Hello to all,
I have got some news on the subject. Recently, I found this gist:
https://gist.github.com/laanwj/cddb2ec7d18e71066d21e5ee993fe971
It proposes an AppArmor profile for Guix together with some explanations.
After adapting the path to the `guix` executable like so
```
abi <abi/4.0>,
include <tunables/global>
profile guix /gnu/store/{*-guix-command,*/bin/guix} flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/guix>
}
```
and loading the profile into AppArmor, I am able to run `guix shell -C bash --
bash`. Possibly too permissive, the profile works though. It may at least
provide a temporary solution for those, like me, for who the container
functionality is critical on daily basis.
Best regards,
Marek
