Hi, I am starting with Guix and I just installed it on a CentOS Linux 8 x86_64 (kernel 4.18.0-240.15.1.el8_3.x86_64) It went well but the daemon service exited and I couldn't install a package : $ sudo systemctl status guix-daemon.service ● guix-daemon.service - Build daemon for GNU Guix Loaded: loaded (/etc/systemd/system/guix-daemon.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sat 2021-04-24 01:44:16 CEST; 16min ago Process: 92489 ExecStart=/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild (code=exited, status=203/EXEC) Main PID: 92489 (code=exited, status=203/EXEC) Apr 24 01:44:16 localhost.localdomain systemd[1]: Started Build daemon for GNU Guix. Apr 24 01:44:16 localhost.localdomain systemd[1]: guix-daemon.service: Main process exited, code=exited, status=203/EXEC Apr 24 01:44:16 localhost.localdomain systemd[1]: guix-daemon.service: Failed with result 'exit-code'. I found this similar bug report Fedora : https://bugzilla.redhat.com/show_bug.cgi?id=1433971 It seems to be related to the SELinux policy. // ---------------------------------------------------------------------------- I run : $ journalctl -t setroubleshoot Apr 24 01:30:30 localhost.localdomain setroubleshoot[92081]: AnalyzeThread.run(): Set alarm timeout to 10 Apr 24 01:44:18 localhost.localdomain setroubleshoot[92492]: Deleting alert f25667a8-16fa-447b-8df1-8bd6a8cddc10, it is allowed in current policy Apr 24 01:44:18 localhost.localdomain setroubleshoot[92492]: AnalyzeThread.run(): Cancel pending alarm Apr 24 01:44:21 localhost.localdomain setroubleshoot[92492]: SELinux is preventing /usr/bin/bash from execute access on the file guix-daemon. For complete SELinux messages run: sealert -l f4db012c-2639-4a2a-80> Apr 24 01:44:21 localhost.localdomain setroubleshoot[92492]: SELinux is preventing /usr/bin/bash from execute access on the file guix-daemon. $ sudo sealert -l f4db012c-2639-4a2a-809a-023ba4accbfd SELinux is preventing /usr/bin/bash from execute access on the file guix-daemon. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that bash should be allowed execute access on the guix-daemon file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'sesinetd' --raw | audit2allow -M my-sesinetd # semodule -X 300 -i my-sesinetd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context unconfined_u:object_r:user_tmp_t:s0 Target Objects guix-daemon [ file ] Source sesinetd Source Path /usr/bin/bash Port Host localhost.localdomain Source RPM Packages systemd-239-41.el8_3.2.x86_64 Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.3-54.el8_3.2.noarch Local Policy RPM selinux-policy-targeted-3.14.3-54.el8_3.2.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 4.18.0-240.15.1.el8_3.x86_64 #1 SMP Mon Mar 1 17:16:16 UTC 2021 x86_64 x86_64 Alert Count 2 First Seen 2021-03-20 21:06:10 CET Last Seen 2021-04-24 01:44:16 CEST Local ID f4db012c-2639-4a2a-809a-023ba4accbfd Raw Audit Messages type=AVC msg=audit(1619221456.618:467): avc: denied { execute } for pid=92489 comm="(x-daemon)" name="guix-daemon" dev="dm-0" ino=2625286 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1619221456.618:467): arch=x86_64 syscall=execve success=no exit=EACCES a0=5609e6745860 a1=5609e6600e20 a2=5609e66a8720 a3=2d646c6975622d2d items=0 ppid=1 pid=92489 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=(x-daemon) exe=/usr/lib/systemd/systemd subj=system_u:system_r:init_t:s0 key=(null) Hash: sesinetd,init_t,user_tmp_t,file,execute // ---------------------------------------------------------------------------- I tried executing the commands provided by SELinux to allow the access but it doesn't work and I don't really understand how it works. Also on the [SELinux support page](https://guix.gnu.org/manual/en/html_node/SELinux-Support.html) in the Guix documentation, the etc/guix-daemon.cil file doesn't exist so I don't know how to run the command. Has anyone gotten to run guix on a CentOS with SELinux enabled? Any help would be greatly appreciated! Thanks Joseph