Ludovic Courtès <l...@gnu.org> writes:
> Hi Matt, > > Matt Wette <matt.we...@gmail.com> skribis: > >> I'm trying to get guix-1.0.1 running on Fedora-30 with its default >> SElinux set up. >> I found (hint from >> https://lists.gnu.org/archive/html/guix-devel/2019-05/msg00109.html) >> that the guix-daemon.cil file seems to be missing a few items. Without >> this patch >> # restorecon -R /gnu/store >> fails. > > OK, thanks for finding it out! > >> --- guix-daemon.cil.orig 2020-01-18 07:08:12.905986299 -0800 >> +++ guix-daemon.cil 2020-01-18 07:09:49.765737261 -0800 >> @@ -34,14 +34,19 @@ >> (roletype object_r guix_daemon_t) >> (type guix_daemon_conf_t) >> (roletype object_r guix_daemon_conf_t) >> + (typeattributeset file_type guix_daemon_conf_t) >> (type guix_daemon_exec_t) >> (roletype object_r guix_daemon_exec_t) >> + (typeattributeset file_type guix_daemon_exec_t) >> (type guix_daemon_socket_t) >> (roletype object_r guix_daemon_socket_t) >> + (typeattributeset file_type guix_daemon_socket_t) >> (type guix_store_content_t) >> (roletype object_r guix_store_content_t) >> + (typeattributeset file_type guix_store_content_t) >> (type guix_profiles_t) >> (roletype object_r guix_profiles_t) >> + (typeattributeset file_type guix_profiles_t) >> >> ;; These types are domains, thereby allowing process rules >> (typeattributeset domain (guix_daemon_t guix_daemon_exec_t)) > > Ricardo, WDYT? I know nothing about this config file so I’d rather have > your approval before pushing. Could we also do this in one expression? (typeattributeset file_type (or guix_profiles_t guix_daemon_conf_t guix_daemon_exec_t guix_daemon_socket_t guix_store_content_t)) I also think we need to declare our use of “file_type” first: (typeattribute file_type) What do you think? -- Ricardo
