From e66da3d08a7f739acaf0d56c7c4c27154f83ad5b Mon Sep 17 00:00:00 2001
From: Jeff MAURY <jmaury@redhat.com>
Date: Thu, 7 Mar 2024 16:53:37 +0100
Subject: [PATCH] fix: disable selinux label when mounting the volume for the
 playground (#457)

Fixes #456

Signed-off-by: Jeff MAURY <jmaury@redhat.com>
---
 packages/backend/src/managers/playground.spec.ts | 2 ++
 packages/backend/src/managers/playground.ts      | 3 ++-
 packages/backend/src/utils/utils.ts              | 2 ++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/packages/backend/src/managers/playground.spec.ts b/packages/backend/src/managers/playground.spec.ts
index b3125bc75..44d623f56 100644
--- a/packages/backend/src/managers/playground.spec.ts
+++ b/packages/backend/src/managers/playground.spec.ts
@@ -24,6 +24,7 @@ import type { ImageInfo, TelemetryLogger, Webview } from '@podman-desktop/api';
 import type { ModelInfo } from '@shared/src/models/IModelInfo';
 import OpenAI from 'openai';
 import { Stream } from 'openai/streaming';
+import { DISABLE_SELINUX_LABEL_SECURITY_OPTION } from '../utils/utils';
 
 const mocks = vi.hoisted(() => ({
   postMessage: vi.fn(),
@@ -138,6 +139,7 @@ test('startPlayground should download image if not present then create container
           Type: 'bind',
         },
       ],
+      SecurityOpt: [DISABLE_SELINUX_LABEL_SECURITY_OPTION],
       PortBindings: {
         '8000/tcp': [
           {
diff --git a/packages/backend/src/managers/playground.ts b/packages/backend/src/managers/playground.ts
index 3232ce7e5..2447d23e2 100644
--- a/packages/backend/src/managers/playground.ts
+++ b/packages/backend/src/managers/playground.ts
@@ -33,7 +33,7 @@ import type { PlaygroundState, PlaygroundStatus } from '@shared/src/models/IPlay
 import type { ContainerRegistry } from '../registries/ContainerRegistry';
 import type { PodmanConnection } from './podmanConnection';
 import OpenAI from 'openai';
-import { getDurationSecondsSince, timeout } from '../utils/utils';
+import { DISABLE_SELINUX_LABEL_SECURITY_OPTION, getDurationSecondsSince, timeout } from '../utils/utils';
 import type { ModelInfo } from '@shared/src/models/IModelInfo';
 
 export const LABEL_MODEL_ID = 'ai-studio-model-id';
@@ -212,6 +212,7 @@ export class PlayGroundManager {
             Type: 'bind',
           },
         ],
+        SecurityOpt: [DISABLE_SELINUX_LABEL_SECURITY_OPTION],
         PortBindings: {
           '8000/tcp': [
             {
diff --git a/packages/backend/src/utils/utils.ts b/packages/backend/src/utils/utils.ts
index d59f1efc3..959de3cae 100644
--- a/packages/backend/src/utils/utils.ts
+++ b/packages/backend/src/utils/utils.ts
@@ -49,3 +49,5 @@ export async function isEndpointAlive(endPoint: string): Promise<boolean> {
 export function getDurationSecondsSince(startTimeMs: number) {
   return Math.round((performance.now() - startTimeMs) / 1000);
 }
+
+export const DISABLE_SELINUX_LABEL_SECURITY_OPTION = 'label=disable';