Marek Felšöci <marek.fels...@lip6.fr> writes: > I get an access denied error on the ".guix/channels.scm" file which I > own and have access to. > > I tried to play around with the AppArmor profile, but with no > success. Are we still missing something?
Do you see any relevant information in the AppArmor logs? I'm not familiar with AppArmor, but in SELinux there's the concept of type transitions. "guix time-machine" builds a directory and then executes "bin/guix" from that store location. In SELinux you would need to explicitly allow for that transition, so that $HOME/.config/current/bin/guix can preserve its type when executing the independent /gnu/store/.../bin/guix. (Looking at our SELinux policy it seems to me that we're missing a type transition for this case, so I would assume that "guix time-machine" also doesn't work on a system where SELinux is enforcing policies.) -- Ricardo
