guix_mirror_bot pushed a commit to branch master
in repository guix.
commit 8ead7a983706bc9ac7647a7b017d08b7bc1aadaa
Author: Artyom V. Poptsov <[email protected]>
AuthorDate: Fri Mar 6 15:55:19 2026 +0300
etc: apparmor.d: Fix "guix-daemon/guix-builder" policy.
Currently Guix daemon would always fail to build packages that require
execution of programs and scripts in "/tmp" directory (e.g. in "bootstrap"
phase) on foreign distributions that use AppArmor as it denies such requests
due to policy restrictions. This patch fixes "guix-daemon" AppArmor policy
by
allowing execution of programs in "/tmp" for "guix-builder".
See <https://codeberg.org/guix/guix/issues/6501>
* etc/apparmor.d/guix-daemon: Fix permissions for guix-daemon/guix-builder.
Change-Id: Ib6a33fcc035011d7045da03346f3afeb598b7d7a
Signed-off-by: Efraim Flashner <[email protected]>
---
etc/apparmor.d/guix-daemon | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/etc/apparmor.d/guix-daemon b/etc/apparmor.d/guix-daemon
index cb1ee92685..9ca9792030 100644
--- a/etc/apparmor.d/guix-daemon
+++ b/etc/apparmor.d/guix-daemon
@@ -51,7 +51,7 @@ profile guix-daemon
@{guix_storedir}/*-{guix-daemon,guix}-*/bin/guix-daemon flag
@{guix_storedir}/** rwlmkux,
- owner /tmp/** rw,
+ owner /tmp/** rwux,
@{PROC}/@{pid}/fd/ r,
