X-Loop: help-debbugs@HIDDEN
Subject: bug#39172: SElinux guix-daemon.cil file
Resent-From: Matt Wette <matt.wette@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Sat, 18 Jan 2020 15:41:01 +0000
Resent-Message-ID: <handler.39172.B.157936202816309 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 39172
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: 39172 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.157936202816309
(code B ref -1); Sat, 18 Jan 2020 15:41:01 +0000
Received: (at submit) by debbugs.gnu.org; 18 Jan 2020 15:40:28 +0000
Received: from localhost ([127.0.0.1]:42028 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1isqD6-0004Ey-Ag
for submit <at> debbugs.gnu.org; Sat, 18 Jan 2020 10:40:28 -0500
Received: from lists.gnu.org ([209.51.188.17]:40642)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <matt.wette@HIDDEN>) id 1isqD3-0004Eo-OM
for submit <at> debbugs.gnu.org; Sat, 18 Jan 2020 10:40:27 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:57887)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <matt.wette@HIDDEN>) id 1isqD2-0001Pu-Fq
for bug-guix@HIDDEN; Sat, 18 Jan 2020 10:40:25 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM,
URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <matt.wette@HIDDEN>) id 1isqD1-0000Te-9k
for bug-guix@HIDDEN; Sat, 18 Jan 2020 10:40:24 -0500
Received: from mail-pl1-x632.google.com ([2607:f8b0:4864:20::632]:40478)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
(Exim 4.71) (envelope-from <matt.wette@HIDDEN>)
id 1isqD1-0000Ss-47
for bug-guix@HIDDEN; Sat, 18 Jan 2020 10:40:23 -0500
Received: by mail-pl1-x632.google.com with SMTP id s21so11176211plr.7
for <bug-guix@HIDDEN>; Sat, 18 Jan 2020 07:40:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=to:from:subject:message-id:date:user-agent:mime-version
:content-transfer-encoding:content-language;
bh=3ngRI5ZE4EnTpsNRSIEMGBHk0WT/J7gESAPnmduIOtQ=;
b=tqWo8PXu6ovdko4qzbADb7n4oSln8PheUZrAqZk9fEv0nZJhuBoJSjTM9/SN7vWEu1
qKT7Ri6ZJeMVp3KjNeoKTKBl4qwp1nulLZR7cGfJaWktPx0esrJOniHFeg3bGd1fCEke
esaRhDIbIFtiNe/EeJU+RCToYRAxLjwqLzuIalnfELFipnFZG7xhxjaXvZMRAPNK/Pe9
nPcBQ5tdGEWULhHEHszXJY4F30qOqk4AHbNo+BZA3j+YrlBRI3ezqFluYO5jpz+SJ2uZ
SB4hD7/3XPHyqNl3bTzzidZ8HTVfmADkd2+8NcXYue9b8ooAEtNn0uywyu+iAB7ewKHH
YaHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:to:from:subject:message-id:date:user-agent
:mime-version:content-transfer-encoding:content-language;
bh=3ngRI5ZE4EnTpsNRSIEMGBHk0WT/J7gESAPnmduIOtQ=;
b=HbvCyZOYoroNOFPDFuCqoJXaBVM1LhTOuiHFsA2W3RCmVful1qq58Ne7wtB6VU8coS
5oyQ0btDsO3/FOENCI4QIMt98skydbCS8XDBAgZYvhTZPirvvyNe47QbiiMu4r9mSAg3
NgykgTGtwPHSGitIypgBFtlEduvYvwUnst+I0kYSVyJ2vA3xKl48jNUY9OFY6dWwRtx1
RxRnHkryIOkPsH/oXtpNnSQMyUyxqSPRCt+FImYAtFa3h9F5TSqdhlSQQKxkJpJP1Bf7
qRJMrV1VB959yjZ95TBJwa0xaUXqzKbdKClk7cOb4RtXUrUn9FOCZuS5b/lcyt98Fnlh
u+iw==
X-Gm-Message-State: APjAAAWVt3CFcnj0AqzWBAcDsGKrnXaydz3Cg6/NO8Bmh2GqlcYgkAzJ
Ro7bIKs+gnivIrJl7YAa06lIjsUG
X-Google-Smtp-Source: APXvYqzodaJ+Fa1uJxSJbwdAHnFa9kpRsXe/azX8KHGeez8vaJ2hep9ow1sR8JHGScg0kzoyOHX2EA==
X-Received: by 2002:a17:902:9a84:: with SMTP id
w4mr5595006plp.324.1579362020787;
Sat, 18 Jan 2020 07:40:20 -0800 (PST)
Received: from [192.168.2.183] (64-52-176-132.championbroadband.com.
