Re: [PATCH] Add SELinux policy for guix-daemon.

[Catonano]

2018-01-25 17:17 GMT+01:00 Ricardo Wurmus <address@hidden>:

Hi Guix,

attached is a patch that adds an SELinux policy for the guix-daemon.
The policy defines the guix_daemon_t domain and specifies what labels
may be accessed and how by processes running in that domain.

These file labels are defined:

* guix_daemon_conf_t
  for Guix configuration files (in localstatedir and sysconfdir)
* guix_daemon_exec_t
  for executables spawned by the daemon (which are allowed to run in the
  guix_daemon_t domain)
* guix_daemon_socket_t
  for the daemon socket file
* guix_profiles_t
  for the contents of the profiles directory

I' m not sure I understand: is this meant to allow Guix to run in foreign distros like Fedora ?

Or is this meant to have SELinux running inside the GuixSD environment ?

I might be interested in runnig Guix on my Fedora installation.

Also, Ricardo, I remember you posted a link to an introduction to SELinux for human beings, some months ago.

Maybe on the irc channel, maybe on some meiling list

I searched here and found nothing

Should you be able to post that lik again, I' d be grateful

I promise I will bookmark it this time

Thanks !

Ciao