From 86450bfafbc5945c5cafd0b50ea07f1be8d60e08 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Wed, 26 Jun 2019 17:12:02 +0200
Subject: [PATCH] iii

---
 FedoraBook.te   |  29 +++++++++++++++++++++++++++--
 logo.bmp        | Bin 231482 -> 231482 bytes
 pkglist.txt     |   2 ++
 prepare-root.sh |   3 ++-
 4 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/FedoraBook.te b/FedoraBook.te
index 417589a..a720247 100644
--- a/FedoraBook.te
+++ b/FedoraBook.te
@@ -1,11 +1,15 @@
 module FedoraBook 1.0;
 
 require {
+	type policykit_auth_t;
+	type policykit_t;
+	type sssd_t;
 	type system_dbusd_var_run_t;
 	type iscsi_unit_file_t;
 	type etc_t;
 	type systemd_timedated_t;
 	type var_t;
+	type usr_t;
 	type NetworkManager_t;
 	type systemd_networkd_var_run_t;
 	type default_t;
@@ -28,13 +32,16 @@ require {
 	type init_var_run_t;
 	type svirt_t;
 	type user_home_dir_t;
+        type chkpwd_t;
+	type xdm_var_lib_t;
+	class sock_file { create write };
 	class file { create getattr map open read relabelfrom relabelto rename setattr unlink write };
 	class process { dyntransition setcurrent };
-	class dir { add_name create getattr read write search mounton };
+	class dir { add_name create getattr read write search mounton map };
 	class process2 nnp_transition;
 	class service { reload status stop };
 	class dbus send_msg;
-	class sock_file read;
+	class sock_file { read write };
 	class lnk_file { getattr read };
 }
 
@@ -87,6 +94,24 @@ allow useradd_t var_t:file { getattr open read write };
 allow xdm_t avahi_t:dbus send_msg;
 allow xdm_t getty_var_run_t:file getattr;
 allow xdm_t lib_t:service stop;
+allow xdm_t xdm_var_lib_t:dir map;
 
 #============= svirt_t ==============
 allow svirt_t user_home_dir_t:dir read;
+
+#============= chkpwd_t ==============
+allow chkpwd_t usr_t:file map;
+
+
+#============= policykit_auth_t ==============
+allow policykit_auth_t var_lib_t:file read;
+allow policykit_auth_t var_lib_t:sock_file write;
+
+#============= policykit_t ==============
+allow policykit_t var_lib_t:file read;
+allow policykit_t var_lib_t:sock_file write;
+
+#============= sssd_t ==============
+allow sssd_t var_lib_t:file read;
+allow sssd_t var_lib_t:sock_file { create write };
+
diff --git a/logo.bmp b/logo.bmp
index e16865a61bcb8f68cf1954ce31519602cb9c54ac..5e10b8cd3ce4e43d54b352f629f2f84dbb67f2a5 100644
GIT binary patch
literal 231482
zcmeI5OOoR{l0{V=9cD3U(|+EtCN-)_+gnD@dJ8?MrR0ukT1%(}<e&kP0Q@@K0gxen
z#JFiMpYU<`=UjlI6bj{E|Nh56J|6MUAOHDy{7-oN*I(wpe|daO<B$LQc>MFf9@F1{
zhmrXAuYddR|D7kt|NkF`>95DH$De=xe*6l5f5*SSem@?+LqGieJ^lR^yJ7s#M|cQ!
zk4N|~tcm{*eXb`z?w`}n&vXd+KN27T5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq5+DH*
zAOR8}0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}
z0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq
z5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq5+DH*
zAOR8}0TLhq5+DH*AOR8}0TLhq5+DH*AOR9MgTTk<SNZe#JR=3h+>t;LcWzPQ9buo~
zTI>7u^?5=T47nG9THmiPUZwY<eY{^wUkZG@4tqs3^`*dj;Xd52t?$?2c`)EU1RQ;N
zleG`-!@WBC@(O*p68i-7^yL+LAKpiMeJ+3G+gOw4e35jt6g$V$3hx|_?vEz$#B24(
z(eW8?X96E6@Xpcb{%`_#iRJ-5T!5Vesw?!)(dhng0(gLV3w^i%I|t+e-Wl-O?s<UE
zR$$-wc!2pX^cLFB=Vv)4pP$cTp5~roG5HcHONx8_YwR7{r+Se&@pM1*G)TK|R!4PW
zmR%5?9<%i_(Q7pj#Sjc}h)@%UBpSKp_ssN8oa}Awu&5t>fkvt$A524dYQ4o9O}6T5
z$~&~993wZ8J5AKoEQLhH^#YX7c)th@gfDD%%y2sO%xrazMot*|zP<V|wqa;=iF0|Z
zuZCqVwp^BNv--JrvN!cbPpz14GIyD%P&5PxHTUH;uJ9PcCD%5?+1#`At&_B@+&u0y
zQKM+yVOi!Gb#CYroF}G+i?3<sMYfcyuSq&1H;21T)F_Pemy7lwqcUG#>JpFB*_&=O
z&8$S@0!v?XH1%|>AJVr4bBnJbe}05d#=viPO*oM{@^-y9&2TdIKEoeVU#log$W7sH
z6ZTDu2crU44D}R%LTzA5cA925nRP806i?bT_J8OF+Ct&OP}cC?krEiV<GLb*YBkMp
z(!4A$?o=krLP$sjzHQe=;oU(iYkee80m;mtkyekEnTp*~t9}xRj@2yz1io!YqL6JH
zAM&q`5K16j;6j&X%M6|Suc3o;bd!5-*c(se;zI)nS~Y_~egYJh(ObCZiFaI5T}@o9
zz^2SbUqe)ITnIgROCeWbO0eXv9a;Vt?0XA_1Q(=O0i`9JaMLn_RGW88(u=G~Kb?rc
zcWuf`^5;YLtY<3;&c6q<Sm8>`Vj63i4eKinu_ia}T_+@p@N5cQqh`c!op58(G=wWX
zD|y($3N(Y{TIW~p(&s~7bJk>x!QZq8%+y=UH4L!U_}c`I)K|vp@7Z?VZ$2wg#Ahen
z$MWP+2$ne6?n%dul`S*eUH)?^WT|SZ_iQ`uH=hM$@d;O6+G_n^wsnQ9v9yE})-5wg
zwh>+Wh`T^$?e7Ya#C@8w^y$ScFswGaB)9JN3N8%$p5Lkj7`TsiBb9()(*ikCZFV`i
z^6em8>gLum1D*Wy3wySzsoJw{DmRz_VzZh+N5eq+)(a>X3NGDb2HCp$g4JA;j9u+n
zH<cSq7-9k*t)K)I+VQ7z%|Bv);8K@e%M4O;^@Y2uIRPls4SmB2pgGrv5V2;QgT;2|
z41FOJqb89PR(HQ1=#?&9zz1P~J=i%Nu^cU2mMt?3pYm0%z$n>(SGC~AUAS%~E#Uf=
z0L>799WZk`$!A!O7B1A58HUHyvO}{bb1*NtYXf;DEpQZS$0?M;>?NPU3(kXE*=d<!
