From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=maxchernoff.ca
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=maxchernoff.ca header.i=@maxchernoff.ca header.a=rsa-sha256 header.s=key1 header.b=d9dueOtl;
	dkim-atps=neutral
Received: from out-177.mta1.migadu.com (out-177.mta1.migadu.com [95.215.58.177])
	by passt.top (Postfix) with ESMTPS id BEBF95A0280
	for <passt-dev@passt.top>; Fri, 23 May 2025 06:19:16 +0200 (CEST)
Message-ID: <f0ae3b503fadaecc3ba75d0713dc87d5b31f54e2.camel@maxchernoff.ca>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=maxchernoff.ca;
	s=key1; t=1747973956;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=uZnFoshW7dhEj+ipGwnhRWEv64/DKrlK9ymv+Ichtlg=;
	b=d9dueOtl4lnAVNMTo+b5GUiT+NO/Mw76KIp1Quoe8DeIzkA8WpQF4wRjoVCiTYJ2WM6urU
	vDxi//Y09JYUjo0MEsiMoYLklzE/4z0SXhNnGg/KkMMxjUGOTf6oKQy9kPOxTrbhJ21VCm
	bT01FCk1cXvb5EsJhenBY7gcUjTdeX2UZVqZXDtWx6TraUfIhA1Vwxt6T3acWJCrasiHjb
	943sA7hS+V621EeAYV7t4qTD8VOA2mXbIuooyoAVXjO4ElvW+dUxAsPcQx+c2IlSbjP9Ih
	rx+bSpBl8K11Kz6FO156J+AGZLQuR6OawNMi+vht96yQ+o3MZggN32VE8i3Frg==
Subject: Re: [PATCH] fedora: Separately restore context for /run/user in
 %posttrans selinux
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
From: Max Chernoff <git@maxchernoff.ca>
To: Stefano Brivio <sbrivio@redhat.com>, passt-dev@passt.top
Date: Thu, 22 May 2025 22:19:11 -0600
In-Reply-To: <20250522211331.3904674-1-sbrivio@redhat.com>
References: <20250522211331.3904674-1-sbrivio@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Migadu-Flow: FLOW_OUT
X-MailFrom: git@maxchernoff.ca
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation
Message-ID-Hash: CW3FF7EBZKY3YOLDAXTZ6RZCLTKOBTEA
X-Message-ID-Hash: CW3FF7EBZKY3YOLDAXTZ6RZCLTKOBTEA
X-Mailman-Approved-At: Fri, 23 May 2025 15:03:45 +0200
CC: Max Chernoff <git@maxchernoff.ca>, Paul Holzinger <pholzing@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/f0ae3b503fadaecc3ba75d0713dc87d5b31f54e2.camel@maxchernoff.ca/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/CW3FF7EBZKY3YOLDAXTZ6RZCLTKOBTEA/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

Hi Stefano,

On Thu, 2025-05-22 at 23:13 +0200, Stefano Brivio wrote:
> The previous change introduces specific file contexts for
> /run/user/%{USERID}/netns and
> /run/user/%{USERID}/containers/networks/rootless-netns, but
> %selinux_relabel_post can't handle that, see comments for more
> details.
>
> Add a separate restorecon(8) call for /run/user in the
> post-transaction scriptlet for the SELinux subpackage.

I've tested this out and can confirm that it works, thanks.

Aside: what is the correct way to build passt rpms? "make pkgs" doesn't
build the SELinux package, but I was eventually able to get the
following to work:

    $ git archive --prefix=3Dpasst-$(git rev-parse @)/ @ > ./passt-$(git re=
v-parse @).tar
    $ xz passt-*.tar
    $ mv *.tar.xz contrib/fedora/
    $ cd contrib/fedora/
    $ rpkg local --outdir $(realpath .)

Is there a way to do this without needing to manually create the .tar.xz
archive first?

Thanks,
-- Max