diff options
-rw-r--r-- | etc/guix-daemon.cil.in | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in index 0d7945843e..8ff6716038 100644 --- a/etc/guix-daemon.cil.in +++ b/etc/guix-daemon.cil.in @@ -264,6 +264,7 @@ link unlink map rename + append open read write relabelfrom))) (allow guix_daemon_t guix_store_content_t @@ -277,7 +278,7 @@ (fifo_file (create getattr open read unlink write))) (allow guix_daemon_t guix_store_content_t - (sock_file (create getattr unlink write))) + (sock_file (create getattr setattr unlink write))) ;; Access to configuration files and directories (allow guix_daemon_t @@ -362,7 +363,7 @@ (tcp_socket (name_bind name_connect accept listen))) (allow guix_daemon_t self - (udp_socket (connect getattr bind getopt setopt))) + (udp_socket (connect getattr bind getopt setopt read write))) (allow guix_daemon_t self (fifo_file (write read))) @@ -376,6 +377,7 @@ self (unix_dgram_socket (create bind connect sendto read write))) + ;; For some esoteric build jobs (i.e. PostgreSQL). (allow guix_daemon_t node_t (tcp_socket (node_bind))) @@ -386,6 +388,15 @@ port_t (tcp_socket (name_connect))) (allow guix_daemon_t + tmpfs_t + (file (map read write))) + (allow guix_daemon_t + hugetlbfs_t + (file (map read write))) + (allow guix_daemon_t + postgresql_port_t + (tcp_socket (name_connect name_bind))) + (allow guix_daemon_t rtp_media_port_t (udp_socket (name_bind))) (allow guix_daemon_t |