Hi! Is anyone to evaluate this?
Thanks! On Sat, Sep 28, 2024 at 11:01 PM Pasta Pasta <pa...@dash.org> wrote: > > Hi all, > > I installed guix via > https://guix.gnu.org/manual/en/html_node/Binary-Installation.html > specifically > ``` > cd /tmp > wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh > chmod +x guix-install.sh > sudo ./guix-install.sh > ``` > > I then tried to follow the docs here: > https://guix.gnu.org/manual/en/html_node/SELinux-Support.html related > to SELinux > > I ended up running > ``` > sudo semodule -i > /gnu/store/271mkw93sqb3hc4ngszcjfsc2wsb6yc8-guix-1.4.0/share/selinux/guix-daemon.cil > ``` > > As this was the only file I found that looked right according to the > docs such as `semodule -i etc/guix-daemon.cil` > > I've restarted my system a few times, however, I am still getting > SELinux violations resulting in > ``` > $ guix pull > guix pull: error: remounting /gnu/store writable: Permission denied > ``` > > see the detailed SELinux violation report > > ``` > SELinux is preventing guix-daemon from remount access on the filesystem . > > ***** Plugin catchall (100. confidence) suggests ************************** > > If you believe that guix-daemon should be allowed remount access on > the filesystem by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # ausearch -c 'guix-daemon' --raw | audit2allow -M my-guixdaemon > # semodule -X 300 -i my-guixdaemon.pp > > Additional Information: > Source Context system_u:system_r:guix_daemon.guix_daemon_t:s0 > Target Context system_u:object_r:fs_t:s0 > Target Objects [ filesystem ] > Source guix-daemon > Source Path guix-daemon > Port <Unknown> > Host pasta-macbookpro-asahi > Source RPM Packages > Target RPM Packages > SELinux Policy RPM selinux-policy-targeted-40.27-1.fc40.noarch > Local Policy RPM > Selinux Enabled True > Policy Type targeted > Enforcing Mode Enforcing > Host Name pasta-macbookpro-asahi > Platform Linux pasta-macbookpro-asahi > 6.11.0-400.asahi.fc40.aarch64+16k #1 SMP > PREEMPT_DYNAMIC Fri Sep 27 02:59:31 UTC 2024 > aarch64 > Alert Count 12 > First Seen 2024-09-28 22:37:00 CDT > Last Seen 2024-09-28 22:51:58 CDT > Local ID 00bfc2a9-edf9-49d4-9f98-aaff428092a2 > > Raw Audit Messages > type=AVC msg=audit(1727581918.607:304): avc: denied { remount } for > pid=3363 comm="guix-daemon" > scontext=system_u:system_r:guix_daemon.guix_daemon_t:s0 > tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0 > > > Hash: guix-daemon,guix_daemon.guix_daemon_t,fs_t,filesystem,remount > ``` > > I tried running the recommended steps by SELinux, but that did not work. > > Please advise!
