mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 13:28:12 -05:00
etc: SELinux: Update policy file.
Tested on Rocky Linux 9, as discussed at <https://issues.guix.gnu.org/62487>. * etc/guix-daemon.cil.in: Add rules for /gnu/store remount and file creation in /tmp.
This commit is contained in:
parent
0b0c2ef638
commit
3bf612eaa1
1 changed files with 8 additions and 0 deletions
|
@ -176,6 +176,11 @@
|
||||||
execute_no_trans read write open entrypoint map
|
execute_no_trans read write open entrypoint map
|
||||||
getattr link unlink)))
|
getattr link unlink)))
|
||||||
|
|
||||||
|
;; Remounting /gnu/store read-write.
|
||||||
|
(allow guix_daemon_t
|
||||||
|
fs_t
|
||||||
|
(filesystem (remount)))
|
||||||
|
|
||||||
;; TODO: unknown
|
;; TODO: unknown
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
root_t
|
root_t
|
||||||
|
@ -223,6 +228,9 @@
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
tmpfs_t
|
tmpfs_t
|
||||||
(file (create open read unlink write)))
|
(file (create open read unlink write)))
|
||||||
|
(allow guix_daemon_t ;same as above, but with tmp_t
|
||||||
|
tmp_t
|
||||||
|
(file (create open read unlink write)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
tmpfs_t
|
tmpfs_t
|
||||||
(dir (getattr add_name remove_name write)))
|
(dir (getattr add_name remove_name write)))
|
||||||
|
|
Loading…
Reference in a new issue