From eea1c24ec46a400052934b67d55d09e30fbab835 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Sun, 10 May 2026 14:53:53 -0300 Subject: [PATCH 1/7] fix Waydroid SELinux rules --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 6700c79..4ca55c8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -88,6 +88,9 @@ RUN dnf install rclone -y RUN dnf install https://github.com/trapexit/mergerfs/releases/download/2.41.1/mergerfs-2.41.1-1.el10.x86_64.rpm -y +RUN semodule -B +RUN semodule -i /usr/share/selinux/targeted/waydroid.pp + RUN systemctl enable docker RUN systemctl enable scx_loader From bc529db80fa390ccfabaffb71c82b2c8e86bc45a Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Sun, 10 May 2026 17:13:32 -0300 Subject: [PATCH 2/7] semodule -B fails --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4ca55c8..0784c56 100644 --- a/Dockerfile +++ b/Dockerfile @@ -88,7 +88,6 @@ RUN dnf install rclone -y RUN dnf install https://github.com/trapexit/mergerfs/releases/download/2.41.1/mergerfs-2.41.1-1.el10.x86_64.rpm -y -RUN semodule -B RUN semodule -i /usr/share/selinux/targeted/waydroid.pp RUN systemctl enable docker From 1426a4497ed43a458e86341454563a8b65dfe4a0 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Sun, 10 May 2026 18:12:12 -0300 Subject: [PATCH 3/7] install selinux in a store --- Dockerfile | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0784c56..77ab314 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,12 +34,18 @@ RUN dnf install -y ${KERNEL} ${KERNEL}-devel-matched RUN dnf remove -y kernel kernel-core kernel-modules kernel-modules-core kernel-modules-extra kernel-tools kernel-tools-libs -# Install Negativo17 Nvidia driver -RUN dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver +# Install Negativo17 Nvidia driver, waydroid and SELinux rules +RUN dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver waydroid && \ + mkdir -p /tmp/selinux-store && \ + semodule --store=/tmp/selinux-store -B && \ + semodule --store=/tmp/selinux-store -i /usr/share/selinux/targeted/waydroid.pp && \ + semodule --store=/tmp/selinux-store -i /usr/share/selinux/packages/targeted/nvidia-driver.pp.bz2 && \ + cp -r /tmp/selinux-store/* /etc/selinux/targeted/ && \ + rm -rf /tmp/selinux-store RUN dkms install nvidia/$(ls /usr/src/ | grep nvidia- | cut -d- -f2-) -k $(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" ${KERNEL}) -RUN dnf install -y waydroid scx-scheds +RUN dnf install -y scx-scheds # Remove plocate to avoid updatedb going crazy with scanning the file system once a day RUN dnf remove -y plocate @@ -88,8 +94,6 @@ RUN dnf install rclone -y RUN dnf install https://github.com/trapexit/mergerfs/releases/download/2.41.1/mergerfs-2.41.1-1.el10.x86_64.rpm -y -RUN semodule -i /usr/share/selinux/targeted/waydroid.pp - RUN systemctl enable docker RUN systemctl enable scx_loader From 97483bbbc19b48b087a2e589c749f1c0d84450ef Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 13 May 2026 17:19:42 -0300 Subject: [PATCH 4/7] test without store --- Dockerfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 77ab314..8ddfe70 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,12 +36,12 @@ RUN dnf remove -y kernel kernel-core kernel-modules kernel-modules-core kernel-m # Install Negativo17 Nvidia driver, waydroid and SELinux rules RUN dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver waydroid && \ - mkdir -p /tmp/selinux-store && \ - semodule --store=/tmp/selinux-store -B && \ - semodule --store=/tmp/selinux-store -i /usr/share/selinux/targeted/waydroid.pp && \ - semodule --store=/tmp/selinux-store -i /usr/share/selinux/packages/targeted/nvidia-driver.pp.bz2 && \ - cp -r /tmp/selinux-store/* /etc/selinux/targeted/ && \ - rm -rf /tmp/selinux-store + rm -rf /etc/selinux/targeted/tmp /var/lib/selinux/targeted/tmp && \ + mkdir -p /etc/selinux/targeted/tmp && \ + semodule -B && \ + semodule -i /usr/share/selinux/targeted/waydroid.pp && \ + semodule -i /usr/share/selinux/packages/targeted/nvidia-driver.pp.bz2 && \ + rm -rf /etc/selinux/targeted/tmp RUN dkms install nvidia/$(ls /usr/src/ | grep nvidia- | cut -d- -f2-) -k $(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" ${KERNEL}) From edd3bcfc06d0f046400ce4404aa1124a9e99c181 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 