From: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
To: znavko@disroot.org
Cc: help-guix <help-guix@gnu.org>
Subject: Re: how to understand this SELinux stuff?
Date: Sat, 4 May 2019 19:04:59 +0200 [thread overview]
Message-ID: <20190504170459.cloz4ksdywkoyev3@pelzflorian.localdomain> (raw)
In-Reply-To: <29974c7468844bd9eeed7dfa362b4bc4@disroot.org>
On Sat, May 04, 2019 at 04:42:52PM +0000, znavko@disroot.org wrote:
> Hello! I am translating SELinux info messages. There are some hard formulations, but this is the best:
>
> #. type: enumerate
> #: doc/guix.texi:1291
> msgid "We could generate a much more restrictive policy at installation time, so that only the @emph{exact} file name of the currently installed @code{guix-daemon} executable would be labelled with @code{guix_daemon_exec_t}, instead of using a broad regular expression. The downside is that root would have to install or upgrade the policy at installation time whenever the Guix package that provides the effectively running @code{guix-daemon} executable is upgraded."
>
> I cannot understand the latter sentence. What is the 'guix package that provides the effectively running guix-damon'? Can I say just: if guix-daemon's executable was upgraded?
The running guix-daemon is not necessarily the currently pulled
version. When using a foreign distro with the systemd service file as
per the manual, the running daemon apparently is root’s pulled Guix
version /var/guix/profiles/per-user/root/current-guix/bin/guix-daemon
but e.g. on Guix System the daemon is the version defined in
gnu/packages/package-management.scm.
florian@florianmacbook ~$ ps -Af | grep guix-daemon
root 209 1 0 11:19 ? 00:00:00 /gnu/store/cwlghngrh03igf8cfsp2mf49c2l9fnf5-guix-1.0.0-1.326dcbf/bin/guix-daemon --build-users-group guixbuild --max-silent-time 0 --timeout 0 --log-compression bzip2 --substitute-urls https://ci.guix.gnu.org
root 14425 209 0 18:45 ? 00:00:02 /gnu/store/cwlghngrh03igf8cfsp2mf49c2l9fnf5-guix-1.0.0-1.326dcbf/bin/guix-daemon 14421 guixbuild --max-silent-time 0 --timeout 0 --log-compression bzip2 --substitute-urls https://ci.guix.gnu.org
florian 14617 14440 0 19:03 pts/1 00:00:00 grep --color=auto guix-daemon
florian@florianmacbook ~$ guix build guix
/gnu/store/cwlghngrh03igf8cfsp2mf49c2l9fnf5-guix-1.0.0-1.326dcbf
(Please correct me if I am wrong though.)
Regards,
Florian
next prev parent reply other threads:[~2019-05-04 17:05 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-04 16:42 how to understand this SELinux stuff? znavko
2019-05-04 17:04 ` pelzflorian (Florian Pelz) [this message]
2019-05-04 19:58 ` Ricardo Wurmus
2019-05-04 20:09 ` znavko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190504170459.cloz4ksdywkoyev3@pelzflorian.localdomain \
--to=pelzflorian@pelzflorian.de \
--cc=help-guix@gnu.org \
--cc=znavko@disroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).