summary refs log tree commit diff
diff options
context:
space:
mode:
authorMarius Bakke <marius@gnu.org>2020-12-10 23:42:48 +0100
committerMarius Bakke <marius@gnu.org>2020-12-10 23:48:42 +0100
commitd677f3d6231d352fdb65b70f67d85fb5744e912c (patch)
treea62fb0f683e01023d3deadf2dc12e35f0e975385
parent73817f711baf5c26f10690b6df4d802b3434f70d (diff)
downloadguix-d677f3d6231d352fdb65b70f67d85fb5744e912c.tar.gz
etc: Add more SELinux permissions for the daemon.
* etc/guix-daemon.cil.in (guix_daemon): Permit file write, getattr, link and
unlink for the guix_daemon_exec_t type.
-rw-r--r--etc/guix-daemon.cil.in4
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in
index cc8999d9a8..4f52157354 100644
--- a/etc/guix-daemon.cil.in
+++ b/etc/guix-daemon.cil.in
@@ -167,7 +167,9 @@
          (process (fork execmem setrlimit setpgid setsched)))
   (allow guix_daemon_t
          guix_daemon_exec_t
-         (file (execute execute_no_trans read open entrypoint map)))
+         (file (execute
+                execute_no_trans read write open entrypoint map
+                getattr link unlink)))
 
   ;; TODO: unknown
   (allow guix_daemon_t