mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2026-04-06 13:10:33 +02:00
etc: apparmor.d: Fix "guix-daemon/guix-builder" policy.
Currently Guix daemon would always fail to build packages that require execution of programs and scripts in "/tmp" directory (e.g. in "bootstrap" phase) on foreign distributions that use AppArmor as it denies such requests due to policy restrictions. This patch fixes "guix-daemon" AppArmor policy by allowing execution of programs in "/tmp" for "guix-builder". See <https://codeberg.org/guix/guix/issues/6501> * etc/apparmor.d/guix-daemon: Fix permissions for guix-daemon/guix-builder. Change-Id: Ib6a33fcc035011d7045da03346f3afeb598b7d7a Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
This commit is contained in:
Artyom V. Poptsov
committed by
Efraim Flashner
Efraim Flashner
parent
90d5f4f76a
commit
8ead7a9837
@@ -51,7 +51,7 @@ profile guix-daemon @{guix_storedir}/*-{guix-daemon,guix}-*/bin/guix-daemon flag
|
|||||||
|
|
||||||
@{guix_storedir}/** rwlmkux,
|
@{guix_storedir}/** rwlmkux,
|
||||||
|
|
||||||
owner /tmp/** rw,
|
owner /tmp/** rwux,
|
||||||
|
|
||||||
@{PROC}/@{pid}/fd/ r,
|
@{PROC}/@{pid}/fd/ r,
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user