Gnome 47 Persistent Remote Desktop session conflicts with SELinux

[RPGFSjosh]

Describe the bug

After rebasing to bluefin-dx:41, attempting to access the persistent remote headless desktop session results in a black screen.

What did you expect to happen?

I expected to get a full remote session.

Output of rpm-ostree status

Deployments:
● ostree-image-signed:docker://ghcr.io/ublue-os/bluefin-dx:41
                   Digest: sha256:c78098caf0ceb463640afc8caead9b0a7b4862deabf131a95f8bd6f740eb63b1
                  Version: 41.20241028.0 (2024-10-28T04:44:51Z)
          LayeredPackages: thunar tumbler

  ostree-image-signed:docker://ghcr.io/ublue-os/bluefin-dx:latest
                   Digest: sha256:4072d44e95c70eadca4d754432baff0d58729c3f197676b64274944e59cdb1a6
                  Version: 40.20241011.0 (2024-10-12T22:01:46Z)
          LayeredPackages: thunar tumbler

Output of groups

No response

Extra information or context

This is an issue with SELinux. Changing SELinux to "permissive" solves this issue, but is obviously untenable.

A user on the Fedora discourse forums wrote an SELinux module that allows the session to work: https://discussion.fedoraproject.org/t/gnome-remote-desktop-with-selinux-enforced/115832/8?replies_to_post_number=9

I have tested it and can confirm that it works like a dream. Would this be possible to add to the Bluefin/Bazzite-Gnome projects so that others don't encounter this issue?

[fiftydinar]

This might be useful to add to main images even.

But it would be also good to notify Fedora folks about this. https://github.com/fedora-selinux/selinux-policy

[Malix-Labs]

It indeed is an issue for https://github.com/fedora-selinux/selinux-policy instead

[mweissdigchg]

I am experiencing the same issue on Bluefin-dx 40 gts. Only after setting setenforce 0 I can connect via RDP. As I am actually testing some GNOME distros, I also installed Fedora Silverblue 41 yesterday and it worked out-of-the-box, so this seems to be Bluefin specific.