From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matt Wette Subject: bug#39172: SElinux guix-daemon.cil file Date: Sat, 18 Jan 2020 07:40:18 -0800 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:58131) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1isqDf-00029z-Am for bug-guix@gnu.org; Sat, 18 Jan 2020 10:41:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1isqDe-0000lO-9y for bug-guix@gnu.org; Sat, 18 Jan 2020 10:41:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:36055) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1isqDe-0000lE-79 for bug-guix@gnu.org; Sat, 18 Jan 2020 10:41:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1isqDe-0004Fw-4n for bug-guix@gnu.org; Sat, 18 Jan 2020 10:41:02 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:470:142:3::10]:57887) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1isqD2-0001Pu-Fq for bug-guix@gnu.org; Sat, 18 Jan 2020 10:40:25 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1isqD1-0000Te-9k for bug-guix@gnu.org; Sat, 18 Jan 2020 10:40:24 -0500 Received: from mail-pl1-x632.google.com ([2607:f8b0:4864:20::632]:40478) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1isqD1-0000Ss-47 for bug-guix@gnu.org; Sat, 18 Jan 2020 10:40:23 -0500 Received: by mail-pl1-x632.google.com with SMTP id s21so11176211plr.7 for ; Sat, 18 Jan 2020 07:40:22 -0800 (PST) Received: from [192.168.2.183] (64-52-176-132.championbroadband.com. [64.52.176.132]) by smtp.gmail.com with ESMTPSA id y21sm33297965pfm.136.2020.01.18.07.40.19 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 18 Jan 2020 07:40:20 -0800 (PST) Content-Language: en-US List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org Sender: "bug-Guix" To: 39172@debbugs.gnu.org Hi All, I appologize for the formatting.  I use tbird and I can't find a way to do plain-text mode. I'm trying to get guix-1.0.1 running on Fedora-30 with its default SElinux set up. I found (hint from https://lists.gnu.org/archive/html/guix-devel/2019-05/msg00109.html) that the guix-daemon.cil file seems to be missing a few items. Without this patch     # restorecon -R /gnu/store fails. --- guix-daemon.cil.orig    2020-01-18 07:08:12.905986299 -0800 +++ guix-daemon.cil    2020-01-18 07:09:49.765737261 -0800 @@ -34,14 +34,19 @@    (roletype object_r guix_daemon_t)    (type guix_daemon_conf_t)    (roletype object_r guix_daemon_conf_t) +  (typeattributeset file_type guix_daemon_conf_t)    (type guix_daemon_exec_t)    (roletype object_r guix_daemon_exec_t) +  (typeattributeset file_type guix_daemon_exec_t)    (type guix_daemon_socket_t)    (roletype object_r guix_daemon_socket_t) +  (typeattributeset file_type guix_daemon_socket_t)    (type guix_store_content_t)    (roletype object_r guix_store_content_t) +  (typeattributeset file_type guix_store_content_t)    (type guix_profiles_t)    (roletype object_r guix_profiles_t) +  (typeattributeset file_type guix_profiles_t)    ;; These types are domains, thereby allowing process rules    (typeattributeset domain (guix_daemon_t guix_daemon_exec_t))