From b59c18f761fc2d18e23fd121c6f6d1f559c6daa7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 25 May 2023 11:55:10 +0200 Subject: [PATCH] doc: Tweak SELinux instructions. * doc/guix.texi (SELinux Support): Add note about 'guix-install.sh'. Provide the absolute file name of 'guix-daemon.cil'. Wrap important commands in @example. Suggest relabeling just /gnu and /var/guix instead of all of /. Add "systemctl restart guix-daemon". --- doc/guix.texi | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index be02ac5deb..31dc33fb97 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -1559,16 +1559,33 @@ be used on Guix System. @subsubsection Installing the SELinux policy @cindex SELinux, policy installation + +@quotation Note +The @code{guix-install.sh} binary installation script offers to perform +the steps below for you (@pxref{Binary Installation}). +@end quotation + To install the policy run this command as root: @example -semodule -i etc/guix-daemon.cil +semodule -i /var/guix/profiles/per-user/root/current-guix/share/selinux/guix-daemon.cil @end example -Then relabel the file system with @code{restorecon -vR /} or by a -different mechanism provided by your system. You may need to remount -@file{/gnu/store} to make it writable first, e.g. with @code{mount -o -remount,rw /gnu/store}. +Then, as root, relabel the file system, possibly after making it +writable: + +@example +mount -o remount,rw /gnu/store +restorecon -R /gnu /var/guix +@end example + +At this point you can start or restart @command{guix-daemon}; on a +distribution that uses systemd as its service manager, you can do that +with: + +@example +systemctl restart guix-daemon +@end example Once the policy is installed, the file system has been relabeled, and the daemon has been restarted, it should be running in the