Hey, recently had to figure out how to do this for creating a custom wayland session(just a script and a desktop file). I thought it might be useful to document a few things that will be necessary for using cosmic without disabling selinux.
the desktop file under wayland sessions needs to have the label system_u:object_r:usr_t:s0, this can be set permanently with
sudo semanage fcontext -a -s system_u -t usr_t /usr/share/wayland-sessions/cosmic.desktop
#then to apply it immediately
sudo restorecon /usr/share/wayland-sessions/cosmic.desktop
note the -a flag might result in an error if the file(s) are already labeled.
Hey, recently had to figure out how to do this for creating a custom wayland session(just a script and a desktop file). I thought it might be useful to document a few things that will be necessary for using cosmic without disabling selinux.
the desktop file under wayland sessions needs to have the label
system_u:object_r:usr_t:s0, this can be set permanently withnote the
-aflag might result in an error if the file(s) are already labeled.I'm not sure what the required label is for the systemd-sysext, but I imagine that since it's sort of an overlay, it should have the same label as the directory it's overlaying. you can copy the label from another file or directory in selinux like this:
a useful check when figuring out the label for a directory or file would be the
-Zflag forlswhich will adds selinux info to the normal output.you can also just set it to selinux to permissive and monitor the logs