mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-07 07:26:13 -05:00
etc: SELinux: Update policy file.
Tested on Rocky Linux 9, as discussed at <https://issues.guix.gnu.org/62487>. * etc/guix-daemon.cil.in: Add rules for /gnu/store remount and file creation in /tmp.
This commit is contained in:
parent
0b0c2ef638
commit
3bf612eaa1
1 changed files with 8 additions and 0 deletions
|
@ -176,6 +176,11 @@
|
|||
execute_no_trans read write open entrypoint map
|
||||
getattr link unlink)))
|
||||
|
||||
;; Remounting /gnu/store read-write.
|
||||
(allow guix_daemon_t
|
||||
fs_t
|
||||
(filesystem (remount)))
|
||||
|
||||
;; TODO: unknown
|
||||
(allow guix_daemon_t
|
||||
root_t
|
||||
|
@ -223,6 +228,9 @@
|
|||
(allow guix_daemon_t
|
||||
tmpfs_t
|
||||
(file (create open read unlink write)))
|
||||
(allow guix_daemon_t ;same as above, but with tmp_t
|
||||
tmp_t
|
||||
(file (create open read unlink write)))
|
||||
(allow guix_daemon_t
|
||||
tmpfs_t
|
||||
(dir (getattr add_name remove_name write)))
|
||||
|
|
Loading…
Reference in a new issue