Fedora Package Build Fails SELinux Related Unit Tests

[c4t3l]

I am a Fedora package maintainer and I am working on getting umoci into the distro. One core tenet of packaging golang projects in Fedora is that we MUST[1] run unit tests. Package builds of umoci fail with the following output:

--- FAIL: TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs (0.03s)
    --- FAIL: TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay. (0.02s)
        --- FAIL: TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./DirRootfs (0.01s)
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.dummy.xattr":"foobar", "user.overlay.opaque":"x"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.dummy.xattr":"foobar", "user.overlay.opaque":"x"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=2) {
                	            	+(map[string]string) (len=3) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=16) "user.dummy.xattr": (string) (len=6) "foobar",
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./DirRootfs
                	Messages:   	UnpackEntry("."): expected to see map[string]string{"user.dummy.xattr":"foobar", "user.overlay.opaque":"x"} not be remapped
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.fakexattr":"fakexattr"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.fakexattr":"fakexattr"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=22) "user.overlay.fakexattr": (string) (len=9) "fakexattr"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./DirRootfs
                	Messages:   	UnpackEntry("foo/"): expected to see map[string]string{"user.overlay.fakexattr":"fakexattr"} not be remapped
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.whiteout":"foo"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.whiteout":"foo"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=21) "user.overlay.whiteout": (string) (len=3) "foo"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./DirRootfs
                	Messages:   	UnpackEntry("foo/bar"): expected to see map[string]string{"user.overlay.whiteout":"foo"} not be remapped
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.opaque":"y"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.opaque":"y"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=19) "user.overlay.opaque": (string) (len=1) "y"

The above output is only a snippet. There appear to be approximately 24 failures related to xattr_linux_test.go.

Please note:
When I run the package build on my local system with selinux disabled, I get no such errors. When selinux is enabled, these tests fail. The Fedora build environment runs with SELinux enabled, and to my knowledge, is unchangeable.

[1] - https://docs.fedoraproject.org/en-US/packaging-guidelines/Golang/#_testing

[cyphar]

Ah, this is a bug in our tests. We do have SELinux handling in umoci (basically SELinux xattrs are ignored), but when writing 9a1cefa I forgot to make the tests have the same behaviour (and at the moment we don't have SELinux enabled in our CI -- maybe I should add CirrusCI to fix this...). Let me cook up a patch.

Just to make sure -- there are no other unit test failures related to SELinux xattrs, right? The rest of our SELinux handling still works fine?

[c4t3l]

@cyphar, here is the error output. This looks to be only related to SELinux xattrs:

Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.jnTCm2
+ umask 022
+ cd /builddir/build/BUILD/umoci-0.5.0-build
+ cd umoci-0.5.0
+ export GOPATH=/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0
+ GOPATH=/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0
+ cd src/github.com/opencontainers/umoci
+ GO111MODULE=off
+ go test -buildmode pie -compiler gc -ldflags '  -extldflags '\''-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes   '\''' ./...
ok  	github.com/opencontainers/umoci	0.011s
ok  	github.com/opencontainers/umoci/cmd/umoci	0.010s
?   	github.com/opencontainers/umoci/internal	[no test files]
ok  	github.com/opencontainers/umoci/mutate	1.433s
?   	github.com/opencontainers/umoci/oci/cas	[no test files]
ok  	github.com/opencontainers/umoci/oci/cas/dir	0.017s
ok  	github.com/opencontainers/umoci/oci/casext	3.543s
ok  	github.com/opencontainers/umoci/oci/casext/blobcompress	0.020s
?   	github.com/opencontainers/umoci/oci/casext/mediatype	[no test files]
?   	github.com/opencontainers/umoci/oci/config/convert	[no test files]
ok  	github.com/opencontainers/umoci/oci/config/generate	0.009s
2025/08/06 17:55:14  warn generate layer: could not add file "some/parents/filechanged": add file lstat: lstat /tmp/TestGenerateMissingFileError1579191314/001/some/parents/filechanged: no such file or directory
2025/08/06 17:55:14  warn could not generate layer: generate layer file: add file lstat: lstat /tmp/TestGenerateMissingFileError1579191314/001/some/parents/filechanged: no such file or directory
2025/08/06 17:55:14  warn generate layer: could not add file "some/parents": add file lstat: lstat /tmp/TestGenerateWrongRootError1834968909/001/some/some/parents: no such file or directory
2025/08/06 17:55:14  warn could not generate layer: generate layer file: add file lstat: lstat /tmp/TestGenerateWrongRootError1834968909/001/some/some/parents: no such file or directory
2025/08/06 17:55:14  info unpack rootfs: /tmp/TestUnpackManifestCustomLayer730166024/002/rootfs
2025/08/06 17:55:14  info unpack layer: sha256:159fc03d42b1eb2588cdffaabe13b9a4b25879d64db0ea473c6c411adcc5740a
2025/08/06 17:55:14  info unpack layer: sha256:29788ced4c99508cba36d0a32e9029789641b2996dbead688cc114fc7203cd9c
2025/08/06 17:55:14  info unpack rootfs: /tmp/TestUnpackStartFromDescriptor407066891/002/rootfs
2025/08/06 17:55:14  info unpack layer: sha256:29788ced4c99508cba36d0a32e9029789641b2996dbead688cc114fc7203cd9c
2025/08/06 17:55:14  info unpack rootfs: /tmp/TestUnpackUnimplementedOverlayfs1799452549/002/rootfs
2025/08/06 17:55:14  info image contains layers using the deprecated 'non-distributable' media type "application/vnd.oci.image.layer.nondistributable.v1.tar"
2025/08/06 17:55:14  info image contains layers using the deprecated 'non-distributable' media type "application/vnd.oci.image.layer.nondistributable.v1.tar"
2025/08/06 17:55:14  info image contains layers using the deprecated 'non-distributable' media type "application/vnd.oci.image.layer.nondistributable.v1.tar"
2025/08/06 17:55:14  info image contains layers using the deprecated 'non-distributable' media type "application/vnd.oci.image.layer.nondistributable.v1.tar"
--- FAIL: TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs (0.03s)
    --- FAIL: TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay. (0.02s)
        --- FAIL: TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./DirRootfs (0.01s)
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.dummy.xattr":"foobar", "user.overlay.opaque":"x"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.dummy.xattr":"foobar", "user.overlay.opaque":"x"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=2) {
                	            	+(map[string]string) (len=3) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=16) "user.dummy.xattr": (string) (len=6) "foobar",
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./DirRootfs
                	Messages:   	UnpackEntry("."): expected to see map[string]string{"user.dummy.xattr":"foobar", "user.overlay.opaque":"x"} not be remapped
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.fakexattr":"fakexattr"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.fakexattr":"fakexattr"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=22) "user.overlay.fakexattr": (string) (len=9) "fakexattr"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./DirRootfs
                	Messages:   	UnpackEntry("foo/"): expected to see map[string]string{"user.overlay.fakexattr":"fakexattr"} not be remapped
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.whiteout":"foo"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.whiteout":"foo"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=21) "user.overlay.whiteout": (string) (len=3) "foo"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./DirRootfs
                	Messages:   	UnpackEntry("foo/bar"): expected to see map[string]string{"user.overlay.whiteout":"foo"} not be remapped
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.opaque":"y"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.opaque":"y"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=19) "user.overlay.opaque": (string) (len=1) "y"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./DirRootfs
                	Messages:   	UnpackEntry("foo/baz/"): expected to see map[string]string{"user.overlay.opaque":"y"} not be remapped
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.overlay.opaque":"x", "user.overlay.overlay.overlay.overlay.overlay.overlay.dummy":"dummy xattr", "user.overlay.overlay.overlay.whiteout":"foobar"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.overlay.opaque":"x", "user.overlay.overlay.overlay.overlay.overlay.overlay.dummy":"dummy xattr", "user.overlay.overlay.overlay.whiteout":"foobar"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=3) {
                	            	+(map[string]string) (len=4) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=27) "user.overlay.overlay.opaque": (string) (len=1) "x",
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./DirRootfs
                	Messages:   	UnpackEntry("foo/extra-nesting/"): expected to see map[string]string{"user.overlay.overlay.opaque":"x", "user.overlay.overlay.overlay.overlay.overlay.overlay.dummy":"dummy xattr", "user.overlay.overlay.overlay.whiteout":"foobar"} not be remapped
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.overlay.overlay.overlay.overlay.dummy123":"dummy xattr 123"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.overlay.overlay.overlay.overlay.dummy123":"dummy xattr 123"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=53) "user.overlay.overlay.overlay.overlay.overlay.dummy123": (string) (len=15) "dummy xattr 123"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./DirRootfs
                	Messages:   	UnpackEntry("foo/extra-nesting/reg"): expected to see map[string]string{"user.overlay.overlay.overlay.overlay.overlay.dummy123":"dummy xattr 123"} not be remapped
        --- FAIL: TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-TrustedXattr (0.01s)
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.dummy.xattr":"foobar", "user.overlay.opaque":"x"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.dummy.xattr":"foobar", "user.overlay.opaque":"x"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=2) {
                	            	+(map[string]string) (len=3) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=16) "user.dummy.xattr": (string) (len=6) "foobar",
