From bf6c8088a97f312cd4b6487164f00d1c072c8d76 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 14:19:13 -0300 Subject: [PATCH 1/6] try to fix crash when logging in --- Dockerfile | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 43b4b9b..349ef08 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,14 +7,15 @@ RUN dnf install -y alsa-sof-firmware RUN dnf install --nogpgcheck -y https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm -RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/andersrh/sonicDE/repo/rhel+epel-10/andersrh-sonicDE-rhel+epel-10.repo -y +RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/SonicDE/SonicDE-EL10/repo/rhel+epel-10/group_SonicDE-SonicDE-EL10-rhel+epel-10.repo -y RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlibre/xlibre-xserver/repo/rhel+epel-10/group_xlibre-xlibre-xserver-rhel+epel-10.repo -y -RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/skip77/MateDesktop-EL10/repo/rhel+epel-10/skip77-MateDesktop-EL10-rhel+epel-10.repo -y -RUN dnf config-manager --add-repo https://pc-rytteren.dk/forge/api/packages/anders/rpm.repo -y -RUN rpm -e --nodeps plasma-workspace-libs plasma-workspace libplasma \ - kwin kwin-common kwin-libs kscreenlocker plasma-desktop sddm-wayland-plasma && \ - dnf install --allowerasing --nogpgcheck -y \ +# This may be necessary for the speakers and internal microphone +RUN dnf install -y alsa-sof-firmware + +RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston redshift xrandr -y + +RUN dnf install --allowerasing -y \ sonic-workspace \ sonic-workspace-libs \ sonic-workspace-common \ @@ -23,10 +24,10 @@ RUN rpm -e --nodeps plasma-workspace-libs plasma-workspace libplasma \ sonic-desktop-interface \ sonic-interface-libraries -RUN dnf install --allowerasing --nogpgcheck -y sonic-keybind-daemon sonic-frameworks-windowsystem sonic-system-info sonic-screen sonic-screen-library sonic-sysguard-library +RUN dnf install --allowerasing -y sonic-keybind-daemon sonic-frameworks-windowsystem sonic-system-info sonic-screen sonic-screen-library sonic-sysguard-library RUN dnf remove -y sddm && \ - dnf install --allowerasing --nogpgcheck -y sonic-login-manager + dnf install --allowerasing -y sonic-login-manager RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop firefox @@ -54,10 +55,6 @@ RUN dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docke RUN rm -f /usr/lib64/libopenh264.so.2.4.1 /usr/lib64/libopenh264.so.7 RUN rpm -Uvh --nodeps https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/o/openh264-2.5.1-1.fc42.x86_64.rpm https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/m/mozilla-openh264-2.5.1-1.fc42.x86_64.rpm -RUN dnf install xlibre-xserver-Xorg xlibre-xserver-devel xinput meson gcc cmake libX11-devel libXext-devel libXft-devel libXinerama-devel xorg-x11-proto-devel libxshmfence-devel libxkbfile-devel libbsd-devel libXfont2-devel xkbcomp libfontenc-devel libXres-devel libXdmcp-devel dbus-devel systemd-devel libudev-devel libxcvt-devel libdrm-devel libXv-devel libseat-devel libXv-devel xkbcomp xkeyboard-config-devel mesa-libGL-devel mesa-libEGL-devel libepoxy-devel mesa-libgbm-devel libdrm-devel xcb-util-devel xcb-util-image-devel xcb-util-keysyms-devel xcb-util-wm-devel xcb-util-renderutil-devel openssl-devel libXau-devel libXdmcp-devel libSM-devel libICE-devel startup-notification-devel libgtop2-devel libepoxy-devel libgudev-devel libwnck3-devel.x86_64 libdisplay-info-devel.x86_64 libnotify-devel.x86_64 upower-devel.x86_64 iceauth libICE-devel libSM-devel libXpresent-devel libyaml-devel vte291-devel gtk3-devel xorg-x11-xinit xlibre-xf86-input-libinput-devel xlibre-xf86-input-libinput \ - libXScrnSaver-devel libxklavier-devel pam-devel gcc-c++ dbus-glib-devel libtool gettext-devel gstreamer1-devel sqlite-devel pavucontrol pulseaudio-libs-devel weston network-manager-applet -y - - # Install VLC RUN dnf install vlc vlc-plugins-freeworld vlc-plugin-pipewire -y From 5ed5474c79868a06746a4e8c3c8c9a08d0797db9 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 14:24:36 -0300 Subject: [PATCH 2/6] remove redshift --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 349ef08..e7fe801 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlib # This may be necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware -RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston redshift xrandr -y +RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y RUN dnf install --allowerasing -y \ sonic-workspace \ From 01cb23083bc442e73049cbf5e11016f91ab582a3 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 15:44:47 -0300 Subject: [PATCH 3/6] add xorg-x11-xinit-session --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e7fe801..badf0a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlib # This may be necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware -RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y +RUN dnf install xorg-x11-xinit