diff --git a/.copr/Makefile b/.copr/Makefile
new file mode 100644
index 00000000..e36d39ef
--- /dev/null
+++ b/.copr/Makefile
@@ -0,0 +1,4 @@
+srpm:
+ cd $(spec)
+ make github
+ rpmbuild -vv -bs ly.spec --define "_srcrpmdir $(outdir)"
diff --git a/ly.spec.rpkg b/ly.spec.rpkg
new file mode 100644
index 00000000..f73e5ba5
--- /dev/null
+++ b/ly.spec.rpkg
@@ -0,0 +1,78 @@
+%define relabel_files() \
+restorecon -R /usr/bin/ly; \
+
+%define selinux_policyver 3.14.6-34
+
+Name: {{{ git_dir_name }}}
+Version: {{{ git_dir_version }}}
+Release: 1%{?dist}
+Summary: A TUI display manager
+License: WTFPL
+URL: https://github.com/nullgemm/ly
+VCS: {{{ git_dir_vcs }}}
+Source: {{{ git_dir_pack }}}
+BuildRequires: libxcb-devel
+BuildRequires: pam-devel
+BuildRequires: make
+BuildRequires: git
+BuildRequires: gcc
+BuildRequires: selinux-policy-devel
+Requires: libxcb
+Requires: pam
+
+%description
+Ly is a lightweight TUI (ncurses-like) display manager for Linux and BSD.
+
+%prep
+git clone https://github.com/dhalucario/ly.git ly
+cd ly
+# git checkout v0.5.2
+make github
+
+%build
+cd ly
+make
+
+%install
+cd ly
+mkdir -p %{buildroot}/etc/
+mkdir -p %{buildroot}/usr/bin/
+mkdir -p %{buildroot}/usr/lib/systemd/system/
+mkdir -p %{buildroot}/etc/pam.d/
+DESTDIR="%{buildroot}" make install
+DESTDIR="%{buildroot}" make installselinux
+chmod -x %{buildroot}/etc/ly/config.ini
+chmod -x %{buildroot}/etc/ly/lang/*
+
+%post
+semodule -n -i /usr/share/selinux/packages/ly.pp
+if /usr/sbin/selinuxenabled ; then
+ /usr/sbin/load_policy
+ %relabel_files
+
+fi;
+exit 0
+
+%postun
+if [ $1 -eq 0 ]; then
+ semodule -n -r ly
+fi;
+exit 0
+
+%files
+/usr/bin/ly
+/usr/lib/systemd/system/ly.service
+/etc/ly/lang/es.ini
+/etc/ly/lang/pt.ini
+/etc/ly/lang/ru.ini
+/etc/ly/lang/en.ini
+/etc/ly/lang/fr.ini
+/etc/ly/lang/ro.ini
+/etc/ly/xsetup.sh
+/etc/ly/wsetup.sh
+/etc/ly/config.ini
+/etc/pam.d/ly
+/usr/share/selinux/packages/ly.pp
+
+%changelog
+{{{ git_dir_changelog }}}
diff --git a/makefile b/makefile
index eef31ad0..061b469f 100644
--- a/makefile
+++ b/makefile
@@ -92,6 +92,11 @@ installnoconf: $(BIND)/$(NAME)
@install -DZ $(RESD)/ly.service -m 644 -t ${DESTDIR}/usr/lib/systemd/system
@install -DZ $(RESD)/pam.d/ly -m 644 -t ${DESTDIR}/etc/pam.d
+installselinux:
+ @echo "installing selinux modules"
+ @make -f /usr/share/selinux/devel/Makefile ly.pp
+ @install -DZ ly.pp ${DESTDIR}/usr/share/selinux/packages/ly.pp
+
uninstall:
@echo "uninstalling"
@rm -rf ${DESTDIR}/etc/ly
diff --git a/selinux/ly.fc b/selinux/ly.fc
new file mode 100644
index 00000000..4a96a7b2
--- /dev/null
+++ b/selinux/ly.fc
@@ -0,0 +1 @@
+/usr/bin/ly -- gen_context(system_u:object_r:ly_exec_t,s0)
diff --git a/selinux/ly.if b/selinux/ly.if
new file mode 100644
index 00000000..568f979f
--- /dev/null
+++ b/selinux/ly.if
@@ -0,0 +1,41 @@
+
+## policy for ly
+
+########################################
+##
+## Execute ly_exec_t in the ly domain.
+##
+##
+##
+## Domain allowed to transition.
+##
+##
+#
+interface(`ly_domtrans',`
+ gen_require(`
+ type ly_t, ly_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1, ly_exec_t, ly_t)
+')
+
+######################################
+##
+## Execute ly in the caller domain.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`ly_exec',`
+ gen_require(`
+ type ly_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ can_exec($1, ly_exec_t)
+')
+
diff --git a/selinux/ly.te b/selinux/ly.te
new file mode 100755
index 00000000..8df62fc2
--- /dev/null
+++ b/selinux/ly.te
@@ -0,0 +1,32 @@
+policy_module(ly, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type ly_t;
+type ly_exec_t;
+init_daemon_domain(ly_t, ly_exec_t)
+
+permissive ly_t;
+
+########################################
+#
+# ly local policy
+#
+allow ly_t self:capability { setgid setuid };
+allow ly_t self:process { fork signal_perms };
+allow ly_t self:process transition;
+allow ly_t self:fifo_file rw_fifo_file_perms;
+allow ly_t self:unix_stream_socket create_stream_socket_perms;
+
+domain_use_interactive_fds(ly_t)
+
+files_read_etc_files(ly_t)
+
+auth_use_nsswitch(ly_t)
+
+logging_send_audit_msgs(ly_t)
+
+miscfiles_read_localization(ly_t)