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-TrustedXattr
                	Messages:   	UnpackEntry("."): expected to see map[string]string{"user.dummy.xattr":"foobar", "user.overlay.opaque":"x"} not be remapped
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.fakexattr":"fakexattr"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.fakexattr":"fakexattr"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=22) "user.overlay.fakexattr": (string) (len=9) "fakexattr"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-TrustedXattr
                	Messages:   	UnpackEntry("foo/"): expected to see map[string]string{"user.overlay.fakexattr":"fakexattr"} not be remapped
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.whiteout":"foo"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.whiteout":"foo"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=21) "user.overlay.whiteout": (string) (len=3) "foo"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-TrustedXattr
                	Messages:   	UnpackEntry("foo/bar"): expected to see map[string]string{"user.overlay.whiteout":"foo"} not be remapped
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.opaque":"y"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.opaque":"y"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=19) "user.overlay.opaque": (string) (len=1) "y"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-TrustedXattr
                	Messages:   	UnpackEntry("foo/baz/"): expected to see map[string]string{"user.overlay.opaque":"y"} not be remapped
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.overlay.opaque":"x", "user.overlay.overlay.overlay.overlay.overlay.overlay.dummy":"dummy xattr", "user.overlay.overlay.overlay.whiteout":"foobar"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.overlay.opaque":"x", "user.overlay.overlay.overlay.overlay.overlay.overlay.dummy":"dummy xattr", "user.overlay.overlay.overlay.whiteout":"foobar"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=3) {
                	            	+(map[string]string) (len=4) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=27) "user.overlay.overlay.opaque": (string) (len=1) "x",
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-TrustedXattr
                	Messages:   	UnpackEntry("foo/extra-nesting/"): expected to see map[string]string{"user.overlay.overlay.opaque":"x", "user.overlay.overlay.overlay.overlay.overlay.overlay.dummy":"dummy xattr", "user.overlay.overlay.overlay.whiteout":"foobar"} not be remapped
            xattr_linux_test.go:216: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:216
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.overlay.overlay.overlay.overlay.dummy123":"dummy xattr 123"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.overlay.overlay.overlay.overlay.dummy123":"dummy xattr 123"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=53) "user.overlay.overlay.overlay.overlay.overlay.dummy123": (string) (len=15) "dummy xattr 123"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-TrustedXattr
                	Messages:   	UnpackEntry("foo/extra-nesting/reg"): expected to see map[string]string{"user.overlay.overlay.overlay.overlay.overlay.dummy123":"dummy xattr 123"} not be remapped
        --- FAIL: TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-UserXattr (0.01s)
            xattr_linux_test.go:206: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:206
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.dummy.xattr":"foobar", "user.overlay.overlay.opaque":"x"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.dummy.xattr":"foobar", "user.overlay.overlay.opaque":"x"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=2) {
                	            	+(map[string]string) (len=3) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=16) "user.dummy.xattr": (string) (len=6) "foobar",
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-UserXattr
                	Messages:   	UnpackEntry("."): expected to see map[string]string{"user.dummy.xattr":"foobar", "user.overlay.opaque":"x"} remapped properly
            xattr_linux_test.go:206: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:206
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.overlay.fakexattr":"fakexattr"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.overlay.fakexattr":"fakexattr"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=30) "user.overlay.overlay.fakexattr": (string) (len=9) "fakexattr"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-UserXattr
                	Messages:   	UnpackEntry("foo/"): expected to see map[string]string{"user.overlay.fakexattr":"fakexattr"} remapped properly
            xattr_linux_test.go:206: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:206
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.overlay.whiteout":"foo"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.overlay.whiteout":"foo"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=29) "user.overlay.overlay.whiteout": (string) (len=3) "foo"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-UserXattr
                	Messages:   	UnpackEntry("foo/bar"): expected to see map[string]string{"user.overlay.whiteout":"foo"} remapped properly
            xattr_linux_test.go:206: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:206
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.overlay.opaque":"y"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.overlay.opaque":"y"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=27) "user.overlay.overlay.opaque": (string) (len=1) "y"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-UserXattr
                	Messages:   	UnpackEntry("foo/baz/"): expected to see map[string]string{"user.overlay.opaque":"y"} remapped properly
            xattr_linux_test.go:206: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:206
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.overlay.overlay.opaque":"x", "user.overlay.overlay.overlay.overlay.overlay.overlay.overlay.dummy":"dummy xattr", "user.overlay.overlay.overlay.overlay.whiteout":"foobar"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.overlay.overlay.opaque":"x", "user.overlay.overlay.overlay.overlay.overlay.overlay.overlay.dummy":"dummy xattr", "user.overlay.overlay.overlay.overlay.whiteout":"foobar"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=3) {
                	            	+(map[string]string) (len=4) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=35) "user.overlay.overlay.overlay.opaque": (string) (len=1) "x",
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-UserXattr
                	Messages:   	UnpackEntry("foo/extra-nesting/"): expected to see map[string]string{"user.overlay.overlay.opaque":"x", "user.overlay.overlay.overlay.overlay.overlay.overlay.dummy":"dummy xattr", "user.overlay.overlay.overlay.whiteout":"foobar"} remapped properly
            xattr_linux_test.go:206: 
                	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:206
                	Error:      	Not equal: 
                	            	expected: map[string]string{"user.overlay.overlay.overlay.overlay.overlay.overlay.dummy123":"dummy xattr 123"}
                	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.overlay.overlay.overlay.overlay.overlay.overlay.dummy123":"dummy xattr 123"}
                	            	
