tribes/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-04-06 21:20:33 +02:00
Code Activity

etc: SELinux: Add missing permissions.

Browse Source 
With the changes in this commit, I can use "guix pull" and
"guix install <package>" successfully and without generating SELinux
denial erros in the system log.

* etc/guix-daemon.cil.in: Add missing rules for guix pull/guix install.

Change-Id: I40b5ed2c458b275804bc073fb72286947ecb0283
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
This commit is contained in:
Thiago Jung Bauermann
2025-12-08 00:12:09 -03:00
committed by Rutherther
parent 1850ff7a3f
commit 1b59b93602
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
etc/guix-daemon.cil.in
View File

@@ -175,6 +175,10 @@
(file (execute (file (execute
execute_no_trans read write open entrypoint map execute_no_trans read write open entrypoint map
getattr link unlink))) getattr link unlink)))
;; Needed to execute the 'newgidmap' helper.
(allow guix_daemon_t
bin_t
(file (execute execute_no_trans map)))
;; Remounting /gnu/store read-write. ;; Remounting /gnu/store read-write.
(allow guix_daemon_t (allow guix_daemon_t
@@ -322,7 +326,7 @@
map map
getattr setattr getattr setattr
unlink unlink
open read write))) open read write append)))
(allow guix_daemon_t (allow guix_daemon_t
guix_daemon_conf_t guix_daemon_conf_t
(lnk_file (create getattr rename unlink read))) (lnk_file (create getattr rename unlink read)))
@@ -367,7 +371,7 @@
;; Allow use of user namespaces ;; Allow use of user namespaces
(allow guix_daemon_t (allow guix_daemon_t
self self
(cap_userns (sys_admin net_admin sys_chroot))) (cap_userns (setgid sys_admin net_admin sys_chroot)))
(allow guix_daemon_t (allow guix_daemon_t
self self
(user_namespace (create))) (user_namespace (create)))