zcw1kzNuFWUUYJa8^yr*aKr9qe?_PqL(-E-HLQG(@Wd<ra_g8jJxDq4Yw+AfCtukE9
zaI?dTfsSB@)?xyiEi+UJGfQ4zec7DOa9VZCN5oZF;5d{Hm<BpxF<OfWY_`lWF;ibO
zDX#5fUFPrDf^#b0YX-(e_rL&V208*8T7y?%r6R}~{q$h!3pEJ~)ZLAa@!q@##LMLw
z-;c+qIaq>I3k(1$04w2K!WaPwgYSNH_;48bmBnI+8}*Qu1n$qk@#quw^_4Tg6m*am
zm0*Q=SuWr*468A72zk>^qhf$8H#@HB5|*0=eEL5?LNi3)*B4epdbn05hB0o_!-9bY
z{J<2Xz(sIC7BH{_BrHI0ee!ZPMl<PP;QV5GC?Yt<axuzHdUz>A7CtASWa$eA5*1AN
zKRZS<>0m%#*jy^R)*ObpN3R7EZ-(S%$5ps1CN9!IE<~5X%2*p6$n|jP2y?jY!21-t
zIggW0^vTUF{)gpiR_<oU3B62701#2Q(6ce38QQdSe!vGM>kR~+>&!9K+xJi?P$JZZ
zB*iRF)EWUqfCMwKV<Sd0@Sw7)*SFTHSAE{)0|UNsugwB4laeH^llRsU2FNd$=?iak
zgYyeZ^pAkSd%b+sw9XtOy?w94V)zbP9PP*i)WJEJS~}UH{H_w3A?Hrg?MsqMuD<kO
ztT*rVSRl%*gO*S|%Yj#QJVCf(7(d<<rm``ZDG@NKykwCAXVubZQ-a1IvZlqujUHMU
zW0^iIH6u8wZ?r>zxD0zCnJku_*!(Y};7hvjZI|iKB#fG^#loODVr}^TBmGj5v(yTY
zL6ByiRO%MRW?C3g8y9Pgn@HoR?#)u+sLa^*l1A_Nh#FZe@HD{P2!ix_3Y*dwyWR8a
z1)0YueU(QQe(LtCwpP92*Z_-$iJG$6>pg>up6bc)1?LyVGq1k5XHAng6w^p~q)?O%
z<U*~`aOr`4%mCM@U+R0o`9=TYu0WJOVk6Aow~3NeT1<tt_J9I~?qaWYiAzER=e(h>
zgcwJ4FP=nnXWTtUSGW+KbW)@{JR)m{MboIdKSFY~yz2Z0is(OIEYVS-jib637vorV
zmmJKGxM!WhamhROaIZTo6frHCLM8FSS7IeTC}$jnk(`8dRNkY;QQZrR!I^danDQ92
zN-4kXBl6M8rLsD^z&*mYKSW#6{;s~5ta~!C@*Fgke2+&&Z9G@bW%kVsiOsVc{o#49
zB4pI4z-*_lzGxF~&Qz}1TUwtU2e&~of6vF!A`zo~H=_Ril(j(84so{yIs_SA5pm6r
z>j9+JFKLhNg98c5Ek}KA@OY(kFVCa*EOwBcM&*{HzBXie21465nnuy`3Owbt=L-2W
z;GH!k5d{J5r`0(*d0N^#;jm)FmZQEVbtRhpYGz)kwnEF)47J0c$e#L|e8mZfP17a~
zqU{xciY<4AbP}lRJPJTjy*4CqTB7k4s)%{af7+>EA=fi<P?EK;xoR`CjbBqu`bft7
zSo<t@|J1jpQ@s;pnTWA;R*pL{7*V9MG|QHwzBQfUH}aOHt4_NSZv9YC-|~Y%>TA$l
zDOfoz6Zh7ODI?gHp{~9;CF)!A&2ScswFQo>wa3+4dR=|DIQ=ne%H7Gtv3~>*cjL{>
zS0TiJuk!j+{2;vnxmIt8?~=p}zw7OXtzUn+UBBX+NU85P0bYDL^}V=2-%OACeiPuu
zms8)13&iwDfCNZ@1W14cNPq-LfCNZ@1W14cNPq-LfCNZ@1W14cNPq-LfCNZ@1W14c
zNPq-LfCNZ@1W14cNPq-LfCNZ@1W14cNPq-LfCNZ@1W14cNPq-hKtO)YI{t<&dkcZj
z!S9fNff_G$k-h?-LJko4{5aw}7+<F^#T^h;nY@q0`pa)rA?$ht-r^8bT~EG&@yjdB
zEAxPg4U_&?`@Qa2bb}`z-iCH#Q&&F1>T6=h3ZfMfIN;lIH=NwK1oLEXBY~@4qc@hr
zWfg&q=WE|(RhAssOkiK7HhJG%3l|y$Hc7DOA|po*Z6|QG=V0DBZ`aaXd9AzXy<hi!