                	            	Diff:
                	            	--- Expected
                	            	+++ Actual
                	            	@@ -1,2 +1,3 @@
                	            	-(map[string]string) (len=1) {
                	            	+(map[string]string) (len=2) {
                	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
                	            	  (string) (len=61) "user.overlay.overlay.overlay.overlay.overlay.overlay.dummy123": (string) (len=15) "dummy xattr 123"
                	Test:       	TestUnpackGenerateRoundTrip_ComplexXattr_OverlayfsRootfs/TarEntries=user.overlay./OverlayfsRootfs-UserXattr
                	Messages:   	UnpackEntry("foo/extra-nesting/reg"): expected to see map[string]string{"user.overlay.overlay.overlay.overlay.overlay.dummy123":"dummy xattr 123"} remapped properly
--- FAIL: TestUnpackGenerateRoundTrip_MockedSELinux (0.01s)
    --- FAIL: TestUnpackGenerateRoundTrip_MockedSELinux/DirRootfs (0.00s)
        xattr_linux_test.go:351: 
            	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:351
            	Error:      	Not equal: 
            	            	expected: map[string]string{"user.UMOCI.fake_selinux":"rootdir", "user.dummy.xattr":"foobar"}
            	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.UMOCI.fake_selinux":"rootdir", "user.dummy.xattr":"foobar"}
            	            	
