Alex Vong writes:
>> These are not things that the daemon needs to have access to. These are
>> paths that are to be labeled. The daemon is executed in a certain
>> context, and processes in that context may have certain permissions on
>> some of the files that have
Gábor Boskovits writes:
>> > The resulting policy could then be used on GuixSD or any other system
>> > that doesn’t have a full SELinux configuration.
>>
>
> I looked around a little, and it seems, that at least Fedora and Debian
> has their base policies originated from
Ricardo Wurmus writes:
> Alex Vong writes:
>
>>> No, the script won’t install the SELinux policy. It wouldn’t work on
>>> all systems, only on those where a suitable SELinux base policy is
>>> available.
>>>
>> So it won't work on Debian? I think
Gábor Boskovits writes:
> 2018-02-15 16:32 GMT+01:00 Ricardo Wurmus :
>
> Alex Vong writes:
>
> >> No, the script won’t install the SELinux policy. It wouldn’t work on
> >> all systems, only on those where a suitable SELinux
2018-02-15 16:32 GMT+01:00 Ricardo Wurmus :
>
> Alex Vong writes:
>
> >> No, the script won’t install the SELinux policy. It wouldn’t work on
> >> all systems, only on those where a suitable SELinux base policy is
> >> available.
> >>
> > So it won't
Alex Vong writes:
>> No, the script won’t install the SELinux policy. It wouldn’t work on
>> all systems, only on those where a suitable SELinux base policy is
>> available.
>>
> So it won't work on Debian? I think Debian and Fedora uses different
> base policy, right?
Hello,
Ricardo Wurmus writes:
> Catonano writes:
>
>>> If you want to test this on Fedora, set SELinux to permissive, and make
>>> sure to configure Guix properly (i.e. set localstatedir, prefix, and
>>> sysconfdir). Then install the policy
On Tue, Feb 13, 2018 at 09:46:53PM +0200, Efraim Flashner wrote:
> Should etc/guix-daemon.cil be added to .gitignore?
Yes, rekado confirmed this to me yesterday on #guix. Can you do it? :)
signature.asc
Description: PGP signature
Should etc/guix-daemon.cil be added to .gitignore?
--
Efraim Flashner אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature
Catonano writes:
> While processing
>
> guix build --no-grafts --check hello
>
> I got some violations, an example follows
>
> SELinux impedisce a .guix-real un accesso write su sock_file
> /var/guix/daemon-socket/socket.
Ah, the wrapper! I suppose we need to either merge
2018-01-25 17:17 GMT+01:00 Ricardo Wurmus :
> Hi Guix,
>
> attached is a patch that adds an SELinux policy for the guix-daemon.
> The policy defines the guix_daemon_t domain and specifies what labels
> may be accessed and how by processes running in that domain.
>
>
Catonano writes:
>> If you want to test this on Fedora, set SELinux to permissive, and make
>> sure to configure Guix properly (i.e. set localstatedir, prefix, and
>> sysconfdir). Then install the policy with “sudo semodule -i
>> etc/guix-daemon.cil”. Then relabel the
2018-01-25 17:17 GMT+01:00 Ricardo Wurmus :
> Hi Guix,
>
> attached is a patch that adds an SELinux policy for the guix-daemon.
> The policy defines the guix_daemon_t domain and specifies what labels
> may be accessed and how by processes running in that domain.
>
>
2018-01-25 17:17 GMT+01:00 Ricardo Wurmus :
> Hi Guix,
>
> attached is a patch that adds an SELinux policy for the guix-daemon.
> The policy defines the guix_daemon_t domain and specifies what labels
> may be accessed and how by processes running in that domain.
>
>
Hi,
Catonano writes:
> I' m not sure I understand: is this meant to allow Guix to run in foreign
> distros like Fedora ?
>
> Or is this meant to have SELinux running inside the GuixSD environment ?
On GuixSD we don’t have a base policy yet, so it would not work on
GuixSD.
Hello!
Ricardo Wurmus skribis:
> attached is a patch that adds an SELinux policy for the guix-daemon.
> The policy defines the guix_daemon_t domain and specifies what labels
> may be accessed and how by processes running in that domain.
Impressive! I know nothing
Hi Guix,
attached is a patch that adds an SELinux policy for the guix-daemon.
The policy defines the guix_daemon_t domain and specifies what labels
may be accessed and how by processes running in that domain.
These file labels are defined:
* guix_daemon_conf_t
for Guix configuration files (in
17 matches
Mail list logo