From: Stefano Brivio <sbrivio@redhat.com>
To: passt-dev@passt.top
Cc: Max Chernoff <git@maxchernoff.ca>
Subject: [PATCH] fedora: Hide restorecon(8) errors in post-transaction scriptlet
Date: Tue, 10 Jun 2025 17:11:35 +0200 [thread overview]
Message-ID: <20250610151135.3425210-1-sbrivio@redhat.com> (raw)
Commit e01932353869 ("fedora: Separately restore context for /run/user
in %posttrans selinux") added a call to restorecon for /run/user in
the passt-selinux post-transaction scriptlet, and we can't give a path
that's more specific than that, but it often contains FUSE mountpoints
that are not accessible as root, resulting in warnings as the package
is installed.
Hide the errors, a failure in relabeling wouldn't be really
problematic in any case.
Link: https://bodhi.fedoraproject.org/updates/FEDORA-2025-f454466bb6
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2371159
Fixes: e01932353869 ("fedora: Separately restore context for /run/user in %posttrans selinux")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
contrib/fedora/passt.spec | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec
index e52f50f..663289f 100644
--- a/contrib/fedora/passt.spec
+++ b/contrib/fedora/passt.spec
@@ -107,8 +107,13 @@ fi
# (see selabel_file(5)) in order to restore only the file contexts which
# actually changed. However, as file_contexts doesn't support %{USERID}
# substitutions, this will not work for specific file contexts that pasta needs
-# to have under /run/user. Restore those explicitly.
-restorecon -R /run/user
+# to have under /run/user.
+#
+# Restore those explicitly, hiding errors from restorecon(8): we can't pass a
+# path that's more specific than this, but at the same time /run/user often
+# contains FUSE mountpoints that can't be accessed as root, leading to
+# "Permission denied" messages, but not failures.
+restorecon -R /run/user 2>/dev/null
%files
%license LICENSES/{GPL-2.0-or-later.txt,BSD-3-Clause.txt}
--
@@ -107,8 +107,13 @@ fi
# (see selabel_file(5)) in order to restore only the file contexts which
# actually changed. However, as file_contexts doesn't support %{USERID}
# substitutions, this will not work for specific file contexts that pasta needs
-# to have under /run/user. Restore those explicitly.
-restorecon -R /run/user
+# to have under /run/user.
+#
+# Restore those explicitly, hiding errors from restorecon(8): we can't pass a
+# path that's more specific than this, but at the same time /run/user often
+# contains FUSE mountpoints that can't be accessed as root, leading to
+# "Permission denied" messages, but not failures.
+restorecon -R /run/user 2>/dev/null
%files
%license LICENSES/{GPL-2.0-or-later.txt,BSD-3-Clause.txt}
--
2.43.0
next reply other threads:[~2025-06-10 15:11 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-10 15:11 Stefano Brivio [this message]
2025-06-11 9:31 ` [PATCH] fedora: Hide restorecon(8) errors in post-transaction scriptlet Max Chernoff
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250610151135.3425210-1-sbrivio@redhat.com \
--to=sbrivio@redhat.com \
--cc=git@maxchernoff.ca \
--cc=passt-dev@passt.top \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).