From 6ecad0c5c4192448848dd0710e09a9b2eff693ba Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 16:36:09 -0300 Subject: [PATCH 1/2] Revert "SE policy test" This reverts commit 73798e518eeae368f871f00197cd175fba0cf390. --- Dockerfile | 10 +--------- selinux/plasmalogin-selinux.te | 12 ------------ 2 files changed, 1 insertion(+), 21 deletions(-) delete mode 100644 selinux/plasmalogin-selinux.te diff --git a/Dockerfile b/Dockerfile index 734aa27..badf0a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlib # This may be necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware -RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y +RUN dnf install xorg-x11-xinit xorg-x11-xinit-session xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y RUN dnf install --allowerasing -y \ sonic-workspace \ @@ -29,14 +29,6 @@ RUN dnf install --allowerasing -y sonic-keybind-daemon sonic-frameworks-windowsy RUN dnf remove -y sddm && \ dnf install --allowerasing -y sonic-login-manager -RUN dnf install -y selinux-policy-devel checkpolicy - -COPY selinux/plasmalogin-selinux.te /tmp/plasmalogin-selinux.te -RUN checkmodule -M -m -o /tmp/plasmalogin-selinux.mod /tmp/plasmalogin-selinux.te && \ - semodule_package -o /tmp/plasmalogin-selinux.pp -m /tmp/plasmalogin-selinux.mod && \ - semodule -i /tmp/plasmalogin-selinux.pp && \ - rm -f /tmp/plasmalogin-selinux.* - RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop firefox # Remove plocate to avoid updatedb going crazy with scanning the file system once a day diff --git a/selinux/plasmalogin-selinux.te b/selinux/plasmalogin-selinux.te deleted file mode 100644 index 2acbf27..0000000 --- a/selinux/plasmalogin-selinux.te +++ /dev/null @@ -1,12 +0,0 @@ -module plasmalogin-selinux 1.0; - -require { - type unconfined_t; - type xdm_exec_t; - class file { entrypoint execute }; -} - -# Allow the plasmalogin process to execute the X11 user helper binary -# which is labeled as xdm_exec_t. This is needed when the plasmalogin -# daemon is not running in the xdm_t domain on SELinux enforcing systems. -allow unconfined_t xdm_exec_t:file { entrypoint execute }; From b8c1977874f0c75e3ff3d7dca8f12a1177398574 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 16:36:26 -0300 Subject: [PATCH 2/2] Revert "add xorg-x11-xinit-session" This reverts commit 01cb23083bc442e73049cbf5e11016f91ab582a3. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index badf0a5..e7fe801 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlib # This may be necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware -RUN dnf install xorg-x11-xinit xorg-x11-xinit-session xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y +RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y RUN dnf install --allowerasing -y \ sonic-workspace \