guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

05/07: etc: Add more SELinux permissions for the daemon.

From: guix-commits
Subject: 05/07: etc: Add more SELinux permissions for the daemon.
Date: Sat, 22 May 2021 13:55:25 -0400 (EDT) 
mbakke pushed a commit to branch master
in repository guix.

commit 35bd94a49257bbadcb3ca25342e5c1ec33f438f0
Author: Marius Bakke <marius@gnu.org>
AuthorDate: Sat May 22 19:42:15 2021 +0200

    etc: Add more SELinux permissions for the daemon.
    
    * etc/guix-daemon.cil.in (guix_daemon): Add more permissions, necessary for
    garbage collection.
---
 etc/guix-daemon.cil.in | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in
index 4f52157..c9f4e31 100644
--- a/etc/guix-daemon.cil.in
+++ b/etc/guix-daemon.cil.in
@@ -301,7 +301,7 @@
                 open read write)))
   (allow guix_daemon_t
          guix_daemon_conf_t
-         (lnk_file (create getattr rename unlink)))
+         (lnk_file (create getattr rename unlink read)))
   (allow guix_daemon_t net_conf_t
          (file (getattr open read)))
   (allow guix_daemon_t net_conf_t
@@ -328,6 +328,9 @@
   (allow guix_daemon_t
          cache_home_t
          (dir (search)))
+  (allow guix_daemon_t
+         cache_home_t
+         (lnk_file (getattr read)))
 
   ;; self upgrades
   (allow guix_daemon_t
@@ -340,7 +343,7 @@
   ;; Socket operations
   (allow guix_daemon_t
          guix_daemon_socket_t
-         (sock_file (unlink)))
+         (sock_file (unlink write)))
   (allow guix_daemon_t
          init_t
          (fd (use)))
reply via email to
[Prev in Thread] Current Thread [Next in Thread]