etc: SELinux: Update policy file.

Tested on Rocky Linux 9, as discussed at <https://issues.guix.gnu.org/62487>. * etc/guix-daemon.cil.in: Add rules for /gnu/store remount and file creation in /tmp.
author: Ludovic Courtès <ludo@gnu.org> 2023-05-25 11:37:35 +0200
committer: Ludovic Courtès <ludo@gnu.org> 2023-05-25 12:51:15 +0200
commit: 3bf612eaa13cc39caab64567660b8a02d206d19a (patch)
tree: 7ba127ebc68d42ebd521e35df44d999f7df9a00a /etc
parent: 0b0c2ef6381e05f87aa5c4a99d05054a0b677662 (diff)
download: guix-patches-3bf612eaa13cc39caab64567660b8a02d206d19a.tar
guix-patches-3bf612eaa13cc39caab64567660b8a02d206d19a.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in
index f55ef226c1..b221e31094 100644
--- a/etc/guix-daemon.cil.in
+++ b/etc/guix-daemon.cil.in
@@ -176,6 +176,11 @@
                 execute_no_trans read write open entrypoint map
                 getattr link unlink)))
 
+  ;; Remounting /gnu/store read-write.
+  (allow guix_daemon_t
+         fs_t
+         (filesystem (remount)))
+
   ;; TODO: unknown
   (allow guix_daemon_t
          root_t
@@ -223,6 +228,9 @@
   (allow guix_daemon_t
          tmpfs_t
          (file (create open read unlink write)))
+  (allow guix_daemon_t                          ;same as above, but with tmp_t
+         tmp_t
+         (file (create open read unlink write)))
   (allow guix_daemon_t
          tmpfs_t
          (dir (getattr add_name remove_name write)))
author	Ludovic Courtès <ludo@gnu.org>	2023-05-25 11:37:35 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2023-05-25 12:51:15 +0200
commit	3bf612eaa13cc39caab64567660b8a02d206d19a (patch)
tree	7ba127ebc68d42ebd521e35df44d999f7df9a00a /etc
parent	0b0c2ef6381e05f87aa5c4a99d05054a0b677662 (diff)
download	guix-patches-3bf612eaa13cc39caab64567660b8a02d206d19a.tar guix-patches-3bf612eaa13cc39caab64567660b8a02d206d19a.tar.gz