os.path.abspath(chart_location))
         if pgp_key_location:
             pgp_key_name = os.path.basename(os.path.abspath(pgp_key_location))
-            out = subprocess.run(["podman", "run", "-v", f"{chart_directory}:/charts:z", "-v", f"{kubeconfig}:/kubeconfig", "-e", "KUBECONFIG=/kubeconfig", "--rm",
+            out = subprocess.run(["podman", "run", "-v", f"{chart_directory}:/charts:z", "-v", f"{kubeconfig}:/kubeconfig:z", "-e", "KUBECONFIG=/kubeconfig", "--rm",
                                   f"{verifier_image_name}:{verifier_image_tag}", "verify", "--set", f"profile.vendortype={profile_type}","--pgp-public-key",f"/charts/{pgp_key_name}",f"/charts/{chart_name}"], capture_output=True)
         else:
-            out = subprocess.run(["podman", "run", "-v", f"{chart_directory}:/charts:z", "-v", f"{kubeconfig}:/kubeconfig", "-e", "KUBECONFIG=/kubeconfig", "--rm",
+            out = subprocess.run(["podman", "run", "-v", f"{chart_directory}:/charts:z", "-v", f"{kubeconfig}:/kubeconfig:z", "-e", "KUBECONFIG=/kubeconfig", "--rm",
                               f"{verifier_image_name}:{verifier_image_tag}", "verify", "--set", f"profile.vendortype={profile_type}", f"/charts/{chart_name}"], capture_output=True)
 
     return out.stdout.decode("utf-8")