stellarskylark
/
guix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

etc: SELinux: Update policy file. 

Tested on Rocky Linux 9, as discussed
at <https://issues.guix.gnu.org/62487>.

* etc/guix-daemon.cil.in: Add rules for /gnu/store remount and file
creation in /tmp.
This commit is contained in:
Ludovic Courtès 2023-05-25 11:37:35 +02:00
parent 0b0c2ef638
commit 3bf612eaa1
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
etc/guix-daemon.cil.in
View File

@ -176,6 +176,11 @@
execute_no_trans read write open entrypoint map
getattr link unlink)))
;; Remounting /gnu/store read-write.
(allow guix_daemon_t
fs_t
(filesystem (remount)))
;; TODO: unknown
(allow guix_daemon_t
root_t
@ -223,6 +228,9 @@
(allow guix_daemon_t
tmpfs_t
(file (create open read unlink write)))
(allow guix_daemon_t ;same as above, but with tmp_t
tmp_t
(file (create open read unlink write)))
(allow guix_daemon_t
tmpfs_t
(dir (getattr add_name remove_name write)))