From 46069ff630097d8add12f452f523cf69bddb1c81 Mon Sep 17 00:00:00 2001
From: Ben Radey <benjamin.radey+gpg@gmail.com>
Date: Sat, 11 Oct 2025 15:10:44 -0400
Subject: [PATCH] Removing unnecessary selinux stuff

---
 f42-server/Containerfile              | 18 ++----------------
 f42-server/benZfsSnapshotAutomount.te | 24 ------------------------
 f42-server/synapse.te                 | 14 --------------
 3 files changed, 2 insertions(+), 54 deletions(-)
 delete mode 100644 f42-server/benZfsSnapshotAutomount.te
 delete mode 100644 f42-server/synapse.te

diff --git a/f42-server/Containerfile b/f42-server/Containerfile
index c8a10fc..063818b 100644
--- a/f42-server/Containerfile
+++ b/f42-server/Containerfile
@@ -14,21 +14,6 @@ FROM quay.io/fedora/fedora-silverblue:42
 
 COPY --from=builder /gocryptfs/gocryptfs /usr/bin/gocryptfs
 
-# Set up custom SELinux policies
-#COPY synapse.te /tmp/synapse.te
-#COPY benZfsSnapshotAutomount.te /tmp/benZfsSnapshotAutomount.te
-#RUN checkmodule -M -m -o /tmp/synapse.mod /tmp/synapse.te \
-#    && semodule_package -o /tmp/synapse.pp -m /tmp/synapse.mod \
-#    && semodule -r synapse || true \
-#    && semodule -i /tmp/synapse.pp \
-#    && rm -f /tmp/synapse.{te,mod,pp} \
-#    && checkmodule -M -m -o /tmp/benZfsSnapshotAutomount.mod /tmp/benZfsSnapshotAutomount.te \
-#    && semodule_package -o /tmp/benZfsSnapshotAutomount.pp -m /tmp/benZfsSnapshotAutomount.mod \
-#    && semodule -r benZfsSnapshotAutomount || true \
-#    && semodule -i /tmp/benZfsSnapshotAutomount.pp \
-#    && rm -f /tmp/benZfsSnapshotAutomount.{te,mod,pp}
-
-
 # Install ZFS repository
 RUN dnf install -y https://github.com/zfsonlinux/zfsonlinux.github.com/raw/master/fedora/zfs-release-2-8$(rpm --eval "%{dist}").noarch.rpm && \
     # cleanup and verification stage
@@ -89,7 +74,8 @@ RUN dnf install -y \
     stress-ng \
     telnet \
     vim \
-    zrepl-v0.6.0-1.x86_64
+    zrepl-v0.6.0-1.x86_64 \
+    && dnf clean all
 
 # Cleanup image for linting
 RUN test -f /usr/lib/sysusers.d/libvirt.conf || echo -e 'g libvirt 963' > /usr/lib/sysusers.d/libvirt.conf && \
diff --git a/f42-server/benZfsSnapshotAutomount.te b/f42-server/benZfsSnapshotAutomount.te
deleted file mode 100644
index 632aef7..0000000
--- a/f42-server/benZfsSnapshotAutomount.te
+++ /dev/null
@@ -1,24 +0,0 @@
-module benZfsSnapshotAutomount 1.1;
-
-require {
-	type container_file_t;
-	type device_t;
-	type fs_t;
-	type kernel_generic_helper_t;
-	type mount_exec_t;
-	type unlabeled_t;
-	class capability { setgid setuid sys_admin };
-	class chr_file { ioctl open read write };
-	class dir { mounton search };
-	class file { execute open read execute_no_trans map getattr };
-	class filesystem mount;
-}
-
-#============= kernel_generic_helper_t ==============
-allow kernel_generic_helper_t container_file_t:dir search;
-allow kernel_generic_helper_t device_t:chr_file { ioctl open read write };
-allow kernel_generic_helper_t fs_t:filesystem mount;
-allow kernel_generic_helper_t mount_exec_t:file { execute open read execute_no_trans map getattr };
-allow kernel_generic_helper_t self:capability { setgid setuid sys_admin };
-allow kernel_generic_helper_t unlabeled_t:dir { mounton search };
-
diff --git a/f42-server/synapse.te b/f42-server/synapse.te
deleted file mode 100644
index 28831d0..0000000
--- a/f42-server/synapse.te
+++ /dev/null
@@ -1,14 +0,0 @@
-
-module synapse 1.1;
-
-require {
-	type httpd_t;
-	type unreserved_port_t;
-	class tcp_socket name_bind;
-}
-
-#============= httpd_t ==============
-
-#!!!! This avc can be allowed using the boolean 'nis_enabled'
-allow httpd_t unreserved_port_t:tcp_socket name_bind;
-