guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Add SELinux policy for guix-daemon.

From: Ricardo Wurmus
Subject: Re: [PATCH] Add SELinux policy for guix-daemon.
Date: Sun, 11 Feb 2018 14:40:47 +0100
User-agent: mu4e 0.9.18; emacs 25.3.1 
Catonano <address@hidden> writes:

>> If you want to test this on Fedora, set SELinux to permissive, and make
>> sure to configure Guix properly (i.e. set localstatedir, prefix, and
>> sysconfdir).  Then install the policy with “sudo semodule -i
>> etc/guix-daemon.cil”.  Then relabel the filesystem (at least /gnu,
>> $localstatedir, $sysconfdir, and $prefix) with something like this:
>>
>>     sudo restorecon -R /gnu $localstatedir $sysconfdir $prefix
>>
>
> can I do this with the binary installation made with Sharlatan's script ?

No, the script won’t install the SELinux policy.  It wouldn’t work on
all systems, only on those where a suitable SELinux base policy is
available.

> $localstatedir is /var, I suppose
>
> But I don' t know about $sysconfdir and $prefix

/etc and /.  But you’d be better off just relabeling everything.  On
Fedora you can touch a certain file and have everything relabeled on
reboot.  Takes a long time, though.

--
Ricardo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]