Podman: SELinux detection fails when VS Code runs inside Flatpak (label=disable needed)

[ibaidev]

Description

When using VS Code with Podman + SELinux, VS Code currently detects an SELinux-enabled environment by calling getenforce and checking .Host.Security.SELinuxEnabled. If VS Code is running inside a Flatpak, getenforce inside the Flatpak returns "Disabled" even though the host is "Enforcing". That makes VS Code think SELinux is not enabled and it does not pass label=disable, causing permission/SELinux denial issues when building containers with features. If I manually make getenforce return "Enforcing" inside the Flatpak, detection succeeds and the container build works.

Environment

• Host OS: Fedora (or another SELinux‑enforcing distribution).
• VS Code as Flatpak: com.visualstudio.code + com.visualstudio.code.tool.podman.
• Podman version: 5.6.1
• VS Code version: 1.102.1

Steps to reproduce

1. Click "Dev Containers: Reopen in Container" from VS Code.

Actual behavior

• Inside a Flatpak sandbox, getenforce reports Disabled and detection fails, so label=disable is not set and builds fail.

Expected behavior

• VS Code should correctly detect the host SELinux state when running inside Flatpak sandboxes and pass label=disable when necessary to avoid SELinux denial issues with Podman.

Suggested fixes / discussion

• Consider additional detection strategies when running inside Flatpak.