Re: [PATCH v2] contrib/selinux: use regex instead of SELinux template

Hi Danish, On Thu, 2025-10-30 at 16:19 +0530, Danish Prakash wrote:

It might be possible to avoid using SELinux template (%USERID), and instead using regex to match user ids. This would allow discarding the explicit restorecon call while during package builds[1].

Original suggestion from cathy.hu@suse.com:

...

running restorecon would be unnecessary if the passt upstream selinux module would not use ${USERID} in pasta.fc (gets converted to [0-9]+ anyway)

[1] - https://passt.top/passt/commit/?id=e019323538699967c155c29411545223dadfc0f5

Signed-off-by: Danish Prakash --- contrib/fedora/passt.spec | 11 ----------- contrib/selinux/pasta.fc | 12 ++++++------ 2 files changed, 6 insertions(+), 17 deletions(-) [...]

I've built and installed an RPM with this patch, and I can confirm that everything works as expected. Plus, this new implementation seems much cleaner than the previous one, so this patch LGTM. Thanks, -- Max