guix-install.sh: Install SELinux policy only if tools are present.

* etc/guix-install.sh (sys_maybe_setup_selinux): Silently return if
the ‘semodule’ or ‘restorecon’ commands are missing.
This commit is contained in:
Tobias Geerinckx-Rice 2023-07-16 02:00:01 +02:00
parent 445a035908
commit c89e0b4d20
No known key found for this signature in database
GPG key ID: 0DB0FF884F556D79

View file

@ -600,15 +600,26 @@ fi
sys_maybe_setup_selinux()
{
if [ -f /sys/fs/selinux/policy ]
if ! [ -f /sys/fs/selinux/policy ]
then
prompt_yes_no "Install SELinux policy required to run guix-daemon?" \
return
fi
local c
for c in semodule restorecon
do
if ! command -v "$c" &>/dev/null
then
return
fi
done
prompt_yes_no "Install SELinux policy that might be required to run guix-daemon?" \
|| return
local var_guix=/var/guix/profiles/per-user/root/current-guix
semodule -i "${var_guix}/share/selinux/guix-daemon.cil"
restorecon -R /gnu /var/guix
fi
}
welcome()