From 35bd94a49257bbadcb3ca25342e5c1ec33f438f0 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 22 May 2021 19:42:15 +0200 Subject: [PATCH] etc: Add more SELinux permissions for the daemon. * etc/guix-daemon.cil.in (guix_daemon): Add more permissions, necessary for garbage collection. --- etc/guix-daemon.cil.in | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in index 4f52157354..c9f4e3186d 100644 --- a/etc/guix-daemon.cil.in +++ b/etc/guix-daemon.cil.in @@ -301,7 +301,7 @@ open read write))) (allow guix_daemon_t guix_daemon_conf_t - (lnk_file (create getattr rename unlink))) + (lnk_file (create getattr rename unlink read))) (allow guix_daemon_t net_conf_t (file (getattr open read))) (allow guix_daemon_t net_conf_t @@ -328,6 +328,9 @@ (allow guix_daemon_t cache_home_t (dir (search))) + (allow guix_daemon_t + cache_home_t + (lnk_file (getattr read))) ;; self upgrades (allow guix_daemon_t @@ -340,7 +343,7 @@ ;; Socket operations (allow guix_daemon_t guix_daemon_socket_t - (sock_file (unlink))) + (sock_file (unlink write))) (allow guix_daemon_t init_t (fd (use)))