etc: Add more SELinux permissions for the daemon.

* etc/guix-daemon.cil.in (guix_daemon): Permit file write, getattr, link and
unlink for the guix_daemon_exec_t type.
This commit is contained in:
Marius Bakke 2020-12-10 23:42:48 +01:00
parent 73817f711b
commit d677f3d623
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA

View file

@ -167,7 +167,9 @@
(process (fork execmem setrlimit setpgid setsched))) (process (fork execmem setrlimit setpgid setsched)))
(allow guix_daemon_t (allow guix_daemon_t
guix_daemon_exec_t guix_daemon_exec_t
(file (execute execute_no_trans read open entrypoint map))) (file (execute
execute_no_trans read write open entrypoint map
getattr link unlink)))
;; TODO: unknown ;; TODO: unknown
(allow guix_daemon_t (allow guix_daemon_t