From 160666462a6aa557189dea7475961ba1ee534a11 Mon Sep 17 00:00:00 2001 From: Kyle Gospodnetich Date: Sun, 31 Dec 2023 18:36:13 -0800 Subject: [PATCH] fix: Correct labels on waydroid for selinux (#639) --- Containerfile | 1 + .../system/gamescope-workaround.service | 2 +- .../system/waydroid-workaround.service | 20 +++++++++++++++++++ .../lib/tmpfiles.d/waydroid-workaround.conf | 1 + 4 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 system_files/desktop/shared/usr/lib/systemd/system/waydroid-workaround.service create mode 100644 system_files/desktop/shared/usr/lib/tmpfiles.d/waydroid-workaround.conf diff --git a/Containerfile b/Containerfile index 882883ea..06911cbd 100644 --- a/Containerfile +++ b/Containerfile @@ -422,6 +422,7 @@ RUN /tmp/image-info.sh && \ systemctl disable rpm-ostreed-automatic.timer && \ systemctl enable ublue-update.timer && \ systemctl enable gamescope-workaround.service && \ + systemctl enable waydroid-workaround.service && \ systemctl enable bazzite-hardware-setup.service && \ systemctl enable tailscaled.service && \ systemctl enable dev-hugepages1G.mount && \ diff --git a/system_files/desktop/shared/usr/lib/systemd/system/gamescope-workaround.service b/system_files/desktop/shared/usr/lib/systemd/system/gamescope-workaround.service index 0c6175a0..40fa64c7 100644 --- a/system_files/desktop/shared/usr/lib/systemd/system/gamescope-workaround.service +++ b/system_files/desktop/shared/usr/lib/systemd/system/gamescope-workaround.service @@ -5,7 +5,7 @@ After=local-fs.target [Service] Type=oneshot -# Copy if it doens't exist +# Copy if it doesn't exist ExecStartPre=/usr/bin/bash -c "[ -x /usr/local/bin/.gamescope ] || /usr/bin/cp /usr/bin/gamescope /usr/local/bin/.gamescope" # This is faster than using .mount unit. Also allows for the previous line/cleanup ExecStartPre=/usr/bin/mount --bind /usr/local/bin/.gamescope /usr/bin/gamescope diff --git a/system_files/desktop/shared/usr/lib/systemd/system/waydroid-workaround.service b/system_files/desktop/shared/usr/lib/systemd/system/waydroid-workaround.service new file mode 100644 index 00000000..57555687 --- /dev/null +++ b/system_files/desktop/shared/usr/lib/systemd/system/waydroid-workaround.service @@ -0,0 +1,20 @@ +[Unit] +Description=Workaround waydroid not having the correct label +ConditionPathExists=/usr/lib/waydroid +After=local-fs.target + +[Service] +Type=oneshot +# Copy if it doesn't exist +ExecStartPre=/usr/bin/bash -c "[ -d /usr/local/lib/.waydroid ] || /usr/bin/cp -r /usr/lib/waydroid /usr/local/lib/.waydroid" +# This is faster than using .mount unit. Also allows for the previous line/cleanup +ExecStartPre=/usr/bin/mount --bind /usr/local/lib/.waydroid /usr/lib/waydroid +# Fix SELinux label +ExecStart=/usr/sbin/restorecon /usr/lib/waydroid +# Clean-up after ourselves +ExecStop=/usr/bin/umount /usr/lib/waydroid +ExecStop=/usr/bin/rm -r /usr/local/lib/.waydroid +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/system_files/desktop/shared/usr/lib/tmpfiles.d/waydroid-workaround.conf b/system_files/desktop/shared/usr/lib/tmpfiles.d/waydroid-workaround.conf new file mode 100644 index 00000000..94e42c44 --- /dev/null +++ b/system_files/desktop/shared/usr/lib/tmpfiles.d/waydroid-workaround.conf @@ -0,0 +1 @@ +C /usr/local/lib/.waydroid - - - - /usr/lib/waydroid