internal/exec: don't relabel a mountpoint that already exists

When mounting filesystems, Ignition was relabeling the mountpoint
directory even if it previously existed.
This isn't necessary, and fails if the mountpoint is on a read-only
filesystem, such as /usr/share/oem on Flatcar.
Relabel the mountpoint only if we create it.
Fixes: #1452

Author: Adam0Brien

docs/release-notes.md

@@ -26,6 +26,7 @@ Starting with this release, ignition-validate binaries are signed with the
 - Clarify documentation of `passwordHash` fields
 - Correctly document Tang `advertisement` field as optional
 - Fix failure disabling nonexistent unit with systemd ≥ 252
+- Don't relabel a mount point that already exists
 
 ### Test changes
 

internal/exec/stages/mount/mount.go

@@ -123,29 +123,25 @@ func (s stage) mountFs(fs types.Filesystem) error {
 		return err
 	}
 
-	var firstMissing string
-	if distro.SelinuxRelabel() {
-		var err error
-		firstMissing, err = util.FindFirstMissingPathComponent(path)
+	if _, err := os.Stat(path); err != nil && os.IsNotExist(err) {
+		firstMissing, err := util.FindFirstMissingPathComponent(path)
 		if err != nil {
 			return err
 		}
-	}
 
-	if _, err := os.Stat(path); err != nil && os.IsNotExist(err) {
 		// Record created directories for use by the files stage.
 		// NotateMkdirAll() is relative to the DestDir.
 		if err := s.NotateMkdirAll(relpath, 0755); err != nil {
 			return err
 		}
-	} else if err != nil {
-		return err
-	}
 
-	if distro.SelinuxRelabel() {
-		if err := s.RelabelFiles([]string{firstMissing}); err != nil {
-			return err
+		if distro.SelinuxRelabel() {
+			if err := s.RelabelFiles([]string{firstMissing}); err != nil {
+				return err
+			}
 		}
+	} else if err != nil {
+		return err
 	}
 
 	args := translateOptionSliceToString(fs.MountOptions, ",")