summary refs log tree commit diff
diff options
context:
space:
mode:
authorRicardo Wurmus <rekado@elephly.net>2022-12-23 16:48:20 +0100
committerRicardo Wurmus <rekado@elephly.net>2022-12-23 20:20:06 +0100
commitafaeb657b118e6998342110deab8c8110b824417 (patch)
tree47a9c5dceb0da16e53c5efa8c8ffaf6cde4228da
parent4a134ed32e69ba888d988d2ed924a1531a54551b (diff)
downloadguix-afaeb657b118e6998342110deab8c8110b824417.tar.gz
etc: SELinux: Allow init process to setattr on profile directories.
* etc/guix-daemon.cil.in: Add rule.
-rw-r--r--etc/guix-daemon.cil.in3
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in
index 0245c36231..f55ef226c1 100644
--- a/etc/guix-daemon.cil.in
+++ b/etc/guix-daemon.cil.in
@@ -94,6 +94,9 @@
   (allow init_t
          guix_store_content_t
          (file (open read execute)))
+  (allow init_t
+         guix_profiles_t
+         (dir (setattr)))
 
   ;; guix-daemon needs to know the names of users
   (allow guix_daemon_t