From e8285fb2bfb073b68d028113e42221de3581fc8d Mon Sep 17 00:00:00 2001
From: Achilleas Koutsou <achilleas@koutsou.net>
Date: Mon, 31 Oct 2022 20:42:02 +0100
Subject: [PATCH] manifest: set selinux labels for cp and tar conditionally

Only label cp and tar if they're found in the list of packages for the
build root.
---
 internal/manifest/build.go | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/internal/manifest/build.go b/internal/manifest/build.go
index 8b8f4fb1c..7cfc24ca1 100644
--- a/internal/manifest/build.go
+++ b/internal/manifest/build.go
@@ -90,12 +90,24 @@ func (p *Build) serialize() osbuild.Pipeline {
 	pipeline.AddStage(osbuild.NewRPMStage(osbuild.NewRPMStageOptions(p.repos), osbuild.NewRpmStageSourceFilesInputs(p.packageSpecs)))
 	pipeline.AddStage(osbuild.NewSELinuxStage(&osbuild.SELinuxStageOptions{
 		FileContexts: "etc/selinux/targeted/contexts/files/file_contexts",
-		Labels: map[string]string{
-			// TODO: make conditional
-			"/usr/bin/cp": "system_u:object_r:install_exec_t:s0",
-		},
+		Labels:       p.getSELinuxLabels(),
 	},
 	))
 
 	return pipeline
 }
+
+// Returns a map of paths to labels for the SELinux stage based on specific
+// packages found in the pipeline.
+func (p *Build) getSELinuxLabels() map[string]string {
+	labels := make(map[string]string)
+	for _, pkg := range p.getPackageSpecs() {
+		switch pkg.Name {
+		case "coreutils":
+			labels["/usr/bin/cp"] = "system_u:object_r:install_exec_t:s0"
+		case "tar":
+			labels["/usr/bin/tar"] = "system_u:object_r:install_exec_t:s0"
+		}
+	}
+	return labels
+}