From 204eb6d810f8aef05f741349c7c2efa210cc46ab Mon Sep 17 00:00:00 2001
From: Russell Bryant <rbryant@redhat.com>
Date: Wed, 2 Oct 2024 13:37:41 -0400
Subject: [PATCH] docker: Check for selinux before using `--security-opt`
 (#167)

Before using `--security-opt label=disable`, check that SELinux is
enabled. Otherwise, the option is not relevant.

This fixes errors on Mac.

Closes #166

Signed-off-by: Russell Bryant <rbryant@redhat.com>
---
 llama_stack/distribution/build_container.sh     | 6 ++++--
 llama_stack/distribution/configure_container.sh | 6 ++++--
 llama_stack/distribution/start_container.sh     | 6 ++++--
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/llama_stack/distribution/build_container.sh b/llama_stack/distribution/build_container.sh
index c9b99d376..625c8cfc3 100755
--- a/llama_stack/distribution/build_container.sh
+++ b/llama_stack/distribution/build_container.sh
@@ -125,8 +125,10 @@ if [ -n "$LLAMA_MODELS_DIR" ]; then
   mounts="$mounts -v $(readlink -f $LLAMA_MODELS_DIR):$models_mount"
 fi
 
-# Disable SELinux labels -- we don't want to relabel the llama-stack source dir
-DOCKER_OPTS="$DOCKER_OPTS --security-opt label=disable"
+if command -v selinuxenabled &> /dev/null && selinuxenabled; then
+  # Disable SELinux labels -- we don't want to relabel the llama-stack source dir
+  DOCKER_OPTS="$DOCKER_OPTS --security-opt label=disable"
+fi
 
 set -x
 $DOCKER_BINARY build $DOCKER_OPTS -t $image_name -f "$TEMP_DIR/Dockerfile" "$REPO_DIR" $mounts
diff --git a/llama_stack/distribution/configure_container.sh b/llama_stack/distribution/configure_container.sh
index b7a5871ed..5f64531eb 100755
--- a/llama_stack/distribution/configure_container.sh
+++ b/llama_stack/distribution/configure_container.sh
@@ -28,8 +28,10 @@ docker_image="$1"
 host_build_dir="$2"
 container_build_dir="/app/builds"
 
-# Disable SELinux labels
-DOCKER_OPTS="$DOCKER_OPTS --security-opt label=disable"
+if command -v selinuxenabled &> /dev/null && selinuxenabled; then
+  # Disable SELinux labels
+  DOCKER_OPTS="$DOCKER_OPTS --security-opt label=disable"
+fi
 
 mounts=""
 if [ -n "$LLAMA_STACK_DIR" ]; then
diff --git a/llama_stack/distribution/start_container.sh b/llama_stack/distribution/start_container.sh
index 39b019588..8533da7d1 100755
--- a/llama_stack/distribution/start_container.sh
+++ b/llama_stack/distribution/start_container.sh
@@ -40,8 +40,10 @@ shift
 
 set -x
 
-# Disable SELinux labels
-DOCKER_OPTS="$DOCKER_OPTS --security-opt label=disable"
+if command -v selinuxenabled &> /dev/null && selinuxenabled; then
+  # Disable SELinux labels
+  DOCKER_OPTS="$DOCKER_OPTS --security-opt label=disable"
+fi
 
 mounts=""
 if [ -n "$LLAMA_STACK_DIR" ]; then