Compare commits

..

No commits in common. "b8c1977874f0c75e3ff3d7dca8f12a1177398574" and "73798e518eeae368f871f00197cd175fba0cf390" have entirely different histories.

2 changed files with 20 additions and 0 deletions

View file

@ -29,6 +29,14 @@ RUN dnf install --allowerasing -y sonic-keybind-daemon sonic-frameworks-windowsy
RUN dnf remove -y sddm && \
dnf install --allowerasing -y sonic-login-manager
RUN dnf install -y selinux-policy-devel checkpolicy
COPY selinux/plasmalogin-selinux.te /tmp/plasmalogin-selinux.te
RUN checkmodule -M -m -o /tmp/plasmalogin-selinux.mod /tmp/plasmalogin-selinux.te && \
semodule_package -o /tmp/plasmalogin-selinux.pp -m /tmp/plasmalogin-selinux.mod && \
semodule -i /tmp/plasmalogin-selinux.pp && \
rm -f /tmp/plasmalogin-selinux.*
RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop firefox
# Remove plocate to avoid updatedb going crazy with scanning the file system once a day

View file

@ -0,0 +1,12 @@
module plasmalogin-selinux 1.0;
require {
type unconfined_t;
type xdm_exec_t;
class file { entrypoint execute };
}
# Allow the plasmalogin process to execute the X11 user helper binary
# which is labeled as xdm_exec_t. This is needed when the plasmalogin
# daemon is not running in the xdm_t domain on SELinux enforcing systems.
allow unconfined_t xdm_exec_t:file { entrypoint execute };