From 792e3398443fbf47033a25c0bfd373f0f61e315b Mon Sep 17 00:00:00 2001
From: Gerald Pinder <4626052+gmpinder@users.noreply.github.com>
Date: Sun, 25 Jun 2023 17:40:58 -0400
Subject: [PATCH] Add SELinux policy for docker sock

---
 recipe-desktop.yml                       |  3 +++
 scripts/post/setup-selinux-dockersock.sh | 15 +++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 scripts/post/setup-selinux-dockersock.sh

diff --git a/recipe-desktop.yml b/recipe-desktop.yml
index 7940641..379996f 100644
--- a/recipe-desktop.yml
+++ b/recipe-desktop.yml
@@ -23,6 +23,9 @@ rpm:
     # apps and binaries require it, so it's a good idea to always include it
     # if you ever download or compile any custom software on your machine.
     - libadwaita
+    - policycoreutils
+    - policycoreutils-python
+    - checkpolicy
     - code
     - cronie
     - neofetch
diff --git a/scripts/post/setup-selinux-dockersock.sh b/scripts/post/setup-selinux-dockersock.sh
new file mode 100644
index 0000000..f76c01a
--- /dev/null
+++ b/scripts/post/setup-selinux-dockersock.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+# https://docs.gitlab.com/runner/install/docker.html#selinux
+
+set -euo pipefail
+
+git clone https://github.com/dpw/selinux-dockersock.git /tmp/selinux-dockersock
+
+pushd /tmp/selinux-dockersock
+
+make dockersock.pp
+
+semodule -i dockersock.pp
+
+popd
\ No newline at end of file