Hi Guix,
attached is a patch that adds an SELinux policy for the guix-daemon.
The policy defines the guix_daemon_t domain and specifies what labels
may be accessed and how by processes running in that domain.
These file labels are defined:
* guix_daemon_conf_t
for Guix configuration files (in localstatedir and sysconfdir)
* guix_daemon_exec_t
for executables spawned by the daemon (which are allowed to run in the
guix_daemon_t domain)
* guix_daemon_socket_t
for the daemon socket file
* guix_profiles_t
for the contents of the profiles directory