From afaeb657b118e6998342110deab8c8110b824417 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Fri, 23 Dec 2022 16:48:20 +0100 Subject: [PATCH] etc: SELinux: Allow init process to setattr on profile directories. * etc/guix-daemon.cil.in: Add rule. --- etc/guix-daemon.cil.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in index 0245c36231..f55ef226c1 100644 --- a/etc/guix-daemon.cil.in +++ b/etc/guix-daemon.cil.in @@ -94,6 +94,9 @@ (allow init_t guix_store_content_t (file (open read execute))) + (allow init_t + guix_profiles_t + (dir (setattr))) ;; guix-daemon needs to know the names of users (allow guix_daemon_t