From 90eb6203181ca84f639c76d9b33ee2ef0593074b Mon Sep 17 00:00:00 2001
From: badblocks <4161747+badbl0cks@users.noreply.github.com>
Date: Mon, 23 Mar 2026 20:13:21 -0700
Subject: [PATCH 1/2] fix libvirt networking not working for VMs

---
 files/system/etc/libvirt/network.conf | 29 +++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 files/system/etc/libvirt/network.conf

diff --git a/files/system/etc/libvirt/network.conf b/files/system/etc/libvirt/network.conf
new file mode 100644
index 0000000..1998199
--- /dev/null
+++ b/files/system/etc/libvirt/network.conf
@@ -0,0 +1,29 @@
+# Master configuration file for the network driver.
+# All settings described here are optional - if omitted, sensible
+# defaults are used.
+
+# firewall_backend:
+#
+#   determines which subsystem to use to setup firewall packet
+#   filtering rules for virtual networks.
+#
+#   Supported settings:
+#
+#     iptables - use iptables commands to construct the firewall
+#     nftables - use nft commands to construct the firewall
+#
+#   If firewall_backend isn't configured, libvirt will choose the
+#   first available backend from the following list:
+#
+#     [nftables, iptables]
+#
+#   If no backend is available on the host, then the network driver
+#   will fail to start, and an error will be logged.
+#
+#   (NB: switching from one backend to another while there are active
+#   virtual networks *is* supported. The change will take place the
+#   next time that libvirtd/virtnetworkd is restarted - all existing
+#   virtual networks will have their old firewalls removed, and then
+#   reloaded using the new backend.)
+#
+firewall_backend = "iptables"

From edf48f5ceb3db632cdc1e82c4bf7d147323f7d10 Mon Sep 17 00:00:00 2001
From: badblocks <4161747+badbl0cks@users.noreply.github.com>
Date: Mon, 23 Mar 2026 20:47:35 -0700
Subject: [PATCH 2/2] temporarily remove freeipa-client from ucore builds and
 only add to bazzite-gnome builds for now; prevents
 fedora-selinux/selinux-policy#3081 from affecting ucore builds

---
 recipes/base.yml          | 1 -
 recipes/bazzite-gnome.yml | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes/base.yml b/recipes/base.yml
index c17f921..08e7d14 100644
--- a/recipes/base.yml
+++ b/recipes/base.yml
@@ -41,7 +41,6 @@ modules:
         - containerd.io
         - docker-buildx-plugin
         - docker-compose-plugin
-        - freeipa-client
         - chromium-headless
   - type: systemd
     system:
diff --git a/recipes/bazzite-gnome.yml b/recipes/bazzite-gnome.yml
index 4843aed..e26c852 100644
--- a/recipes/bazzite-gnome.yml
+++ b/recipes/bazzite-gnome.yml
@@ -21,6 +21,7 @@ modules:
         - gtk-murrine-engine
         - gnome-boxes
         - fedora-chromium-config-gnome
+        - freeipa-client
   - type: gnome-extensions
     install:
       - 6 # Applications Menu