> What is the file name of “guix” when running in permissive mode? We > need to know this to adjust the policy. > After running `which guix` I get: /usr/local/bin/guix I tried to add another label for it but it didn't work. I was going to ask you for a good tutorial for writing the policies but I have just found https://github.com/SELinuxProject/cil/wiki, I will read it the next days :)
I am attaching the diff file. Regards! Laura
diff -b guix-daemon.cil /home/laura/guix/etc/guix-daemon.cil.in 1c1 < ;; -*- lisp -*- --- > ; -*- lisp -*- 45,48d44 < (type guix_client_exec_t) < (roletype object_r guix_client_exec_t) < (type guix_client_t) < (roletype object_r guix_client_t) 51c47 < (typeattributeset domain (guix_daemon_t guix_daemon_exec_t guix_client_t)) --- > (typeattributeset domain (guix_daemon_t guix_daemon_exec_t)) 267,279d262 < ;;Client operations < (allow guix_client_t < guix_daemon_conf_t < (dir (search < getattr < open read))) < (allow guix_client_t < guix_daemon_conf_t < (file (map < getattr < open read))) < < 302,306c285 < any (system_u object_r guix_daemon_socket_t (low low))) < (filecon "@storedir@/.../bin/guix" < file (system_u object_r guix_client_exec_t (low low))) < (filecon "/usr/local/bin/guix" < file (system_u object_r guix_client_exec_t (low low)))) --- > any (system_u object_r guix_daemon_socket_t (low low))))
