Hi Sébastien, Sébastien Gendre <[email protected]> writes:
> But I got a permission denied when Guix tried to use fakeroot. If I set > SELinux to permissive, I no longer have the problem. > > I try to understand if it's a problem from how Guix use it, to determine > if I need to open a bug report on Guix side or Fedora side (the > distribution I run Guix on). […] > fakeroot, while creating message channels: Permission denied > This may be due to a lack of SYSV IPC support. > fakeroot: error while starting the `faked' daemon. The problem here is that SELinux changes the behavior of some pretty fundamental interfaces in the kernel. In this case, why is SELinux preventing the creation of SysV IPC message queues? Guix assumes that doing that is possible, but SELinux breaks that assumptions. There might be good reasons to do that, but it breaks the Guix/kernel “contract”. Unfortunately I don’t think this can be reported as a bug: on the Guix side, there’s nothing we can do; and on the Fedora side, perhaps the only thing the could do is tweak the SELinux to satisfy this particular use case of Guix, assuming that’s an acceptable change for them. HTH, Ludo’.
