1
0
Fork 0
mirror of https://passt.top/passt synced 2025-07-26 03:27:59 +02:00

fedora: Separately restore context for /run/user in %posttrans selinux

The previous change introduces specific file contexts for
/run/user/%{USERID}/netns and
/run/user/%{USERID}/containers/networks/rootless-netns, but
%selinux_relabel_post can't handle that, see comments for more
details.

Add a separate restorecon(8) call for /run/user as post-transaction
scriptlet for the SELinux subpackage.

Reported-by: Max Chernoff <git@maxchernoff.ca>
Link: https://bugs.passt.top/show_bug.cgi?id=81
Link: https://github.com/containers/podman/discussions/26100#discussioncomment-13088518
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Tested-by: Max Chernoff <git@maxchernoff.ca>
This commit is contained in:
Stefano Brivio 2025-05-22 23:04:15 +02:00
commit e019323538

View file

@ -102,6 +102,12 @@ fi
%posttrans selinux
%selinux_relabel_post -s %{selinuxtype}
# %selinux_relabel_post calls fixfiles(8) with the previous file_contexts file
# (see selabel_file(5)) in order to restore only the file contexts which
# actually changed. However, as file_contexts doesn't support %{USERID}
# substitutions, this will not work for specific file contexts that pasta needs
# to have under /run/user. Restore those explicitly.
restorecon -R /run/user
%files
%license LICENSES/{GPL-2.0-or-later.txt,BSD-3-Clause.txt}