zhIinfAD=&I7hUOf@Q}Pu{jcPh`_>qQtvnQJaS{;KJHi<ped8@GA56ikH(q+{wCcL|
zd^TO_dm!EU31z@g7h3J(Q6=VxN(^&w{ul6+rOspS&tU919GxtUdgtA0OyKhNKe4(}
zpKqFvkXb_LB6|H<50&3Yysz}HcwhuGjb#fBFkdVO67YPcixH+}_Ntw&FdWu3v%|rp
z6OML!UWwg>!C)yLRWk>dDC!?=v0^Ni<N8*XNfgVw8cWR5lCvJG8dRRKn{qX#8bhAE
zLvMweQZ9oi<uW)>$7+4`lXcdpQFWfm#^*M2K8?mEeSLXH1YV$+=XZa7Q^9yEl`9(9
zOXX0UEAOgQ8(W~7%7{XJ&u4svBns_EJy+lK^Z+|CJ^8|5Rd*SX1&i8`ZQ=nb$w4b=
z1%sVVDI<$n3eH2Wlauw$0*g#@MPkg&KTMQz^UC8JtpxMj27OC$;%b`w=;yT@s5H*j
zH|L+l%-ZCUlC9m!E6!_-<(hP{%P>bXA0clrT!#BsjkEPlndWyhazXf<Y!<%^mL;bN
z+y@<VU9WFiQJvJO=7C*xy1w}eJ%8{a7c?$!*&?UOJNTiER9tJb;#{r>hhy*aV`NjE
zuWu@P-lDmnfxVe(&K~mO!y74;_G3!4Z6#+@AuDLe<?Z)3@RGlT8i=%9F9$5AT=L~L
zEXeJ_6EPQ)D4g~<Sn6th(}EQjGn6-79r36yoDR~rh?<|E^0TqZ*6E(6YYM!VzInSl
zh4+V-3{TZJZL&u$=Yd<RS4LTvfFJyb_}p~UadZvzL@sPFfL?!z>vOrU%&H8Yhg43+
zkR2S{NQrbFSL@p;V*u0Q0r$r;h=*ty9Pqi|9<WS2v_NTm@Ugt()d8~C^kAN^)_34(
zd8znhealnuln-XphnKkRC12NXKgG!+<vD1cudZ(V{t;T1BGF~=xbrJ+tU~O5)(TMK
z=5pA3LgnLiQ=Z;@HQvp;TA>FP4`=K9B`>i$$8JAy>*CnUpqt@rkn$Wf@1NiPtH`V9
zoA04Ve`+KdC2o7k*YzutX|z+Gc$yjuz90B{`mVk@8~5K`E-yA{NF=9zu)Y$wL^9Nt
z7kBCCu=e1AO!^LQ;q<zqT978Xcoqbh;4*mN{Z-0$id<FGs{&RZCaMTDnDJ_T^TyQ#
zQfxh5^%p}^U(9;3#KFp699VD<Sf=Hv@FfOrtYqXrrfSc7^mCIlxlB3OYP$=D#jp&M
zR}{#yv~ydpuNKDk>yGN>$M@aTU?PDXe+8H-0XOA_0~Jz6Q`d5k(~t|&VBh8X^P7?=
zk1}$<UDln|>gO0O62tKypQL&e_4I_)ztANI@&cV!!`ol!si5z2wZ1vtGXqfdwDILt
zshHy*B|bk{k?7chvLn!GDzNV*SxTU33|@++!M@A2`lg)|!xgEqpk^;GN;w|?DDnBZ
z3Vlb9a4H1?q{05%8|7_<;y~as24Aml&NjNv!3VAr31nWAJssajxilX^-^X*L#9UjE
zVilu8BK<~M_86y<S9!*oCB(_aLt5Lh&lybi1wm(-n9d$fYz%CB`TV<NI)JFuw1g;x
z299qzzrj!Vczpdmtx<L{I*`#ieam*571Mp8qth%a3X8*ABV5X}X-==dOvss6Esg%-
zfp@T#Q-?7OuQ|UZ{d59yz>)N0+)L;?a+VBz^92$BLdPv{h)<?D))?}+M&F!$@tiY(
zGTlzuA$j2$jgr5csip70zQ~AFS$-Tbqt@gu{2Egp9mpp5-lDI-lb`F;i5BS^&63=?
zEh9BOl(wQ&OxqZJX<lkH42_{;53PXP@;XL*i@q|o6j_eB?ZgbyKcgddsGIDPmtZ@x
z3Vt}gxENX&@<`@LWLlliQJ!=2#)&ohE<teP%mK$r$jP1Fz#0(A(#wUVEj)HXtPWdx
ztz!m(!6guSNH5HC7E@khyn}aBGl(iWQw)tJ4vvMx6i?N7AmRC96RTY=JGyWIMm0sD
z<LU+<6OtGvA6Jp*$`?i{rFGlEs&VX>Yf}2B%36X8aEV0q_*uje&C1Li2(Ml@eEXFM
z6Mj3qh8+j%Q8R%&7!t|tT^j}N6<TXC?TY3O&c#LR3i^&do8AHa5j9-q-Z^isBdY!}
zF|H>s{KW0Y=&)Cz`P5vgu~)G_&hHgZZ`^1<PKbR9zN);VKe*qA%5A(}?ao;~MU1=-
zzKsz36mn&GgVcN>{4Lq@TW#{xT&m3@yj@`Nrs<_L#bl`PHih3q-AQX+rB_RQ@#kGU
z!qX?(R+so=7koOODbY}`){j5*;ZbgE+koeN{@w1Y?Jnj+0wh2JBtQZrKmsH{0wh2J
zBtQZrKmrF6c;-J_gMQn=95}l<;_cuZY-`bHtcxH2UiVW>{CU%+pQ6B<pw;JF!t9t=
za3g+Is=;x6xr;OWyuIE|kx5lYBaNe`l2$rjFFsb8-l-i^!vr<EkPeb)os`T>q#vt<
zwdE!sRxp|00%F}cNzQkCO!eX~b-4kHc~Uk%%4*&9VZw8fmB}8{FBF>IJU8uwUsjE#
zI|VPxN^-H4o#f#>VkUk3U`{OmdS)vJVQn-=YV$}%ck_B-;a~5BQJu)xvR0iq*9f+R
zN>`kaOIZ4Re1z{0dH89d`#pQ|SFgJHh$?ER(@0n0wu>nP>Dnp10eoKVl_J9rUrJ>{
zb$cpV42OP{Hr&xPFF#IYuO1eO^$u_sYV_rSo%8Ox2+P67-Y;MR6_k#>vds5V&7ix%
zqM*WWEa4G;4>J6heVo@2iFNdqHNYy>vB6Fi4!HQlk8_%c<RMhSMc2$j%y-I7k__bh
z#9tGL`aZ+wJM#TRa&^Wd6l@|{vXU2aSX6afF9WE;sRDnNzF^SkSb2c?2yaXWmX{71
zP2z@Y^A#@7xbrL`3j{2olxDRYH$(C&e}=xwqR}<-0P6vL*OZ-nhwu8E{^4>X{6NGP
zo1~<sM?a(S(;FSxejwCfr`C6H;bd0l0jv8cw`|Ev9NSzP6kPLI?5sM&4a75i8V?+#
zPIfOEX>QeHrLP^&^H~)Hh9Wt;X_XBg%#Q8rq*2JQ!m%V(*D3EEtgpAItFeTMJ0#qV
zc)KLzruD5e32&`NFX68hLFWPG>dC4P)^jI(c(Rl78=hZXr>0*24pW875C(RWF(0F<
zNVOF@sU=p4KqYFf>Vomq!D#jTG*bCFa{zLL^h;Knnq{U=Ph|peVyCjGwF_2CU+txO
zi=uL(!hnNPq1o#B!k4|pv+3-t!ID;JDHtgyu+hkq5xmB)u2Gtm(rtEvai$*HX)jj3
z`c5$CH#HyxPE|dyt+v{1uD5<%Q#m?w0E)19>1!_%htx~4l@Ww-SXtjDfR2<G2%bA?
