Merge pull request #17546 from runcom/backport-17094

Automatic merge from submit-queue.

[release-3.7] setup selinux labels for build containers

back ports #17094 to `release-3.7`

@smarterclayton PTAL

Author: openshift-merge-robot

pkg/build/builder/docker.go

@@ -313,6 +313,11 @@ func (d *DockerBuilder) dockerBuild(dir string, tag string, secrets []buildapi.S
 	}
 	opts.NetworkMode = network
 	if len(resolvConfHostPath) != 0 {
+		cmd := exec.Command("chcon", "system_u:object_r:svirt_sandbox_file_t:s0", "/etc/resolv.conf")
+		err := cmd.Run()
+		if err != nil {
+			return fmt.Errorf("unable to set permissions on /etc/resolv.conf: %v", err)
+		}
 		opts.BuildBinds = fmt.Sprintf("[\"%s:/etc/resolv.conf\"]", resolvConfHostPath)
 	}
 	// Though we are capped on memory and cpu at the cgroup parent level,

pkg/build/builder/sti.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"net/url"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"strings"
 	"time"
@@ -203,6 +204,11 @@ func (s *S2IBuilder) Build() error {
 	}
 
 	if len(resolvConfHostPath) != 0 {
+		cmd := exec.Command("chcon", "system_u:object_r:svirt_sandbox_file_t:s0", "/etc/resolv.conf")
+		err := cmd.Run()
+		if err != nil {
+			return fmt.Errorf("unable to set permissions on /etc/resolv.conf: %v", err)
+		}
 		config.BuildVolumes = []string{fmt.Sprintf("%s:/etc/resolv.conf", resolvConfHostPath)}
 	}