From 11ed3b09faaca1d34cd45f0457113cade21e6674 Mon Sep 17 00:00:00 2001
From: Eric Curtin <ecurtin@redhat.com>
Date: Tue, 18 Jun 2024 15:06:12 +0100
Subject: [PATCH] remount: ignore ENOENT error during SELinux relabeling

Ignore ENOENT error in selinux_restorecon to avoid failures when
temporary files created by systemd-sysusers in /etc are missing during
relabeling. This prevents errors such as:

  "Failed to relabel /etc/.g#shadowJzu4Rx: No such file or directory"

and allows the process to continue.

Co-Authored-By: Alexander Larsson <alexl@redhat.com>
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
---
 src/switchroot/ostree-remount.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/switchroot/ostree-remount.c b/src/switchroot/ostree-remount.c
index 497603e9d9..5cba7b1c39 100644
--- a/src/switchroot/ostree-remount.c
+++ b/src/switchroot/ostree-remount.c
@@ -90,8 +90,18 @@ static void
 relabel_dir_for_upper (const char *upper_path, const char *real_path, gboolean is_dir)
 {
 #ifdef HAVE_SELINUX
+  /* Ignore ENOENT, because if there is no file to relabel we can continue,
+   * systemd-sysusers runs in parallel and can create temporary files in /etc
+   * causing failures like:
+   * "Failed to relabel /etc/.g#shadowJzu4Rx: No such file or directory"
+   */
   if (selinux_restorecon (real_path, 0))
-    err (EXIT_FAILURE, "Failed to relabel %s", real_path);
+    {
+      if (errno == ENOENT)
+        return;
+
+      err (EXIT_FAILURE, "Failed to relabel %s", real_path);
+    }
 
   if (!is_dir)
     return;