z6W|dC4|$2%P#Xm^$t%F&+{trSXh43ZzR1fdb1o&D>dNxO91fWa<FZ4Ryda$NBGy5(
zWd`NKs;UE~?o|ulZkyIrp3WSADolNmc{|qyZRH1|_^j#^4Emy%Do9QZGxlBN1y(~H
zU&~}3!>mHjH$7nnvNMtOEo9o^*VAe*>O|EB*@Lo#t$=e4C-|lu@P=Y?RI34&-knKY
zh-rmombcT!pbU!{qz`9dJZJFHVpSbr84!<UE4m*K%H8IoT7`MNo4$~}wE?Pn>jCi5
z-rpz<oL|tUor!A-6Lq3x1oJ54RtucIo4$~|Ro%cC_>f1^SPQmN-!;TtTkvi~&qJ^!
zJ1K+ho9PRrI(23^ssTRQ$5%g{iHJb4eSFnrUKkJSJ8T$g#rk>$DmXiLp$-8eg<VB8
zEmDtIznautG#2{yG6hFo+Ta9MU<b3nxw;2l-%DRe-O#@-wjKf4Lb2L1jzC0V4deFG
zG79=^aI!9Cuzq8G!*@>%{ZU^~0p)l12v|GPh~c6swB&9O)^fNd1SHW-8Fo|4Eu?rz
z2MVqW!OX$9-I1==!GbpyiZqak`vzEM2HE9Nyf~EMss+nsEtO>)fZTqDzOu@1z;g8M
z68D6JR7|brL9pva`-%FBBL=V<Q0FOtbqRgfr7U-LcjfK|z`ow702^$(osv43mSLv_
zAsv04rDE8L=?sg7b92;gwuY2{h`vP`?^;<wHDDDlz_8wk+L<GeGptv?CgsZO2?J1Y
zjSZ-RZLd?5L0EMRRW*bxUSPQE1Y?#6kaZcZT42|W2Dz1#E3YRE^a_FbH68K%`;z--
zP)s;?m_e$=#u+XKOAGAQ>D#rgg6%obD+K1(bVQl!^aX2i7-VoUY{T(RlyuU1qJ$(w
zDFe~E*0ztGMxkIMHJI<cxgm{(FM!pRMmmu{Ux4u*4R{ePPWz}6Sidf1QFt%Q1LmP%
zBegZ!z@ZVj!+7h|#5HIv(DpJF0o9wFqAYMCbce-N7J63q!K<D;w-2ca5IHL_$fITh
zq>&aYe5lVe34LLwHKdsWdl6y0wbj7T;v(vUx?4`gnxmTCI=TiWQ!p*V>NE+-q)lpr
z6M21JL(#QG?+x8xH?2vzW1Gr6>JbXI>K!i>pn@xSHfw)A2b|ysX(8420R~f<3QWk|
zqj_T<dKUZOR7OLyQ+nOp#tVg=0L7q><_?E^P+#!hybNMINnE*?Q;_kRYYzHUZqDvP
za%Q<;(Kt2;73#vN)&W+QaKdn|u}jbpb^;U=I*=xG(9$F`+hepwTHyYu4wPY5F?w-r
zd4jnHRb&-b0WS1nCOctk*x^*@xtvuhqjr8)u7_PGpkOn(!9sBxsGOA#mnvivJD{)f
zVrClx<8>TkRRM5Xrmalnlxz>0$t6d&Aw8QIDhI?%rpUf>1Yts_EEFyDF)hJp%1aex
z@}=ZOBjq7>(V(QGvney8rHwpiV#%>hDA>skZ16~>WL2GMI6ta+Q{c)b#6^9zg_SQR
zs{`rT*!S)!)JCy3f=<ZZx0%8T4Jg=&j|bS=@d|}O4C2HNDi<PG7KW9IQ>W51FoQS>
zSK{?kwl<stb=TqWWd_S1C^!x3f1C@9LP!0Ik=EbZ#T6{{qJBL*2UJLFFEUlbiCS-O
zqNyT78Y^0nWguEHKDJdSo`I$YmYYWNW5#NI?FFt~N;6|l-_a8GTK20OS|8g>{00uw
ziC*sN8{^K&NF}ViS}Du5C$_D$HCTMMF|k%lmH|^<=lbjUNaK}2t1_uCB*|~%Q9ij0
zk;=YKloUeegqjVIX$96wk`%ictxN*b+8IojRb~rHn9?xK)S!&1rkdS4TB`im$3a4v
zZuK1Nl`83AU4wfB%nWaX>4*HVf?8jQB<hjt#Bir6S7G4?_d0o|X@%B<k<6Dzd3Dou
z4Y_!Nl}cjr2nH&=?CS8bFXzAXJ0W>euFQj-#%1Ki8vU#_+99m%DhFJIZz_{1=_Drd
zU?Ht#+gypYS8sKt^-^DV6C~sLv0XSg+`BV)fvYpdimYC}MipZ%l4HREsAsDLCUSXc
z+Y3S8XkxR#G6tg6H*%`(L%W4StA#~Q33e(~FN@8Z+Ad;DuyAC0^lk@?<fnAxy2%Ej
zB^)|)dlw{Y{~a*x=b(Ns-6?UCknx(nRB5iLN@}>6#RTG>zTrETOW>;2$VAxAsX@49
zwoY0stC}O*y7IW|fK`)9+ePGYbr;l?s8Ff9c!1<weS=polh!SsxH{y7<(Zyx$ulB#
z$SP$VA6prU^+z|uJ3iANnd(;>v<fT<8b_zSpe#+TnpVLCb7eR!m5*C8N$$Z9Q1D`=
zmC|@^;WFwWZJF%&U4r;V-}rvrhD_y`0*CM16&?Vi$2!|@$Rxa%S*0A)nXd<}tF3$&
zbYtB)@q-$muf%*%{5s4!ee3lckp!r(q;bDC^}U~_vLfm$Y22?(eeb8Ktcdzb8ux2c
z-}`AQE26%V#{JsxCLdq_-cDf9xBG6<5#{s!jaO0zn&WR!zA^>n3o^RIj#CM~R~Mdu
zuYi;KzH|eDzE?QF)c2+O!V|Fmb)A<+8gxc|2SJUQ0nTuk$5!oV1qof@31i1vk8q6_
zX!BFUN2HNsP~VK=B@N&i#fG1@za+#eCy)=%?<#htu|B||A3oq<{zGKu`WFvU-xmXg
z4+W#xXB;2u`)Ylw4-giSPY{^;zFJ@RlcquE<KL2|zAxAJQdel|`+9vF0`Cy4?UMSo
z`D~jlPr0hK&D}RvQQvRC^OvgkDYMG{ik)Ua-{YVDcdF`qx4<>adjjAbJ2cM6a-$5a
