~ruther/guix-local

1b59b93602d034d75882b0ca076a732cd1865d98 — Thiago Jung Bauermann 2 months ago 1850ff7
etc: SELinux: Add missing permissions.

With the changes in this commit, I can use "guix pull" and
"guix install <package>" successfully and without generating SELinux
denial erros in the system log.

* etc/guix-daemon.cil.in: Add missing rules for guix pull/guix install.

Change-Id: I40b5ed2c458b275804bc073fb72286947ecb0283
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
1 files changed, 6 insertions(+), 2 deletions(-)

M etc/guix-daemon.cil.in
M etc/guix-daemon.cil.in => etc/guix-daemon.cil.in +6 -2
@@ 175,6 175,10 @@
         (file (execute
                execute_no_trans read write open entrypoint map
                getattr link unlink)))
  ;; Needed to execute the 'newgidmap' helper.
  (allow guix_daemon_t
         bin_t
         (file (execute execute_no_trans map)))

  ;; Remounting /gnu/store read-write.
  (allow guix_daemon_t


@@ 322,7 326,7 @@
                map
                getattr setattr
                unlink
                open read write)))
                open read write append)))
  (allow guix_daemon_t
         guix_daemon_conf_t
         (lnk_file (create getattr rename unlink read)))


@@ 367,7 371,7 @@
  ;; Allow use of user namespaces
  (allow guix_daemon_t
         self
         (cap_userns (sys_admin net_admin sys_chroot)))
         (cap_userns (setgid sys_admin net_admin sys_chroot)))
  (allow guix_daemon_t
         self
         (user_namespace (create)))