bartronx7/guix
1
0
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2026-01-25 03:55:08 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

etc: Update SELinux rule file to support unprivileged daemon.

Browse source 
Fixes: #3576.

* etc/guix-daemon.cil.in: Add rules for unprivileged daemon.

Change-Id: Ic0c561036230d397f7071daef33ca8181684d014
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Rutherther 2025-11-29 17:58:54 +01:00 committed by Ludovic Courtès
parent f29cd8868e
commit bd2edc9e43
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
etc/guix-daemon.cil.in
View file

@ -185,6 +185,9 @@
(allow guix_daemon_t
root_t
(dir (mounton)))
(allow init_t
guix_daemon.guix_store_content_t
(dir (mounton)))
(allow guix_daemon_t
fs_t
(filesystem (getattr)))
@ -361,6 +364,14 @@
self
(netlink_route_socket (bind create getattr nlmsg_read read write getopt)))
;; Allow use of user namespaces
(allow guix_daemon_t
self
(cap_userns (sys_admin net_admin sys_chroot)))
(allow guix_daemon_t
self
(user_namespace (create)))
;; Socket operations
(allow guix_daemon_t
guix_daemon_socket_t