diff options
author | Ludovic Courtès <ludo@gnu.org> | 2023-05-25 11:37:35 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2023-05-25 12:51:15 +0200 |
commit | 3bf612eaa13cc39caab64567660b8a02d206d19a (patch) | |
tree | 7ba127ebc68d42ebd521e35df44d999f7df9a00a | |
parent | 0b0c2ef6381e05f87aa5c4a99d05054a0b677662 (diff) | |
download | guix-3bf612eaa13cc39caab64567660b8a02d206d19a.tar.gz |
etc: SELinux: Update policy file.
Tested on Rocky Linux 9, as discussed at <https://issues.guix.gnu.org/62487>. * etc/guix-daemon.cil.in: Add rules for /gnu/store remount and file creation in /tmp.
-rw-r--r-- | etc/guix-daemon.cil.in | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in index f55ef226c1..b221e31094 100644 --- a/etc/guix-daemon.cil.in +++ b/etc/guix-daemon.cil.in @@ -176,6 +176,11 @@ execute_no_trans read write open entrypoint map getattr link unlink))) + ;; Remounting /gnu/store read-write. + (allow guix_daemon_t + fs_t + (filesystem (remount))) + ;; TODO: unknown (allow guix_daemon_t root_t @@ -223,6 +228,9 @@ (allow guix_daemon_t tmpfs_t (file (create open read unlink write))) + (allow guix_daemon_t ;same as above, but with tmp_t + tmp_t + (file (create open read unlink write))) (allow guix_daemon_t tmpfs_t (dir (getattr add_name remove_name write))) |