zBYZ-6Vxyh#^6Z3y4+~lUzSd!(WuS6^<tW>)AOI4#e%I<1!8{+!g@mWq1N6P|_-k^X
z_)C4?bGUl-GrXmC*5+EBEEkXf36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg
z011!)36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)
z36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)36KB@
zkN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg
z011!)36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)
z36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)36KB@
VkN^pg011!)36KB@kicyT{67%)oZ0{Y

literal 231482
zcmeI5J$CH8k%r~51NG@6X+I8~Of-qlw~WbV3l6-LyCbJwf){XuVRuX2Btd|0{Q*^E
z>G*ykfC5l>A65Zm%hKQe=db_#^V{v~uYY-a``_vNzyI|3_ouh_d;Qx#{`~f@kGK23
z|4cQve}DV$zyIH(5&!RhZJ7Rg`}Ow6AHUyzP5*x1{{8y>_V#-!Pyc@3|NXiZr}{tM
zrf-wo+uQWNsn6}dQ#t#metG{4i=TTC=6_OwR3H^d1yX@jAQeaj1}gA*gs*}6xt;n5
zT({TYR`PC+ZR>Kh+HP|Cn&@a4_txV}eQR&_)HrCnwX9CYKPWwLSxz9BxdF;>Y%?=;
zM-O~#Y^2qVMqw~NY5iv~HqdzBkY^x9UgJO>x>J)^ex44xLXR2kJhWIV9Ro#gR@S1=
z)k#n6?jxNG6o0kd!RSoLU-0>Q>L}iIl=DFnt+*>2g~>#VJ!fYH)w>OGPD0XEcf%u{
zNV?GT_LnN(r~i5R$XDKnkZ2b9B2PVnNc#?*PYp+B@f|3!r_fp9*+*f^Z{6|iVAR%c
z4T?Fw+WK-JCIQoKNkvluQ&g<MHCG3Y_4ReVUM}y8ugm3fy?%XxBRDo=L9px8SE-K)
z>;mgX;c^X5*$x(c<c@eh_R+p*$A(PjVAZ1&UlQ9V<xAW^w&Fz`w+G%29^41zuyITT
zVPtO3_hX{_j7R20(EZp58EIHsz7t$I-TO@u6EO*eg|Q{x8{Cf%X2_P^E>}xut;V*1
zMi|p-S)ZQ|y5iKl;2bfC2{80ct?)kJethgc>MrmBg@^}geQfZEHhh2R>gDD+`FM{^
zFb;J?3%*afHh3r0Nf^8l4Di0_n&C~tAl^51zB9U(cq0-<nP}Q+^PS^WKU&TA;OY9J
z?Y#MTn&hytbeA-ztMpc5#dKK=_dJY2(X&#;yP(?x?*u#AK}!!EG?FIYC0^sr_Zi3G
zk~G9c%Sey!if*Uyy<yG}uHOx6eAjq;h3^e;hHw?I65oPu$MDS%uF}<d`YrM5zjnT1
ztbav2NY|05wy1>f23^I^1nW!}Et#XYZVU~+n|O6U6kL$374n!>5?0{5iMR9i`#_#K
zx&SQayN$Q^_WJ;wIeHCP%C|zd|Mr`J*J$r$A>S(Ao=?Av{aCo5?%g-3=vB(rQ^z}u
zZ@$c0+#Djl4ZP#{Cg3?>3EvjpfqcUO{+t6*z83Ip;vI8-{@#hBJqQ~D=JRdi9m+Q&
z_?ZRRe0T5;dB5>GNM{6p6Xx>W!#kL7MzD<UF5XcuIG!P#5qu}ii(dfm*bR8XoPckD
zS$q+^qZ9P|J8NkpJAJ2A)o+~jKzN5I=y*T0WAT_|$k+OZ+n-x)?IPT#NuT<J8GOO;
z9Us8&(LN8JV5lZ%*8U6Q9e%<Jc*ar(Opae1uY&-NcZk*oOyx_#JN^hA@DQyG*p#mW
zzyZ%#s(UbzFDZN{<KbuMh#6WFFpV!2uLr=i75cE&J4KV$L&vN2o6TyExIlfx46PTz
z=6uKR!2zFw$MEHZ@2$`1O*q^q4O7r*WoSbDa`6r)eC7<@hwtDRj+mj9A{gf@2;Y0x
z@^|t-{?@|luPuB{f04l^m*cB+WT}#(;q^%Ie)qqAe@(^e)L-h5LuP1|2(F5}ZcyU;
zJ<NLaqO8m~;t@;bkW~m<snEn*nPOe7ig-PEjIumMqw7@Ti%xjA)B8V(hdg2_L@+3~
z7G7|=mzf&j*N~B}!~qO0R);S*+0yI_cn1lXoHT%!TGmP`cx!|2*6YOZ?le9Pgb|D_
zN`o&p)3%ky15?ld7Ct3y>$$2`z`GieTGU9=)H%J_iy|0Wgq$xlP18u8q@xC~D1w`s
zem9EoB9rXe$U}H{3a18=07jN1<%`UL*hqKbGX^lAs~5bVpHjfUVttzMBN$kZkS{O;
zY$Du*W4?vHslx`mFRcvk{`e#dAz;#6u8g^W_ZK1JyFWb9LUzhJUjXmRE8)98I@v-5
zIP3|FouPO2b%yuzQ<S22m+RMnm!WspBjCF`HqSr;IBtSw9<lZ$7T~S_0M6c|JM99%
zF@I3!p$98~cclFO3(YLbdqeZv1<%3!Nyqo(0N(SOMfTolZ)8b3@Of{=B=8A~b;jCJ
z*(csl{vkSYg63?&R(yBHl{WLYVCl?5`_nV@j=Svm-5FQh%-(`SCun*Ew}p0#_w%!|
zzwTCtPS9TXw(lC1R(6I~nSIzG)C}ErlpDY8QFU5(Beh}>_!Y-ZI3nP-)=a+bL6us$
zXXw})uqt0BUb7ch%R7U6#9EFLu0#vq=JJ?)n`7!Vasyb;gE1qK05@Iq&6oS*I>9$!