[64.52.176.132])
by smtp.gmail.com with ESMTPSA id y21sm33297965pfm.136.2020.01.18.07.40.19
for <bug-guix@HIDDEN>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Sat, 18 Jan 2020 07:40:20 -0800 (PST)
From: Matt Wette <matt.wette@HIDDEN>
Message-ID: <b637f042-0881-ea44-eb6c-68118cca6b27@HIDDEN>
Date: Sat, 18 Jan 2020 07:40:18 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.4.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
recognized.
X-Received-From: 2607:f8b0:4864:20::632
X-Spam-Score: 0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
Hi All,
I appologize for the formatting. I use tbird and I can't find a way to
do plain-text mode.
I'm trying to get guix-1.0.1 running on Fedora-30 with its default
SElinux set up.
I found (hint from
https://lists.gnu.org/archive/html/guix-devel/2019-05/msg00109.html)
that the guix-daemon.cil file seems to be missing a few items. Without
this patch
# restorecon -R /gnu/store
fails.
--- guix-daemon.cil.orig 2020-01-18 07:08:12.905986299 -0800
+++ guix-daemon.cil 2020-01-18 07:09:49.765737261 -0800
@@ -34,14 +34,19 @@
(roletype object_r guix_daemon_t)
(type guix_daemon_conf_t)
(roletype object_r guix_daemon_conf_t)
+ (typeattributeset file_type guix_daemon_conf_t)
(type guix_daemon_exec_t)
(roletype object_r guix_daemon_exec_t)
+ (typeattributeset file_type guix_daemon_exec_t)
(type guix_daemon_socket_t)
(roletype object_r guix_daemon_socket_t)
+ (typeattributeset file_type guix_daemon_socket_t)
(type guix_store_content_t)
(roletype object_r guix_store_content_t)
+ (typeattributeset file_type guix_store_content_t)
(type guix_profiles_t)
(roletype object_r guix_profiles_t)
+ (typeattributeset file_type guix_profiles_t)
;; These types are domains, thereby allowing process rules
(typeattributeset domain (guix_daemon_t guix_daemon_exec_t))
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Matt Wette <matt.wette@HIDDEN> Subject: bug#39172: Acknowledgement (SElinux guix-daemon.cil file) Message-ID: <handler.39172.B.157936202816309.ack <at> debbugs.gnu.org> References: <b637f042-0881-ea44-eb6c-68118cca6b27@HIDDEN> X-Gnu-PR-Message: ack 39172 X-Gnu-PR-Package: guix Reply-To: 39172 <at> debbugs.gnu.org Date: Sat, 18 Jan 2020 15:41:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 39172 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 39172: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D39172 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: bug#39172: SElinux guix-daemon.cil file
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 20 Jan 2020 09:15:01 +0000
Resent-Message-ID: <handler.39172.B39172.157951164827141 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39172
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Matt Wette <matt.wette@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>
Cc: 39172 <at> debbugs.gnu.org
Received: via spool by 39172-submit <at> debbugs.gnu.org id=B39172.157951164827141
(code B ref 39172); Mon, 20 Jan 2020 09:15:01 +0000
Received: (at 39172) by debbugs.gnu.org; 20 Jan 2020 09:14:08 +0000
Received: from localhost ([127.0.0.1]:44350 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1itT8G-00073e-DT
for submit <at> debbugs.gnu.org; Mon, 20 Jan 2020 04:14:08 -0500
Received: from eggs.gnu.org ([209.51.188.92]:45533)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1itT8A-00072x-JH
for 39172 <at> debbugs.gnu.org; Mon, 20 Jan 2020 04:14:02 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:48377)
by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
id 1itT85-0003WO-Di; Mon, 20 Jan 2020 04:13:53 -0500
Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=54566 helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
(Exim 4.82) (envelope-from <ludo@HIDDEN>)
id 1itT84-0007pb-UK; Mon, 20 Jan 2020 04:13:53 -0500
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <b637f042-0881-ea44-eb6c-68118cca6b27@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 1 =?UTF-8?Q?Pluvi=C3=B4se?= an 228 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 20 Jan 2020 10:13:50 +0100
In-Reply-To: <b637f042-0881-ea44-eb6c-68118cca6b27@HIDDEN> (Matt Wette's
message of "Sat, 18 Jan 2020 07:40:18 -0800")
Message-ID: <87h80qij75.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi Matt,
Matt Wette <matt.wette@HIDDEN> skribis:
> I'm trying to get guix-1.0.1 running on Fedora-30 with its default
> SElinux set up.
> I found (hint from
> https://lists.gnu.org/archive/html/guix-devel/2019-05/msg00109.html)
> that the guix-daemon.cil file seems to be missing a few items. Without
> this patch
> =C2=A0=C2=A0=C2=A0 # restorecon -R /gnu/store
> fails.
OK, thanks for finding it out!
