[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#44594: [PATCH v4] doc: add a note about relabling after upgrades to
|
From: |
Daniel Brooks |
|
Subject: |
bug#44594: [PATCH v4] doc: add a note about relabling after upgrades to the |
|
Date: |
Sat, 14 Nov 2020 08:08:25 -0800 |
>From b29749885c93811f901d0ec4e13de38f70f8c100 Mon Sep 17 00:00:00 2001
From: Daniel Brooks <db48x@db48x.net>
Date: Sat, 14 Nov 2020 08:04:30 -0800
Subject: [PATCH v4] doc: add a note about relabling after upgrades to the
SELinux Support section of the manual
* doc/guix.texi (SELinux Support): add note about upgrades
---
doc/guix.texi | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 8440ffffc7..67f5155b9f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1398,6 +1398,11 @@ install and run it, which lifts it into the
@code{guix_daemon_t} domain.
At that point SELinux could not prevent it from accessing files that are
allowed for processes in that domain.
+You will need to relabel the @file{/gnu} directory after all upgrades to
+@file{guix-daemon}, such as with @code{guix pull}. You can do this with
+@code{restorecon -vR /gnu}, or by other means provided by your operating
+system.
+
We could generate a much more restrictive policy at installation time,
so that only the @emph{exact} file name of the currently installed
@code{guix-daemon} executable would be labelled with
--
2.26.2