zT81{@+Z<A}kr}|jH(=TktEIQ|@MZtJU2DxD+6WoCwH_Yd)`-e&%m7yQqW^Gb;mdr9
z6@3GyWa!q-$BN(9fa-0$mssI9V8RirCAojTyaXNl74)4LoS_?hS$I3W+xT&t^^PO?
z-sNNQ{Sm&?cV2?-<ecR+XaF~Sh`^V3!fGr!OcMyWv7Y1djemfKkI>QivNquO2j~eK
z7Qo7U8^hT&u};v*cY+ZjJ@bA}=Ku%j2@n*(^{7g|b!}X<oP#fG19rhj>;wY1J_#p&
z>!X>qu%3X;yy-gdDfqGuSY0vLO$Gq2PaY(GlW&u9c)qMRSVwrlaU<76dv8p>bp`yl
zB;V~Haz9G^?gw!F9u2bpvVMy4Fno6bC*QgP5nA>#bbSpOzjbZ=v?SlH9rzF*Fg$Lu
z9l-TF@yPL;e0iTA)$bO&7S0Rk1M%HCVbyid_^oT>simEu>z*dxx;Cy_nt<z`Cf~X?
zu3D0BafCk7{@Z>FUB44Ee(T!!YH0;<-P7b-*Tz{(1908b<XhLqSxfR=?ZC&{e_M~h
z^*b@+x2}!1mU;l!J>~H2{Qn-jJAd}~S2q!o?=nFjEI&5@*W;J<e_&_~XVsMP+X~=@
z>YN1K7|yCG`F7+xU;|FRx5%mOz>TQl#BcI#2x{4seCH>u!=10H0o=H!GJYH4xNE8e
zaKld)-~I_Y_uo51I$zcUQu1v?jA_$0;MSBe0yyLM!7%y0PFM##UsaxvGJabMglgLi
z;MNLw`MLKFocZ~iA(=1lfR%h(F=N=)i*IMZ8NWaG%ogCEw$1M$5_IzYVb_aq-vCa&
zY`)A5IQjl4-ue4R0JlA0Cg`q!Gk%{8yYcM_IQb^u*PE-y)e+xcO_a&;%iVxKItFmY
z?=yZk0KeKcuecj<N5IMVMXn6sSKH=Q^4*lhYbBX4KS6iP&>6q8yR85`Yumi!2XHUI
z$#({>C*MwhldpuYAVGIJV<q2Ve7i(&@}2Q5o{;8k+t-2}xJv{l-#NGS20U-uz83NA
z5W&fJ&aF3Jd%($8##eO0nu32myTx_#U8uSW;6>YZL6)G+0Vm%DHacHv02@be@*U0B
zHiVO}l&?5|O#vt01>e;Z@UpE^lJ3B_{*|HS)ya3M;c^3Bw$)0W0Vm%jwNZSnLOA)#
z`6}$d_Y|=7M5na=*(#)b(4W702)YPhP-Be*ZA2L1xwc8ZYwl`*wGUdXzyF(j*L<}y
zw001){ygk^@-^i<K`zE;R;)8GR!+X9+<F=Md!%v-at$wf-!pzUlvd~a7;s}Iu<GN=
zc{I8Q_@U!>@dgXj@@8fPcs}g)!bXNAX13MkdYwCZzb0tc)pY)VM47l)plSs_8rjgO
z9ZSS6IeX;Gdd#8nk=tJ?i1iMPlz^+)a{1b2=pb}&_s6A?v?_Y{u4ePK0_=6u-H!Ka
z2zyD^-uQ0I=(n~N!Z*gf<F%M?2DoTzS2U6nw<%C=e%^AsYi+A&-OA^ypP?h-eShBt
zJT!;}e6<0`#ESqPn5P}_eWtu<7yA)BSy(6H%J>q#x&a)G>dW7~L)JI{3IW?{5noNf
zu^x<GaBo-b$D~(y+oIeYUB*`raMaEB0s4h-=W3IIY2^zrYnq+)z|G5mh*knK^i2(x
z%7RWpzDf}sJAAP-^v}I6fW_$QgKxBeUHeN2;Lb5D<*O6GYrVpie}WVH&WJ;97cpNA
zz>yEnk6RHvLjUmR;v)Bx^Hl&GE?f(TX$iVxj#l6+2VBS%ui_^#@$ckNWOdNsD+L_=
z^nAM;ajs8G7B6Zi6~02iN8n4{fbW#4uo(6_d}TjU8UJ{NzoUFcZ+F0qn`7Q(={Tu$
zUcMb(XFUUW4vTY5Lb@=HcbY0aCLf@G6yQir>7&M%zX_LW#j9cSwGLrDzHGqpXqF!H
z`5FUO<jVzIsuizBz}FVACST?;`o!m}$1Y6SPpP)Ld|4rUdcKwstjw1K_z3SeevZS;
z@6@Qo?X~$ba&+=F{J9Q&zVr}|cbr;#EID4;?!g9p$srtn17^K`UgmN<<&rE-_!2`n
zeu7@2;+06)U}GD;#1LMmyJ%&3dcNHfFf)pw6<-qJ=mD&do~;1e@uei`XaT$QS0{XJ
zBG`~GA%tTGuu}M%05;`|6J7>Htdd&zS^zfY3lolobm8r7>s0%qoShI`bH0-k$l~K>
zXua%w(+OclvFX7VA{_N4hb~@qz<u~4gku8M#;Xmu7hfPvM+B^oR~c|ezPpIy?ZFm!
