guix-install.sh: Install SELinux policy and relabel file systems if needed.

Fixes <https://issues.guix.gnu.org/62487>.

* etc/guix-install.sh (sys_maybe_setup_selinux): New function.
(main): Use it.

1 files changed, 14 insertions, 0 deletions

diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index e81da7ae71..5012db55dd 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -606,6 +606,19 @@ fi
     _msg "${PAS}Bash shell prompt successfully customized for Guix"
 }
 
+sys_maybe_setup_selinux()
+{
+    if [ -f /sys/fs/selinux/policy ]
+    then
+	prompt_yes_no "Install SELinux policy required to run guix-daemon?" \
+	    || return
+
+	local var_guix=/var/guix/profiles/per-user/root/current-guix
+	semodule -i "${var_guix}/share/selinux/guix-daemon.cil"
+	restorecon -R /gnu /var/guix
+    fi
+}
+
 welcome()
 {
     local char
@@ -681,6 +694,7 @@ main()
 
     sys_create_store "${GUIX_BINARY_FILE_NAME}" "${tmp_path}"
     sys_create_build_user
+    sys_maybe_setup_selinux
     sys_enable_guix_daemon
     sys_authorize_build_farms
     sys_create_init_profile