13 May 2026 18:31:26 -0300 Subject: [PATCH 5/7] try something else --- Dockerfile | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8ddfe70..a320a46 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,13 +35,16 @@ RUN dnf install -y ${KERNEL} ${KERNEL}-devel-matched RUN dnf remove -y kernel kernel-core kernel-modules kernel-modules-core kernel-modules-extra kernel-tools kernel-tools-libs # Install Negativo17 Nvidia driver, waydroid and SELinux rules -RUN dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver waydroid && \ - rm -rf /etc/selinux/targeted/tmp /var/lib/selinux/targeted/tmp && \ - mkdir -p /etc/selinux/targeted/tmp && \ +# Dette kræver at du kører build med --privileged eller --cap-add SYS_ADMIN +# eller bruger Buildah's RUN --mount feature + +RUN --mount=type=tmpfs,target=/etc/selinux \ + dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver waydroid && \ semodule -B && \ semodule -i /usr/share/selinux/targeted/waydroid.pp && \ semodule -i /usr/share/selinux/packages/targeted/nvidia-driver.pp.bz2 && \ - rm -rf /etc/selinux/targeted/tmp + # Kopier resultatet ud fra tmpfs til overlay + cp -a /etc/selinux/* /etc/selinux/.. || true RUN dkms install nvidia/$(ls /usr/src/ | grep nvidia- | cut -d- -f2-) -k $(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" ${KERNEL}) From baa64439fa141486700a57710d31ac003511f2c4 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Thu, 14 May 2026 10:59:22 -0300 Subject: [PATCH 6/7] try something else again --- Dockerfile | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index a320a46..1115cc3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -38,13 +38,18 @@ RUN dnf remove -y kernel kernel-core kernel-modules kernel-modules-core kernel-m # Dette kræver at du kører build med --privileged eller --cap-add SYS_ADMIN # eller bruger Buildah's RUN --mount feature -RUN --mount=type=tmpfs,target=/etc/selinux \ - dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver waydroid && \ - semodule -B && \ - semodule -i /usr/share/selinux/targeted/waydroid.pp && \ - semodule -i /usr/share/selinux/packages/targeted/nvidia-driver.pp.bz2 && \ - # Kopier resultatet ud fra tmpfs til overlay - cp -a /etc/selinux/* /etc/selinux/.. || true +RUN dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver waydroid policycoreutils && \ + # Opret en tmpfs midlertidigt + mount -t tmpfs tmpfs /tmp/selinux-tmp && \ + mkdir -p /tmp/selinux-tmp/etc/selinux/targeted && \ + cp -r /etc/selinux/targeted/* /tmp/selinux-tmp/etc/selinux/targeted/ && \ + # Brug semodule på tmpfs + semodule -p /tmp/selinux-tmp/etc/selinux -B && \ + semodule -p /tmp/selinux-tmp/etc/selinux -i /usr/share/selinux/targeted/waydroid.pp && \ + semodule -p /tmp/selinux-tmp/etc/selinux -i /usr/share/selinux/packages/targeted/nvidia-driver.pp.bz2 && \ + # Kopier resultatet tilbage + cp -a /tmp/selinux-tmp/etc/selinux/targeted/* /etc/selinux/targeted/ && \ + umount /tmp/selinux-tmp RUN dkms install nvidia/$(ls /usr/src/ | grep nvidia- | cut -d- -f2-) -k $(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" ${KERNEL}) From 85f924ca2085ab28d60bcb4dd0a572d03d0fbffb Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Thu, 14 May 2026 12:33:34 -0300 Subject: [PATCH 7/7] mkdir af tmp mappe --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1115cc3..f40e3b9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,15 +39,13 @@ RUN dnf remove -y kernel kernel-core kernel-modules kernel-modules-core kernel-m # eller bruger Buildah's RUN --mount feature RUN dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver waydroid policycoreutils && \ - # Opret en tmpfs midlertidigt + mkdir -p /tmp/selinux-tmp && \ mount -t tmpfs tmpfs /tmp/selinux-tmp && \ mkdir -p /tmp/selinux-tmp/etc/selinux/targeted && \ cp -r /etc/selinux/targeted/* /tmp/selinux-tmp/etc/selinux/targeted/ && \ - # Brug semodule på tmpfs semodule -p /tmp/selinux-tmp/etc/selinux -B && \ semodule -p /tmp/selinux-tmp/etc/selinux -i /usr/share/selinux/targeted/waydroid.pp && \ semodule -p /tmp/selinux-tmp/etc/selinux -i /usr/share/selinux/packages/targeted/nvidia-driver.pp.bz2 && \ - # Kopier resultatet tilbage cp -a /tmp/selinux-tmp/etc/selinux/targeted/* /etc/selinux/targeted/ && \ umount /tmp/selinux-tmp