zb+_QYe0LB>1B@IT88(#j)1Ga2zHP*j2%7}&{dU-cMra?w_vT*pwvMt3YrfSe#2^6N
zF&)MC?pCp`dqsp8wu{}n1Ut|O%|rQq`&nSVy8ad4^<Vv5EQDP_AlNqbz<1ljFX|UR
zvtO?GTuW!!0CzerXAzYA@+B{d%U9uVZ0yitG?Q0f>5zQCD#}o+84z1tsMA;MPtR8i
z?@iwpFKSzb7q$Ay_l?@qojof*D<tQI5LAqH`^B*A!rA$<g{yX~6Qi|MCm=PPobQDs
z7HCZ4ShWUcYnz>%uXcL=7Q4!f($EG6wkBUtD54n!WX+a1<)(S^-IPUMS%XHYmwWNT
zd(QK-QGULIp^)6RO}=vlIL}9xd=(yt=gVVVXZ*5c13PU;C7~9ar*4*f>)L3v5Lj-R
zid{&)VhP&=Y*8cBwFlpCO}_gY$t(ykH%w)7e{%mqyL4KU{_f6Kk5z6^BUA~Mn#FJU
z2PCI_Wyk2``&7Uy-+_SV;hXXMyi>F<2>G}$75S2UMe@O&3u<@;Jja${^4(I!pbqC*
zSW3J}z7q8)eG6=G1!b1CZSq|!VpWE57KRd!7JQ>0u-u-X?}Q3&aD@PH@)d|j><aT-
z8xrT4n<wA78phXaZfKeB))H^#XTFk1Pn2h2hYY@HlYC7--(PE9fCDSm<G|(Qdn&%c
z6SVL1^DXGWcrDD}fL$4`;y3xO^ieMs<gf~^AIZ0Cer5+SlkXaD#xGMyyc-s;Yb$*G
zg=O-6?;O9(9e6<vFC^a}e3`%Utl%3vLHj>HPocL?y;vEK*|}x%?H<29`IdMye&@Hp
z%{3OVD=U^O$@jf~{PF@=i*M)v4zd68__7XI8}XZbS&>5Ov`W2Lku<}%aq=CJpLqey
z;Jbx4<Ch^Mu?rTkD=Xq0H}m8>{gs>E@2_scuh2ooTR-C0Cf~>b9OHbIe2Mqz(>(b;
zrI;?Z!#Cr1u93|(l#tg(WLJ{!?T^ew*?;K|z!koM12{^4?sLFOzN6x|3*Q>vj9>Cj
zNA9rRTahw#lH_{}-y!?&*!Ybbz`6g<g1j2P$#<rb%_WkL*EU2?>UfhcQA)b`njKOm
z&eGr;7I5b0*G-Uo@5ig7p08SXGk#xTU~`4!<FyUVljQpd-&4kK)BxuE-O&;6pF2GN
zHsd$>(vl(BdYyZbGHH@F-sDRXlWvUgT-%Ul+2I=$Feg8o{C%rE7Hf7$d2h@`d-DB0
zUcDcZ?;hS0#qay#zVB2(;&p99ac!4xOu%11K}q>e(M`*C%?>FO=HADfd<k;WO%a}J
z8^SEfcNXB9f8H5oux5vp(Xl5xfN#tIo?(M82fW}wa27T=Uj%RR#q}gx7VMA;d=`jr
zNWgH=&JA(lv@8*vYa7Dc$K}iU0C>Oy(wZGo#`$7+L&h(QZ}$Thg0rwu=Nl0)=LKc|
zPY4TkNJa9U6kxsJ=$@bvoP`a{7fjES89byLLmuDW3A$j1RKOY^neXTPTnt}#egZ~l
zmNqC~9B;t*<?-#Dpi6c@4T=|fclC1*z=OImWF4U2`zC0BW@!Q|{KF3U4iD<akad9W
z`x$V_4yi#EMzB6@&_Vs!@eWvB6Es4zv_U0)vV$(rQT^D#hpL5P#}ihG4ypkahN!-b
zz)>BUEwJH*ek*`z7DlLlFLc-yI<6Z#-T|xMJFJ2nRsrgZL7iEF<N7gUZou7kU<_wr
z1qwVP2VQ~$yD{VP?X&|I;J^w{Ul8id3>?^x8NTN(E&Hqh#JM&DottrkFTtVRnDL%~
zJN+JxH8->jstZG%8G=K*G2<raE-$fAo@+Zy-5E8)B{sGnt7Y0Hl<b$V#s-%$*9cH&
zrr6kite8(o9WpeGb8U!;J7Y$<#0K|c#ZJ)X8G4NkE@R?Spw4Zv(fwEvQu4~wb`3Dj
z!VvOnj*N5-jqb>ZouF+$M=Gen6_~aprVC?id^cA71a0}65~f)iLdq_P(F)M`j*M1W
zmr^wQq`#zw*Fe(JkS?vE3H%uG6ZE^;84IUbSVF=sfl*7)6mE<J3EB#90gX@r=}INK
zw1=kfV?@cwg{{Rh2s8^*$e$%HdI_4ujS=@9^n<njG74st3dkKg(Pa;45<f;oP?9RN
z4_OqNr7fcB5*DX~%;LvJa>AN!1zo@;GD;03Du?K@4>XM%Bhd*<7chn8mMx;`5*4q6
z%;U#K7{GcjI<}Be>L5vZM3=pwiQE`T16b=-B?aZCEu!cW6t{%T<j00|pxQLn*n~Hc
zQ7REZxj<L_kg5FGhyz&R^I!_diY+4OiW9qt%;m>sGbV|ZvLC9fAfr?xa<X|A9g*4G
z*eC?>`}>8Tq$wDywuqVqCUylfn;#outX9mKgsa3z4TzX*nj0OF`P|s31n@+iL6`)w
zVT@?Gfr(v(%;(2O`V9PxXd>YTFj^BLC7b1DM`T7fHd+CE<9tOoVj97=HK61sB|#-H
zr5_X7$4Jlc{k}jDw|Nm;5g`RAH@hNp`mtFfl9n$m#&>$x>5GW5Y7XeQ$w*WQOzOu(
zGebY`jS2EHS$}<9ub1U!e^H<e$S5LN=?qNk$7HGc6H%9oi!6{45i5v9)yTYVY)k?e