xorg-x11-xinit-session xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y RUN dnf install --allowerasing -y \ sonic-workspace \ From 73798e518eeae368f871f00197cd175fba0cf390 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 16:00:30 -0300 Subject: [PATCH 4/6] SE policy test --- Dockerfile | 10 +++++++++- selinux/plasmalogin-selinux.te | 12 ++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 selinux/plasmalogin-selinux.te diff --git a/Dockerfile b/Dockerfile index badf0a5..734aa27 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlib # This may be necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware -RUN dnf install xorg-x11-xinit xorg-x11-xinit-session xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y +RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y RUN dnf install --allowerasing -y \ sonic-workspace \ @@ -29,6 +29,14 @@ RUN dnf install --allowerasing -y sonic-keybind-daemon sonic-frameworks-windowsy RUN dnf remove -y sddm && \ dnf install --allowerasing -y sonic-login-manager +RUN dnf install -y selinux-policy-devel checkpolicy + +COPY selinux/plasmalogin-selinux.te /tmp/plasmalogin-selinux.te +RUN checkmodule -M -m -o /tmp/plasmalogin-selinux.mod /tmp/plasmalogin-selinux.te && \ + semodule_package -o /tmp/plasmalogin-selinux.pp -m /tmp/plasmalogin-selinux.mod && \ + semodule -i /tmp/plasmalogin-selinux.pp && \ + rm -f /tmp/plasmalogin-selinux.* + RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop firefox # Remove plocate to avoid updatedb going crazy with scanning the file system once a day diff --git a/selinux/plasmalogin-selinux.te b/selinux/plasmalogin-selinux.te new file mode 100644 index 0000000..2acbf27 --- /dev/null +++ b/selinux/plasmalogin-selinux.te @@ -0,0 +1,12 @@ +module plasmalogin-selinux 1.0; + +require { + type unconfined_t; + type xdm_exec_t; + class file { entrypoint execute }; +} + +# Allow the plasmalogin process to execute the X11 user helper binary +# which is labeled as xdm_exec_t. This is needed when the plasmalogin +# daemon is not running in the xdm_t domain on SELinux enforcing systems. +allow unconfined_t xdm_exec_t:file { entrypoint execute }; From 6ecad0c5c4192448848dd0710e09a9b2eff693ba Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 16:36:09 -0300 Subject: [PATCH 5/6] Revert "SE policy test" This reverts commit 73798e518eeae368f871f00197cd175fba0cf390. --- Dockerfile | 10 +--------- selinux/plasmalogin-selinux.te | 12 ------------ 2 files changed, 1 insertion(+), 21 deletions(-) delete mode 100644 selinux/plasmalogin-selinux.te diff --git a/Dockerfile b/Dockerfile index 734aa27..badf0a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlib # This may be necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware -RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y +RUN dnf install xorg-x11-xinit xorg-x11-xinit-session xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y RUN dnf install --allowerasing -y \ sonic-workspace \ @@ -29,14 +29,6 @@ RUN dnf install --allowerasing -y sonic-keybind-daemon sonic-frameworks-windowsy RUN dnf remove -y sddm && \ dnf install --allowerasing -y sonic-login-manager -RUN dnf install -y selinux-policy-devel checkpolicy - -COPY selinux/plasmalogin-selinux.te /tmp/plasmalogin-selinux.te -RUN checkmodule -M -m -o /tmp/plasmalogin-selinux.mod /tmp/plasmalogin-selinux.te && \ - semodule_package -o /tmp/plasmalogin-selinux.pp -m /tmp/plasmalogin-selinux.mod && \ - semodule -i /tmp/plasmalogin-selinux.pp && \ - rm -f /tmp/plasmalogin-selinux.* - RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop firefox # Remove plocate to avoid updatedb going crazy with scanning the file system once a day diff --git a/selinux/plasmalogin-selinux.te b/selinux/plasmalogin-selinux.te deleted file mode 100644 index 2acbf27..0000000 --- a/selinux/plasmalogin-selinux.te +++ /dev/null @@ -1,12 +0,0 @@ -module plasmalogin-selinux 1.0; - -require { - type unconfined_t; - type xdm_exec_t; - class file { entrypoint execute }; -} - -# Allow the plasmalogin process to execute the X11 user helper binary -# which is labeled as xdm_exec_t. This is needed when the plasmalogin -# daemon is not running in the xdm_t domain on SELinux enforcing systems. -allow unconfined_t xdm_exec_t:file { entrypoint execute }; From b8c1977874f0c75e3ff3d7dca8f12a1177398574 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 16:36:26 -0300 Subject: [PATCH 6/6] Revert "add xorg-x11-xinit-session" This reverts commit 01cb23083bc442e73049cbf5e11016f91ab582a3. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index badf0a5..e7fe801 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlib # This may be necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware -RUN dnf install xorg-x11-xinit xorg-x11-xinit-session xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y +RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y RUN dnf install --allowerasing -y \ sonic-workspace \