From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ErmlGQp+; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id D67EF5A026F for ; Tue, 04 Nov 2025 22:14:03 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762290842; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MFPA6dVfl0JjKoXkNhdW9s0pHAodY5gZj0tlmmQWxKw=; b=ErmlGQp+I85GD4ea8egweP6GDxGNUVOmOiPVZXg5hkGcPlZGWI8VZ2c47e9Y0cOO6yW0qz b+CoFy2H11HLY/sKX5MswO1SrRrFUafjcG2x3QNRG+8O1B7d7SgbpCFh+fbk9XiKnj4eJd qtScrGuYH74CsvyKrDVWWAokCo3MBoU= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-141-feg4vQlQMmCx7TJ_6c-zDQ-1; Tue, 04 Nov 2025 16:14:01 -0500 X-MC-Unique: feg4vQlQMmCx7TJ_6c-zDQ-1 X-Mimecast-MFC-AGG-ID: feg4vQlQMmCx7TJ_6c-zDQ_1762290840 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-47717c2737bso25939415e9.2 for ; Tue, 04 Nov 2025 13:14:01 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762290840; x=1762895640; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=MFPA6dVfl0JjKoXkNhdW9s0pHAodY5gZj0tlmmQWxKw=; b=VvRAgXt0oE9MoIR0YNoa/VnH1BlQzc2RFvV74FRx7elY10gx0TEAyHeZlL3HTKhYWj jU1/P7EmHGWRqRWiR2PvNT6HOAlgKmScI9l+vrvC3BiV+ksNLDdyb1pVqOvZWe4BmldX jmEsHPpfZRYXctWaeVnHgwi+fYuJBfLyKTO6smxaoutvTx6Nq54oFa1OQUPPMCFHXwsl O2DioSyY4Fg84kgt1q1u2PmQB5uaI5NAywL+eibqiziYILigOaC72ZqLIxDb+nj/QvYI SRB/Fryt1RutZuPaDWdMtOYpNLWSihqATNSDhManwxf0FrsGRFPyJxEdUarDRs96C9F2 kzQA== X-Gm-Message-State: AOJu0Yxd5YTxz0bpG7N68WCeOGk/DnSM8GJ2ZfWIuoJYjy5dV/SY/ZTR cjmXjKAk+9JxweD4+6wVxwc934aDLDJSLi9cHxQEKz78opM5wIrPdv7qq0o+9DqLtMJSDlxbMTK LaOswjpzSQyYJFSvp8R8mYINqX6Y2/g96HcKUet932stvJmW7/lt5yQ== X-Gm-Gg: ASbGncvimY84CBqIeozsrve4aU3esw+w6sWYKNNdDqMTnuq1LL+SXR9wkX48/cmD5ir hs9J1rXVdRLQlnDDRTsKy+n3yJFk7O2tkwoA68yR7wqPlb5knTYzRhs/bhTZ0VtlNFPkII9NtCl N+nKD+TT2RNAj3HmGHiJ++ny4Qv1Ut1bNRCqemjMlv5u6KM3qX790GvpXd5DzuFQ/T+8QY/vmUz ReSkRGQyiLk2D/G6cE5KLypXprAERrhOuDhU48jfLJAaru2ehwqbJ5QCNfNFx64QIKXPpvZUf4b xuq1lG7xG+AZGLbiBxdz3n34nrzLOkS9KtHv5y3q665DujeU0txQ0cYJC4vImiSHEEbR2jOrzqu GHkGrLHkbWA== X-Received: by 2002:a05:600c:5252:b0:475:dd9d:297b with SMTP id 5b1f17b1804b1-4775cdf46f0mr6223385e9.33.1762290840211; Tue, 04 Nov 2025 13:14:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IGXokGe69t+mi1GLiB6/2mbi58b8Omg2OpB/cGzvyfAHn28jc34EvO+xRfV1zyu7xjiunGjVg== X-Received: by 2002:a05:600c:5252:b0:475:dd9d:297b with SMTP id 5b1f17b1804b1-4775cdf46f0mr6223265e9.33.1762290839695; Tue, 04 Nov 2025 13:13:59 -0800 (PST) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-429dc1f9cdbsm6606348f8f.34.2025.11.04.13.13.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Nov 2025 13:13:59 -0800 (PST) Date: Tue, 4 Nov 2025 22:13:44 +0100 From: Stefano Brivio To: Danish Prakash , git@maxchernoff.ca Subject: Re: [PATCH v2] contrib/selinux: use regex instead of SELinux template Message-ID: <20251104221344.5ba5355d@elisabeth> In-Reply-To: <20251030104925.529411-1-contact@danishpraka.sh> References: <20251029001704.43f73a42@elisabeth> <20251030104925.529411-1-contact@danishpraka.sh> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: oErygdJJT-QtyR2XlS71e3K12HQKn0WxoZyaM-qH4rI_1762290840 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: SB5DPNNWPMVZHOGE3ZGCEFQ5JCIYVPYP X-Message-ID-Hash: SB5DPNNWPMVZHOGE3ZGCEFQ5JCIYVPYP X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, pholzing@redhat.com X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Thu, 30 Oct 2025 16:19:13 +0530 Danish Prakash wrote: > It might be possible to avoid using SELinux template (%USERID), > and instead using regex to match user ids. This would allow > discarding the explicit restorecon call while during package builds[1]. > > Original suggestion from cathy.hu@suse.com: > > > running restorecon would be unnecessary if the passt upstream selinux > > module would not use ${USERID} in pasta.fc (gets converted to [0-9]+ anyway) > > [1] - https://passt.top/passt/commit/?id=e019323538699967c155c29411545223dadfc0f5 Applied, thanks for the patch and for following up! Max, thanks for testing and reviewing, I took the liberty to translate your comments into Tested-by: and Reviewed-by: tags as they clearly seemed to indicate that. -- Stefano