install selinux in a store

Dockerfile

@@ -34,12 +34,18 @@ RUN dnf install -y ${KERNEL} ${KERNEL}-devel-matched
 
 RUN dnf remove -y kernel kernel-core kernel-modules kernel-modules-core kernel-modules-extra kernel-tools kernel-tools-libs
 
-# Install Negativo17 Nvidia driver
-RUN dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver
+# Install Negativo17 Nvidia driver, waydroid and SELinux rules
+RUN dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver waydroid && \
+    mkdir -p /tmp/selinux-store && \
+    semodule --store=/tmp/selinux-store -B && \
+    semodule --store=/tmp/selinux-store -i /usr/share/selinux/targeted/waydroid.pp && \
+    semodule --store=/tmp/selinux-store -i /usr/share/selinux/packages/targeted/nvidia-driver.pp.bz2 && \
+    cp -r /tmp/selinux-store/* /etc/selinux/targeted/ && \
+    rm -rf /tmp/selinux-store
 
 RUN dkms install nvidia/$(ls /usr/src/ | grep nvidia- | cut -d- -f2-) -k $(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" ${KERNEL})
 
-RUN dnf install -y waydroid scx-scheds
+RUN dnf install -y scx-scheds
 
 # Remove plocate to avoid updatedb going crazy with scanning the file system once a day
 RUN dnf remove -y plocate
@@ -88,8 +94,6 @@ RUN dnf install rclone -y
 
 RUN dnf install https://github.com/trapexit/mergerfs/releases/download/2.41.1/mergerfs-2.41.1-1.el10.x86_64.rpm -y
 
-RUN semodule -i /usr/share/selinux/targeted/waydroid.pp
-
 RUN systemctl enable docker
 RUN systemctl enable scx_loader