etc: SELinux: Allow init process to setattr on profile directories.

author Ricardo Wurmus <rekado@elephly.net>

Fri, 23 Dec 2022 15:48:20 +0000 (16:48 +0100)

committer Ricardo Wurmus <rekado@elephly.net>

Fri, 23 Dec 2022 19:20:06 +0000 (20:20 +0100)
author Ricardo Wurmus <rekado@elephly.net>
Fri, 23 Dec 2022 15:48:20 +0000 (16:48 +0100)
committer Ricardo Wurmus <rekado@elephly.net>
Fri, 23 Dec 2022 19:20:06 +0000 (20:20 +0100)
diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in

index 0245c36..f55ef22 100644 (file)
--- a/etc/guix-daemon.cil.in
+++ b/etc/guix-daemon.cil.in
@@ -94,6 +94,9 @@
    (allow init_t
           guix_store_content_t
           (file (open read execute)))
+  (allow init_t
+         guix_profiles_t
+         (dir (setattr)))
  
    ;; guix-daemon needs to know the names of users
    (allow guix_daemon_t
author	Ricardo Wurmus <rekado@elephly.net>
	Fri, 23 Dec 2022 15:48:20 +0000 (16:48 +0100)
committer	Ricardo Wurmus <rekado@elephly.net>
	Fri, 23 Dec 2022 19:20:06 +0000 (20:20 +0100)