Hi!
I am somewhat stuck :/
I cannot figure out why this doesn't work.
I have even tried adding the full path but when I test it I still see that
Guix is not found using enforcing mode.
Any ideas?
Regards :)
Laura
@@ -1,4 +1,4 @@
-;; -*- lisp -*-
+; -*- lisp -*-
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018 Ricardo Wurmus <rek...@elephly.net>
;;;
@@ -42,13 +42,9 @@
(roletype object_r guix_store_content_t)
(type guix_profiles_t)
(roletype object_r guix_profiles_t)
- (type guix_client_exec_t)
- (roletype object_r guix_client_exec_t)
- (type guix_client_t)
- (roletype object_r guix_client_t)
;; These types are domains, thereby allowing process rules
- (typeattributeset domain (guix_daemon_t guix_daemon_exec_t guix_client_t))
+ (typeattributeset domain (guix_daemon_t guix_daemon_exec_t))
(level low (s0))
@@ -58,8 +54,6 @@
process guix_daemon_t)
(typetransition guix_store_content_t guix_daemon_exec_t
process guix_daemon_t)
- (typetransition guix_store_content_t guix_client_exec_t
- process guix_client_t)
;; Permit communication with NSCD
(allow guix_daemon_t
@@ -266,19 +260,6 @@
self
(udp_socket (ioctl create)))
- ;;Client operations
- (allow guix_client_t
- guix_daemon_conf_t
- (dir (search
- getattr
- open read)))
- (allow guix_client_t
- guix_daemon_conf_t
- (file (map
- getattr
- open read)))
-
-
;; Label file system
(filecon "@guix_sysconfdir@/guix(/.*)?"
any (system_u object_r guix_daemon_conf_t (low low)))
@@ -301,6 +282,4 @@
(filecon "@storedir@/.+-(guix-.+|profile)/libexec/guix/(.*)?"
any (system_u object_r guix_daemon_exec_t (low low)))
(filecon "@guix_localstatedir@/guix/daemon-socket/socket"
- any (system_u object_r guix_daemon_socket_t (low low)))
- (filecon "/var/guix/profiles/per-user/root/current-guix/bin/guix"
- file (system_u object_r guix_client_exec_t (low low))))
+ any (system_u object_r guix_daemon_socket_t (low low))))
