From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=LY9Mun4s; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 289095A083D for ; Thu, 18 Sep 2025 18:01:46 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758211305; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uSHPlVDQDrwCvr93kX/2/E8DcxNxgaJpPw/bgO4gCbQ=; b=LY9Mun4sS5Icxq98ZrCsVCBbLkZrlsaKtQgmr21kUYonRgnbPBsWhT6DCNG/fSFPDXDsR1 x8o5uE9wtjk6ekmMOT7JpfuYu5IehqkkOtw1u831NpEbr8EUwr4mmK+yfJ/5KXLYtEma2h xphOxOYpyScXWALrcNv8HC9I5QteWpE= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-282-NyLE3JamMVekB60nbNtpqA-1; Thu, 18 Sep 2025 12:01:43 -0400 X-MC-Unique: NyLE3JamMVekB60nbNtpqA-1 X-Mimecast-MFC-AGG-ID: NyLE3JamMVekB60nbNtpqA_1758211302 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-45de27bf706so6198105e9.0 for ; Thu, 18 Sep 2025 09:01:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758211302; x=1758816102; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=uSHPlVDQDrwCvr93kX/2/E8DcxNxgaJpPw/bgO4gCbQ=; b=UCdIr+grZTi5yvoK2AsS6rLkQkbr1AKeZtcHzTjodP1pQIEdUDr5TZas+GbMDcIfXl ChXKQHTojRoXV9YxR0s3KpkF0zzb16ZbnKSuyOTz65SfF5gRnttKN78x6sbI7UUE5IUZ 87P+W96dTLI/2Vgk0Ei2AvrbAKuLFQDxHwAaFfz+Ne7Gs9D7Q1ri0cBPQ12Q5lnjTRIs nE2dyQ8kCBdH5v7EAEqAnOKotvEVDDSiDRfSMbeNQCNCv3RoLEfFi/DBzjd/e0imPtqQ t4mPtj1ZPVmBjVJ8PN52JZuLzM9k/PKwrTL5UN0FsMHU3HtwH23CEpNmIXrQ3oIrd6ei HsuQ== X-Gm-Message-State: AOJu0YwtN1bkok0Gf2KYeIu2rfaKMHtlJrHXtpHdXWZbbY9k56iN88PT nRYvRyxHcTZmz9OXKY2FZN8CwLEFbQFSAQ8j2D4uS19Frotw7WfrAKvLQFqsVlGHa1pRUSays+O qY34iaAsMx5+qWqGhZ4wgOx7yGovbmXLMpVBoOFDvTTVl+PH/j+yhNA== X-Gm-Gg: ASbGncuxVMif+Luyq8lw4MHGPFUNWYuKW6naZbYMbnGQefC0yfkB7U4fO6vAJ3sQr98 GGZJubXgNm+CXM42o2HRreWsy/hwf+XUrCiB48IWe1uzM6eSm8KsP7DHf35iavWMnR/lDDqGWpk MM3YA84ScvlPCBB25N/mGuS0+jYs8HXZ98jdeGa133UZCmlMIqOaG5Bu61R21W/i/m1BGC83tMh nFNsMYp7ktV9SHjQqe+wC2QKrL9Qnrh9vGbwgEUncC/q/FOTrd8g4HAaEnMRAcGHhnhlbfVozIr gsXMwr+62HPNzbudwl2pq/znONkkV4sjt9/Q8sE/dKM46urNIglzrh5SpdwNZHMycEXY X-Received: by 2002:a05:600c:b85:b0:45d:cff6:733f with SMTP id 5b1f17b1804b1-46202a0e739mr67665475e9.11.1758211301635; Thu, 18 Sep 2025 09:01:41 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE9JpgUSjIsDtD03ewMduWAF3yw41jtE9IzsNUBX00fq9xQINK3VGNxRfWaPtDWXjhuUs2SBA== X-Received: by 2002:a05:600c:b85:b0:45d:cff6:733f with SMTP id 5b1f17b1804b1-46202a0e739mr67665015e9.11.1758211301094; Thu, 18 Sep 2025 09:01:41 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4613dccb5e2sm86526275e9.17.2025.09.18.09.01.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Sep 2025 09:01:39 -0700 (PDT) Date: Thu, 18 Sep 2025 18:01:37 +0200 From: Stefano Brivio To: Paul Holzinger Subject: Re: [PATCH 1/2] selinux: add container_var_run_t type transition Message-ID: <20250918180137.12749d7b@elisabeth> In-Reply-To: <20250917120450.36181-2-pholzing@redhat.com> References: <20250917120450.36181-2-pholzing@redhat.com> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 8kEgnmJgIKhgX300OMC7Cw7I-jJXCZW5UHmYnH9v_qw_1758211302 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: FUWCMGSBRA66DZDDZMFCVMQNOJSF6QWM X-Message-ID-Hash: FUWCMGSBRA66DZDDZMFCVMQNOJSF6QWM X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Max Chernoff , Giuseppe Scrivano , Lokesh Mandvekar , Dan Walsh X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Wed, 17 Sep 2025 14:04:50 +0200 Paul Holzinger wrote: > In some cases the podman runroot directory used to be labelled > container_var_run_t instead of user_tmp_t which was expected here. > Starting with a recent container-selinux change the runroot is now > always container_var_run_t so make the policy handle both types to allow > for a better upgrade path where passt-selinux and container-selinux are > not updated at the same time. > > Link: https://github.com/containers/container-selinux/pull/405 > Link: https://github.com/containers/podman/issues/26473 > > Signed-off-by: Paul Holzinger Series applied, with all the changes as discussed. I'll make a release soon so that container-selinux can proceed with container_var_run_t as needed. -- Stefano