            	            	Diff:
            	            	--- Expected
            	            	+++ Actual
            	            	@@ -1,2 +1,3 @@
            	            	-(map[string]string) (len=2) {
            	            	+(map[string]string) (len=3) {
            	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
            	            	  (string) (len=23) "user.UMOCI.fake_selinux": (string) (len=7) "rootdir",
            	Test:       	TestUnpackGenerateRoundTrip_MockedSELinux/DirRootfs
            	Messages:   	UnpackEntry("."): expected to only see specific subset of applied xattrs
        xattr_linux_test.go:351: 
            	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:351
            	Error:      	Not equal: 
            	            	expected: map[string]string{"user.UMOCI.fake_selinux":"foodir", "user.dummy.xattr":"barbaz"}
            	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.UMOCI.fake_selinux":"foodir", "user.dummy.xattr":"barbaz"}
            	            	
            	            	Diff:
            	            	--- Expected
            	            	+++ Actual
            	            	@@ -1,2 +1,3 @@
            	            	-(map[string]string) (len=2) {
            	            	+(map[string]string) (len=3) {
            	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
            	            	  (string) (len=23) "user.UMOCI.fake_selinux": (string) (len=6) "foodir",
            	Test:       	TestUnpackGenerateRoundTrip_MockedSELinux/DirRootfs
            	Messages:   	UnpackEntry("foo/"): expected to only see specific subset of applied xattrs
        xattr_linux_test.go:351: 
            	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:351
            	Error:      	Not equal: 
            	            	expected: map[string]string{"user.UMOCI.fake_selinux":"foobarfile"}
            	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.UMOCI.fake_selinux":"foobarfile"}
            	            	
            	            	Diff:
            	            	--- Expected
            	            	+++ Actual
            	            	@@ -1,2 +1,3 @@
            	            	-(map[string]string) (len=1) {
            	            	+(map[string]string) (len=2) {
            	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
            	            	  (string) (len=23) "user.UMOCI.fake_selinux": (string) (len=10) "foobarfile"
            	Test:       	TestUnpackGenerateRoundTrip_MockedSELinux/DirRootfs
            	Messages:   	UnpackEntry("foo/bar"): expected to only see specific subset of applied xattrs
    --- FAIL: TestUnpackGenerateRoundTrip_MockedSELinux/OverlayfsRootfs (0.00s)
        xattr_linux_test.go:351: 
            	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:351
            	Error:      	Not equal: 
            	            	expected: map[string]string{"user.UMOCI.fake_selinux":"rootdir", "user.dummy.xattr":"foobar"}
            	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.UMOCI.fake_selinux":"rootdir", "user.dummy.xattr":"foobar"}
            	            	
            	            	Diff:
            	            	--- Expected
            	            	+++ Actual
            	            	@@ -1,2 +1,3 @@
            	            	-(map[string]string) (len=2) {
            	            	+(map[string]string) (len=3) {
            	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
            	            	  (string) (len=23) "user.UMOCI.fake_selinux": (string) (len=7) "rootdir",
            	Test:       	TestUnpackGenerateRoundTrip_MockedSELinux/OverlayfsRootfs
            	Messages:   	UnpackEntry("."): expected to only see specific subset of applied xattrs
        xattr_linux_test.go:351: 
            	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:351
            	Error:      	Not equal: 
            	            	expected: map[string]string{"user.UMOCI.fake_selinux":"foodir", "user.dummy.xattr":"barbaz"}
            	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.UMOCI.fake_selinux":"foodir", "user.dummy.xattr":"barbaz"}
            	            	
            	            	Diff:
            	            	--- Expected
            	            	+++ Actual
            	            	@@ -1,2 +1,3 @@
            	            	-(map[string]string) (len=2) {
            	            	+(map[string]string) (len=3) {
            	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
            	            	  (string) (len=23) "user.UMOCI.fake_selinux": (string) (len=6) "foodir",
            	Test:       	TestUnpackGenerateRoundTrip_MockedSELinux/OverlayfsRootfs
            	Messages:   	UnpackEntry("foo/"): expected to only see specific subset of applied xattrs
        xattr_linux_test.go:351: 
            	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/oci/layer/xattr_linux_test.go:351
            	Error:      	Not equal: 
            	            	expected: map[string]string{"user.UMOCI.fake_selinux":"foobarfile"}
            	            	actual  : map[string]string{"security.selinux":"system_u:object_r:mock_var_lib_t:s0\x00", "user.UMOCI.fake_selinux":"foobarfile"}
            	            	
