From 0fd87768e47f9e429d8c0ec9ac4e7928832ff33b Mon Sep 17 00:00:00 2001
From: Daniel Brooks <db48x@db48x.net>
Date: Sat, 14 Nov 2020 08:04:30 -0800
Subject: doc: Add a note about SELinux relabeling after upgrades to
 guix-daemon.

* doc/guix.texi (SELinux Support): Add note about upgrades.

Signed-off-by: Marius Bakke <marius@gnu.org>
---
 doc/guix.texi | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'doc')

diff --git a/doc/guix.texi b/doc/guix.texi
index 2864c65e00..2f3a474866 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -83,6 +83,7 @@ Copyright @copyright{} 2020 pinoaffe@*
 Copyright @copyright{} 2020 André Batista@*
 Copyright @copyright{} 2020 Alexandru-Sergiu Marton@*
 Copyright @copyright{} 2020 raingloom@*
+Copyright @copyright{} 2020 Daniel Brooks@*
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1398,6 +1399,11 @@ install and run it, which lifts it into the @code{guix_daemon_t} domain.
 At that point SELinux could not prevent it from accessing files that are
 allowed for processes in that domain.
 
+You will need to relabel the store directory after all upgrades to
+@file{guix-daemon}, such as after running @code{guix pull}.  Assuming the
+store is in @file{/gnu}, you can do this with @code{restorecon -vR /gnu},
+or by other means provided by your operating system.
+
 We could generate a much more restrictive policy at installation time,
 so that only the @emph{exact} file name of the currently installed
 @code{guix-daemon} executable would be labelled with
-- 
cgit v1.2.3