diff options
author | Marius Bakke <marius@gnu.org> | 2021-05-22 19:42:15 +0200 |
---|---|---|
committer | Marius Bakke <marius@gnu.org> | 2021-05-22 19:53:17 +0200 |
commit | 35bd94a49257bbadcb3ca25342e5c1ec33f438f0 (patch) | |
tree | 75bb7dbec162caf88a40b4af6c8fb619e765f3b1 /etc | |
parent | 080770e6547132650b72711a9e1b0ce50ca4ff74 (diff) | |
download | guix-35bd94a49257bbadcb3ca25342e5c1ec33f438f0.tar.gz |
etc: Add more SELinux permissions for the daemon.
* etc/guix-daemon.cil.in (guix_daemon): Add more permissions, necessary for garbage collection.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/guix-daemon.cil.in | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in index 4f52157354..c9f4e3186d 100644 --- a/etc/guix-daemon.cil.in +++ b/etc/guix-daemon.cil.in @@ -301,7 +301,7 @@ open read write))) (allow guix_daemon_t guix_daemon_conf_t - (lnk_file (create getattr rename unlink))) + (lnk_file (create getattr rename unlink read))) (allow guix_daemon_t net_conf_t (file (getattr open read))) (allow guix_daemon_t net_conf_t @@ -328,6 +328,9 @@ (allow guix_daemon_t cache_home_t (dir (search))) + (allow guix_daemon_t + cache_home_t + (lnk_file (getattr read))) ;; self upgrades (allow guix_daemon_t @@ -340,7 +343,7 @@ ;; Socket operations (allow guix_daemon_t guix_daemon_socket_t - (sock_file (unlink))) + (sock_file (unlink write))) (allow guix_daemon_t init_t (fd (use))) |