            	            	Diff:
            	            	--- Expected
            	            	+++ Actual
            	            	@@ -1,2 +1,3 @@
            	            	-(map[string]string) (len=1) {
            	            	+(map[string]string) (len=2) {
            	            	+ (string) (len=16) "security.selinux": (string) (len=36) "system_u:object_r:mock_var_lib_t:s0\x00",
            	            	  (string) (len=23) "user.UMOCI.fake_selinux": (string) (len=10) "foobarfile"
            	Test:       	TestUnpackGenerateRoundTrip_MockedSELinux/OverlayfsRootfs
            	Messages:   	UnpackEntry("foo/bar"): expected to only see specific subset of applied xattrs
FAIL
FAIL	github.com/opencontainers/umoci/oci/layer	1.159s
?   	github.com/opencontainers/umoci/pkg/fseval	[no test files]
ok  	github.com/opencontainers/umoci/pkg/funchelpers	0.007s
ok  	github.com/opencontainers/umoci/pkg/hardening	0.027s
ok  	github.com/opencontainers/umoci/pkg/idtools	0.009s
?   	github.com/opencontainers/umoci/pkg/iohelpers	[no test files]
ok  	github.com/opencontainers/umoci/pkg/mtreefilter	0.018s
ok  	github.com/opencontainers/umoci/pkg/pathtrie	0.008s
--- FAIL: TestClearxattrFilter (0.00s)
    xattr_unix_test.go:72: 
        	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/pkg/system/xattr_unix_test.go:72
        	Error:      	elements differ
        	            	
        	            	extra elements in list B:
        	            	([]interface {}) (len=1) {
        	            	 (string) (len=16) "security.selinux"
        	            	}
        	            	
        	            	
        	            	listA:
        	            	([]string) (len=4) {
        	            	 (string) (len=13) "user.allowed1",
        	            	 (string) (len=13) "user.allowed2",
        	            	 (string) (len=15) "user.forbidden1",
        	            	 (string) (len=23) "user.forbidden1.allowed"
        	            	}
        	            	
        	            	
        	            	listB:
        	            	([]string) (len=5) {
        	            	 (string) (len=23) "user.forbidden1.allowed",
        	            	 (string) (len=13) "user.allowed2",
        	            	 (string) (len=13) "user.allowed1",
        	            	 (string) (len=15) "user.forbidden1",
        	            	 (string) (len=16) "security.selinux"
        	            	}
        	Test:       	TestClearxattrFilter
        	Messages:   	all xattrs should be present after setting
    xattr_unix_test.go:85: 
        	Error Trace:	/builddir/build/BUILD/umoci-0.5.0-build/umoci-0.5.0/src/github.com/opencontainers/umoci/pkg/system/xattr_unix_test.go:85
        	Error:      	elements differ
        	            	
        	            	extra elements in list B:
        	            	([]interface {}) (len=1) {
        	            	 (string) (len=16) "security.selinux"
        	            	}
        	            	
        	            	
        	            	listA:
        	            	([]string) (len=1) {
        	            	 (string) (len=15) "user.forbidden1"
        	            	}
        	            	
        	            	
        	            	listB:
        	            	([]string) (len=2) {
        	            	 (string) (len=15) "user.forbidden1",
        	            	 (string) (len=16) "security.selinux"
        	            	}
        	Test:       	TestClearxattrFilter
        	Messages:   	only explicitly forbidden xattrs should be allowed to remain after clearing
FAIL
FAIL	github.com/opencontainers/umoci/pkg/system	0.016s
?   	github.com/opencontainers/umoci/pkg/testutils	[no test files]
ok  	github.com/opencontainers/umoci/pkg/unpriv	0.043s
FAIL

[cyphar]

@c4t3l Can you test #609? This fixed the unit tests when running in an AlmaLinux 9 VM for me.

[c4t3l]

@cyphar, sorry for such a late reply... It's been a busy couple of weeks for me... Yes, this patch works! All unit tests are good now. Thank you!