diff options
author | Marius Bakke <marius@gnu.org> | 2020-12-10 23:42:48 +0100 |
---|---|---|
committer | Marius Bakke <marius@gnu.org> | 2020-12-10 23:48:42 +0100 |
commit | d677f3d6231d352fdb65b70f67d85fb5744e912c (patch) | |
tree | a62fb0f683e01023d3deadf2dc12e35f0e975385 | |
parent | 73817f711baf5c26f10690b6df4d802b3434f70d (diff) | |
download | guix-d677f3d6231d352fdb65b70f67d85fb5744e912c.tar guix-d677f3d6231d352fdb65b70f67d85fb5744e912c.tar.gz |
etc: Add more SELinux permissions for the daemon.
* etc/guix-daemon.cil.in (guix_daemon): Permit file write, getattr, link and
unlink for the guix_daemon_exec_t type.
-rw-r--r-- | etc/guix-daemon.cil.in | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in index cc8999d9a8..4f52157354 100644 --- a/etc/guix-daemon.cil.in +++ b/etc/guix-daemon.cil.in @@ -167,7 +167,9 @@ (process (fork execmem setrlimit setpgid setsched))) (allow guix_daemon_t guix_daemon_exec_t - (file (execute execute_no_trans read open entrypoint map))) + (file (execute + execute_no_trans read write open entrypoint map + getattr link unlink))) ;; TODO: unknown (allow guix_daemon_t |