etc: SELinux: Label guix-daemon executable in profile.

* etc/guix-daemon.cil.in: Add file rule for "guix-daemon" in current-guix
profile.

diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in
index f4767ff..ba100a4 100644 (file)
--- a/etc/guix-daemon.cil.in
+++ b/etc/guix-daemon.cil.in
@@ -447,6 +447,8 @@
            any (unconfined_u object_r guix_store_content_t (low low)))
   (filecon "@prefix@/bin/guix-daemon"
            file (system_u object_r guix_daemon_exec_t (low low)))
+  (filecon "@guix_localstatedir@/guix/profiles/per-user/[^/]+/current-guix/bin/guix-daemon"
+           file (system_u object_r guix_daemon_exec_t (low low)))
   (filecon "@storedir@/.+-(guix-.+|profile)/bin/guix-daemon"
            file (system_u object_r guix_daemon_exec_t (low low)))
   (filecon "@storedir@/[a-z0-9]+-guix-daemon"