Hello! Running guix-daemon on an SELinux distro is difficult and sparsely documented (info "(guix) SELinux Support"). On-line fora are full of questions on this topic and sometimes random advice. I thought we could improve on that by having ‘guix-install.sh’ take care of most things dynamically and documenting any remaining bits with copy/pastable snippets. The attached patch does 90% of the job! I tested it on the Rocky Linux 9 live image available at: https://dl.rockylinux.org/pub/rocky/9/live/x86_64/Rocky-9-Workstation-Lite-x86_64-latest.iso The missing 10% related to the ‘gnu-store.mount’ job: guix-daemon fails to remount it read-write: --8<---------------cut here---------------start------------->8--- # guix build hello guix build: error: remounting /gnu/store writable: Permission denied # ausearch -c guix-daemon | tail time->Mon Mar 27 12:01:38 2023 type=PROCTITLE msg=audit(1679932898.081:464): proctitle=2F7661722F677569782F70726F66696C65732F7065722D757365722F726F6F742F63757272656E742D677569782F62696E2F677569782D6461656D6F6E003338303200000000000000000000000000000000000000000000000000002D2D646973636F7665723D6E6F type=SYSCALL msg=audit(1679932898.081:464): arch=c000003e syscall=165 success=no exit=-13 a0=0 a1=4c5c10 a2=49f442 a3=1020 items=0 ppid=3258 pid=3805 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="guix-daemon" exe="/gnu/store/5kj8lyybjrdl7xd0fx9g9vzkz8sklqsy-guix-1.4.0/bin/guix-daemon" subj=system_u:system_r:guix_daemon.guix_daemon_t:s0 key=(null) type=AVC msg=audit(1679932898.081:464): avc: denied { remount } for pid=3805 comm="guix-daemon" scontext=system_u:system_r:guix_daemon.guix_daemon_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0 --8<---------------cut here---------------end--------------->8--- It works fine (as in: ‘guix build hello’ succeeds) if I ‘systemctl stop guix-daemon.service’ and instead run: guix-daemon --build-users-group=guixbuild in the terminal. Could it be a systemd feature at play here? As a stopgap, we could change ‘guix-install.sh’ to not install ‘gnu-store.mount’ on SELinux systems. Thoughts? Ludo’.