install: Drop code/test uses of --security-opt

We think this is unnecessary now; part of improving
the ergonomics of `bootc install` in general, but
especially with the `to-existing-root` path.

Once this lands, at some point later then we
can also remove it from all of the documentation.
But the most safe thing is to leave it in the
docs for a bit longer.

Closes: #928

Signed-off-by: Colin Walters <[email protected]>

Author: cgwalters

ostree-ext/.github/workflows/bootc.yml

@@ -59,7 +59,7 @@ jobs:
       - name: Integration tests
         run: |
           set -xeuo pipefail
-          sudo podman run --rm -ti --privileged -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \
+          sudo podman run --rm -ti --privileged -v ./usr/bin/bootc:/usr/bin/bootc --pid=host \
             quay.io/centos-bootc/centos-bootc-dev:stream9 bootc install to-filesystem \
             --karg=foo=bar --disable-selinux --replace=alongside /target
 

tests-integration/src/install.rs

@@ -11,15 +11,7 @@ use fn_error_context::context;
 use libtest_mimic::Trial;
 use xshell::{cmd, Shell};
 
-pub(crate) const BASE_ARGS: &[&str] = &[
-    "podman",
-    "run",
-    "--rm",
-    "--privileged",
-    "--pid=host",
-    "--security-opt",
-    "label=disable",
-];
+pub(crate) const BASE_ARGS: &[&str] = &["podman", "run", "--rm", "--privileged", "--pid=host"];
 
 // Arbitrary
 const NON_DEFAULT_STATEROOT: &str = "foo";

tests/e2e/bootc-install.sh

@@ -233,7 +233,6 @@ case "$TEST_CASE" in
             --rm \
             --privileged \
             --pid=host \
-            --security-opt label=type:unconfined_t \
             -v .:/output \
             "$TEST_IMAGE_URL" \
             bootc install to-disk --filesystem "$ROOTFS" --generic-image --via-loopback /output/disk.raw

tests/e2e/playbooks/install.yaml

@@ -54,7 +54,6 @@
          --privileged \
          --tls-verify=false \
          --pid=host \
-         --security-opt label=type:unconfined_t \
          {{ test_image_url }} \
          bootc install to-existing-root"
       become: true

tests/plugins/bootc-install.py

@@ -234,7 +234,6 @@ def _build_bootc_disk(self, containerimage: str, image_builder: str) -> None:
         tmt.utils.Command(
             "podman", "run", "--rm", "--privileged",
             "-v", f'{CONTAINER_STORAGE_DIR}:{CONTAINER_STORAGE_DIR}',
-            "--security-opt", "label=type:unconfined_t",
             "-v", f"{self.workdir}:/output",
             image_builder, "build",
             "--type", "qcow2",