From b29749885c93811f901d0ec4e13de38f70f8c100 Mon Sep 17 00:00:00 2001
From: Daniel Brooks <db48x@db48x.net>
Date: Sat, 14 Nov 2020 08:04:30 -0800
Subject: [PATCH v4] doc: add a note about relabling after upgrades to the
 SELinux Support section of the manual

* doc/guix.texi (SELinux Support): add note about upgrades
---
 doc/guix.texi | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 8440ffffc7..67f5155b9f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1398,6 +1398,11 @@ install and run it, which lifts it into the @code{guix_daemon_t} domain.
 At that point SELinux could not prevent it from accessing files that are
 allowed for processes in that domain.
 
+You will need to relabel the @file{/gnu} directory after all upgrades to
+@file{guix-daemon}, such as with @code{guix pull}. You can do this with
+@code{restorecon -vR /gnu}, or by other means provided by your operating
+system.
+
 We could generate a much more restrictive policy at installation time,
 so that only the @emph{exact} file name of the currently installed
 @code{guix-daemon} executable would be labelled with
-- 
2.26.2