zzdIy^0S!eQtDS*~{g~(;v2e0KmTba+gjGVa24H4KCO<-t`hKY%pPCJbf-;Qt-pJf;
zYzAlO>9%TetTh7q)d5LcfXV%sj0eof(SUqXh^_v>^nOf6o}nMR0vRwOUW<>k4VmAM
z&8V&SHE%5oSLzYzqzK#n5f9whjL*=-Js41~jYr-JxZuZR^h4708Dk|<H>(lh<OJIz
zAU^o93AF_yvbEu8v?5;kv3YHUqpmh1b*mB)O#|TG7>FN!Y(`;y&I_NR0nPT%sI&uq
zI5HW2#zJ>sL^BnByMrK}_^}xdcq<o|b%<cQWRwgLU;NmNK14$a8j(wh9xx2zjUSuA
zfRO}^hy`#_GeP|EV>1|VnT*#pkW^~$fPo-~{1}aW4Bk!9kWc^>MH9#+KSo0V@9~9X
zQe+1W1v%x%Xe8hrzK}=|6ICO~Ek8yB_u%#c3zJ9{9X1%|m>a8cfSY_VeJ~=rR+wjg
ztcC$@@x|oP1&5A?`R2!J)SIjZUrZbnh_)T(ogb?~fa`oQX|%E7<6-{!u^I!odVa=)
z!ExwYVjeoO8u6S|;R~vw4~;S+=%gRB0jI3>+sH>5m4rgWz!r7Wja~N~y}kXSdKe%h
z4T<{c$F4Wvt@I45L1JNI47=*buy2muNYAhoCd7z?!p{0J>>0uv=@}M+NW#b*cGr<%
zzjJgEzPJiTyvW1i9{aKE6~aaM;u4TKn03H?c4XOS7hZ)gVf|*b7y}dB_G9|hAxSR}
z&y=+@C>VC3c<#s6JV`IJGiBk1tXM-+e0OAPo1_<bNvmctFzrNg-;uE;;o0U(Td^rA
z=HRpyII=b){K89IEt7z8H{v4vn19(2e&VIB)R+@{c<MSF+3OR2?!Dwyvh_FbNM4Gg
z4$5cgp9drQ3e71ACZMmzQ4hs5{T;lV#R=5!(3P_yM}3rDc|3xbwXP0~L{qR9<*CzE
z{8sBum$@X7_FXzN7v`y(B#Ljp9GJhBE`+3$@R#SO=NBuCWpF<~rOJ2e?+25}6B=VF
z+sV~Vc;wTFWcAe<fqa?R%DtA$-fsl?YJH6`{iTJ=>Mt$aegV=1_WGrO_O{r5a5QG}
zg-6+&)t}i=8C^s4o@1yi`aFa5M58m;dDtkdR7dj8qbRKVBtvutqcz=0=t!5TC3pXE
zq$@u~|NdAMXFLTV(IOSa9x;???I-9wf{E&!Ct$>1qN>t^2IH^(@I40+(Vq73oR|yL
z)_K@?%=I6;+b|jy6CWEDXLS}T4;+&t!GZe>Bw;l5fnm{?W~A}hVd*j)wZ~WvX0sm^
z7ja!?`i>u%sKg=7$5Sx$;E=>9i!#*K$Iuip4rl8Ffvp#ZgN852R#-Qq<ANN@(vAN1
zjvR^`xEOm?9nAo0avU>9+V^qgIOu?t^pVurEPyTtF>xk*H+K$#Z)X|Z<n%YujxtAR
z_9uE*kB)$_v4*Z%`kbtxPV^?9f_L{SI>w6s-F5UkVMU?H)qceu;#p*r8@><G(D$Sp
zDn+gGE%Y$&qT*cnJxo9U6R(ttSoAOQSPvsIefd0AyBM>-)CzVLLtY172IKm0*MV+<
zT!@A^khD%*4Mf<9V&U8ffjFG1o*Z^h*ppZ>eQ}I9rl9`3c8S=ZOp!fuhB&g6ZhiN{
z*sVbE9UG1~zJ%^qFpjZ%X%6FHf5wNAF3du@F%F~1@f<a0d_2kGt;h&+JRuJ4u_EO|
j>lA!(BFw?pelGW6(&v&TSDOl?0;xbMkP4&%#tQsDsfFou

diff --git a/pkglist.txt b/pkglist.txt
index 83becfd..59536bf 100644
--- a/pkglist.txt
+++ b/pkglist.txt
@@ -1,3 +1,5 @@
+toolbox
+sssd-kcm
 podman
 ImageMagick
 exa
diff --git a/prepare-root.sh b/prepare-root.sh
index e7d4bd3..5462d0d 100755
--- a/prepare-root.sh
+++ b/prepare-root.sh
@@ -310,7 +310,6 @@ fi
 
 (( $RET == 0 ))
 
-
 chroot "$sysroot" /usr/bin/systemd-sysusers
 
 for i in passwd shadow group gshadow subuid subgid; do
@@ -480,6 +479,8 @@ sed -i -e 's#/etc/passwd#/cfg/passwd#g;s#/etc/shadow#/cfg/shadow#g;s#/etc/gshado
     "$sysroot"/usr/bin/newuidmap \
     "$sysroot"/usr/sbin/newusers
 
+chmod u+s "$sysroot"/usr/bin/newgidmap "$sysroot"/usr/bin/newuidmap
+
 sed -i -e 's#/etc/.pwd.lock#/cfg/.pwd.lock#g' \
     "$sysroot"/lib*/libc.so.* \
     "$sysroot"/usr/lib/systemd/libsystemd-shared*.so