guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/09: etc: SELinux: Update policy file.

From: guix-commits
Subject: 01/09: etc: SELinux: Update policy file.
Date: Thu, 25 May 2023 06:52:51 -0400 (EDT) 
civodul pushed a commit to branch master
in repository guix.

commit 3bf612eaa13cc39caab64567660b8a02d206d19a
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Thu May 25 11:37:35 2023 +0200

    etc: SELinux: Update policy file.
    
    Tested on Rocky Linux 9, as discussed
    at <https://issues.guix.gnu.org/62487>.
    
    * etc/guix-daemon.cil.in: Add rules for /gnu/store remount and file
    creation in /tmp.
---
 etc/guix-daemon.cil.in | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in
index f55ef226c1..b221e31094 100644
--- a/etc/guix-daemon.cil.in
+++ b/etc/guix-daemon.cil.in
@@ -176,6 +176,11 @@
                 execute_no_trans read write open entrypoint map
                 getattr link unlink)))
 
+  ;; Remounting /gnu/store read-write.
+  (allow guix_daemon_t
+         fs_t
+         (filesystem (remount)))
+
   ;; TODO: unknown
   (allow guix_daemon_t
          root_t
@@ -223,6 +228,9 @@
   (allow guix_daemon_t
          tmpfs_t
          (file (create open read unlink write)))
+  (allow guix_daemon_t                          ;same as above, but with tmp_t
+         tmp_t
+         (file (create open read unlink write)))
   (allow guix_daemon_t
          tmpfs_t
          (dir (getattr add_name remove_name write)))
reply via email to
[Prev in Thread] Current Thread [Next in Thread]