etc: Add more SELinux permissions for the daemon.

* etc/guix-daemon.cil.in (guix_daemon): Permit file write, getattr, link and unlink for the guix_daemon_exec_t type.
2026-04-26 04:00:30 +02:00 · 2020-12-10 23:42:48 +01:00
parent 73817f711b
commit d677f3d623
1 changed files with 3 additions and 1 deletions
--- a/etc/guix-daemon.cil.in
+++ b/etc/guix-daemon.cil.in
@@ -167,7 +167,9 @@
         (process (fork execmem setrlimit setpgid setsched)))
  (allow guix_daemon_t
         guix_daemon_exec_t
-         (file (execute execute_no_trans read open entrypoint map)))
+         (file (execute
+                execute_no_trans read write open entrypoint map
+                getattr link unlink)))

  ;; TODO: unknown
  (allow guix_daemon_t