From 4166b583fb05728e481759f3db733ea85e165ccf Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludovic.courtes@inria.fr>
Date: Thu, 25 May 2023 11:41:23 +0200
Subject: guix-install.sh: Install SELinux policy and relabel file systems if
 needed.

Fixes <https://issues.guix.gnu.org/62487>.

* etc/guix-install.sh (sys_maybe_setup_selinux): New function.
(main): Use it.
---
 etc/guix-install.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'etc')

diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index e81da7ae71..5012db55dd 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -606,6 +606,19 @@ fi
     _msg "${PAS}Bash shell prompt successfully customized for Guix"
 }
 
+sys_maybe_setup_selinux()
+{
+    if [ -f /sys/fs/selinux/policy ]
+    then
+	prompt_yes_no "Install SELinux policy required to run guix-daemon?" \
+	    || return
+
+	local var_guix=/var/guix/profiles/per-user/root/current-guix
+	semodule -i "${var_guix}/share/selinux/guix-daemon.cil"
+	restorecon -R /gnu /var/guix
+    fi
+}
+
 welcome()
 {
     local char
@@ -681,6 +694,7 @@ main()
 
     sys_create_store "${GUIX_BINARY_FILE_NAME}" "${tmp_path}"
     sys_create_build_user
+    sys_maybe_setup_selinux
     sys_enable_guix_daemon
     sys_authorize_build_farms
     sys_create_init_profile
-- 
cgit 1.4.1