aboutsummaryrefslogtreecommitdiff
path: root/etc/guix-daemon.cil.in
Commit message (Collapse)AuthorAge
* etc: SELinux: Update policy file.Ludovic Courtès2023-05-25
| | | | | | | | Tested on Rocky Linux 9, as discussed at <https://issues.guix.gnu.org/62487>. * etc/guix-daemon.cil.in: Add rules for /gnu/store remount and file creation in /tmp.
* etc: SELinux: Allow init process to setattr on profile directories.Ricardo Wurmus2022-12-23
| | | | * etc/guix-daemon.cil.in: Add rule.
* etc: SELinux: Allow daemon to search run state directories.Ricardo Wurmus2022-12-23
| | | | | * etc/guix-daemon.cil.in: Import types init_var_run_t and system_dbusd_var_run_t; add rules.
* etc: SELinux: Label guix-daemon executable in profile.Ricardo Wurmus2022-12-23
| | | | | * etc/guix-daemon.cil.in: Add file rule for "guix-daemon" in current-guix profile.
* etc: Remove redundant SELinux permissions block.Marius Bakke2022-01-26
| | | | | * etc/guix-daemon.cil.in (guix_daemon): Consolidate two blocks adding sock_file permissions on guix_daemon_conf_t.
* etc: Add more SELinux permissions for the daemon.Marius Bakke2022-01-24
| | | | | * etc/guix-daemon.cil.in (guix_daemon): Permit write on guix_daemon_conf_t sock_file, necessary for garbage collection.
* etc: Add more SELinux permissions for the daemon.Marius Bakke2021-05-22
| | | | | * etc/guix-daemon.cil.in (guix_daemon): Add more permissions, necessary for garbage collection.
* etc: Add more SELinux permissions for the daemon.Marius Bakke2020-12-10
| | | | | * etc/guix-daemon.cil.in (guix_daemon): Permit file write, getattr, link and unlink for the guix_daemon_exec_t type.
* etc: Add more SELinux permissions for the daemon.Marius Bakke2020-11-27
| | | | | * etc/guix-daemon.cil.in (guix_daemon): Permit more operations required for various build jobs.
* etc: Add more SELinux permissions for the daemon.Marius Bakke2020-11-26
| | | | | | * etc/guix-daemon.cil.in (guix_daemon): Permit file appending, setattr, read/write UDP sockets, access to tmpfs and hugetlbfs, and connecting to PostgreSQL.
* etc: Add more SELinux permissions for the daemon.Marius Bakke2020-11-25
| | | | | | This is needed for some package test suites. * etc/guix-daemon.cil.in (guix_daemon): Permit unix_dgram_socket operations.
* etc: Updates for the guix-daemon SELinux policy.Daniel Brooks2020-11-15
| | | | | | | | | | | | * etc/guix-daemon.cil.in (guix_daemon): Specify more permissions for guix-daemon to account for daemon updates and newer SELinux. I can't promise that this is a complete list of everything that guix-daemon needs, but it's probably most of them. It can search for, install, upgrade, and remove packages, create virtual machines and containers, update itself, and so on. Signed-off-by: Marius Bakke <marius@gnu.org>
* etc: Remove references to libexec/guix* from SELinux policy.Ludovic Courtès2019-09-08
| | | | * etc/guix-daemon.cil.in: Remove references to libexec/guix*.
* etc: Add SELinux policy for the daemon.Ricardo Wurmus2018-02-07
* etc/guix-daemon.cil.in: New file. * Makefile.am (dist_selinux_policy_DATA): Define it. * configure.ac: Handle --with-selinux-policy-dir. * doc/guix.texi (SELinux Support): New section.