Building synapse SELinux policy into the image

f42-server/Containerfile

@@ -14,6 +14,13 @@ FROM quay.io/fedora/fedora-silverblue:42
 
 COPY --from=builder /gocryptfs/gocryptfs /usr/bin/gocryptfs
 
+# Set up Synapse SELinux policy
+COPY synapse.te /tmp/synapse.te
+RUN checkmodule -M -m -o /tmp/synapse.mod /tmp/synapse.te \
+    && semodule_package -o /tmp/synapse.pp -m /tmp/synapse.mod \
+    && semodule -i /tmp/synapse.pp \
+    && rm -f /tmp/synapse.{te,mod,pp}
+
 # Install ZFS repository
 RUN rpm-ostree install https://github.com/zfsonlinux/zfsonlinux.github.com/raw/master/fedora/zfs-release-2-8$(rpm --eval "%{dist}").noarch.rpm && \
     # cleanup and verification stage