> --- guix-daemon.cil.orig=C2=A0=C2=A0=C2=A0 2020-01-18 07:08:12.905986299 =
-0800
> +++ guix-daemon.cil=C2=A0=C2=A0=C2=A0 2020-01-18 07:09:49.765737261 -0800
> @@ -34,14 +34,19 @@
> =C2=A0=C2=A0 (roletype object_r guix_daemon_t)
> =C2=A0=C2=A0 (type guix_daemon_conf_t)
> =C2=A0=C2=A0 (roletype object_r guix_daemon_conf_t)
> +=C2=A0 (typeattributeset file_type guix_daemon_conf_t)
> =C2=A0=C2=A0 (type guix_daemon_exec_t)
> =C2=A0=C2=A0 (roletype object_r guix_daemon_exec_t)
> +=C2=A0 (typeattributeset file_type guix_daemon_exec_t)
> =C2=A0=C2=A0 (type guix_daemon_socket_t)
> =C2=A0=C2=A0 (roletype object_r guix_daemon_socket_t)
> +=C2=A0 (typeattributeset file_type guix_daemon_socket_t)
> =C2=A0=C2=A0 (type guix_store_content_t)
> =C2=A0=C2=A0 (roletype object_r guix_store_content_t)
> +=C2=A0 (typeattributeset file_type guix_store_content_t)
> =C2=A0=C2=A0 (type guix_profiles_t)
> =C2=A0=C2=A0 (roletype object_r guix_profiles_t)
> +=C2=A0 (typeattributeset file_type guix_profiles_t)
>
> =C2=A0=C2=A0 ;; These types are domains, thereby allowing process rules
> =C2=A0=C2=A0 (typeattributeset domain (guix_daemon_t guix_daemon_exec_t))
Ricardo, WDYT? I know nothing about this config file so I=E2=80=99d rather=
have
your approval before pushing.
Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN
Subject: bug#39172: SElinux guix-daemon.cil file
Resent-From: Ricardo Wurmus <rekado@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 20 Jan 2020 10:36:02 +0000
Resent-Message-ID: <handler.39172.B39172.157951656017361 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39172
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Cc: 39172 <at> debbugs.gnu.org, Matt Wette <matt.wette@HIDDEN>
Received: via spool by 39172-submit <at> debbugs.gnu.org id=B39172.157951656017361
(code B ref 39172); Mon, 20 Jan 2020 10:36:02 +0000
Received: (at 39172) by debbugs.gnu.org; 20 Jan 2020 10:36:00 +0000
Received: from localhost ([127.0.0.1]:44409 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1itUPU-0004Vt-KL
for submit <at> debbugs.gnu.org; Mon, 20 Jan 2020 05:36:00 -0500
Received: from sender4-of-o51.zoho.com ([136.143.188.51]:21121)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rekado@HIDDEN>) id 1itUPP-0004Vi-Uc
for 39172 <at> debbugs.gnu.org; Mon, 20 Jan 2020 05:35:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1579516545;
s=zoho; d=elephly.net; i=rekado@HIDDEN;
h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;
bh=uwDbtTLEO78zB01a1ia1e1Q9mnK18D6qK6hrMws1R+U=;
b=axNBnSSWiQ6bxtDHeA+flzAb9ZmfGaHFV+gVmE9uf3wXZv4u3iCHf68nsf6cVxg2
7OsTBwJeF+7evNc60zmR/2EXoMX17iPKacryGk6UmLZZD1QRe3ySYIxiN9pc3d/w39C
DoSEqmw2pG5HEaRR6zN010/IMgWFQwmdHUFRNiL8=
Received: from localhost (p54AD4D30.dip0.t-ipconnect.de [84.173.77.48]) by
mx.zohomail.com with SMTPS id 1579516540995804.3675643051664;
Mon, 20 Jan 2020 02:35:40 -0800 (PST)
References: <b637f042-0881-ea44-eb6c-68118cca6b27@HIDDEN>
<87h80qij75.fsf@HIDDEN>
User-agent: mu4e 1.2.0; emacs 26.3
From: Ricardo Wurmus <rekado@HIDDEN>
In-reply-to: <87h80qij75.fsf@HIDDEN>
X-URL: https://elephly.net
X-PGP-Key: https://elephly.net/rekado.pubkey
X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
Date: Mon, 20 Jan 2020 11:35:36 +0100
Message-ID: <87iml6wh3b.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-ZohoMailClient: External
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
> Hi Matt,
>
> Matt Wette <matt.wette@HIDDEN> skribis:
>
>> I'm trying to get guix-1.0.1 running on Fedora-30 with its default
>> SElinux set up.
>> I found (hint from
>> https://lists.gnu.org/archive/html/guix-devel/2019-05/msg00109.html)
>> that the guix-daemon.cil file seems to be missing a few items. Without
>> this patch
>> # restorecon -R /gnu/store
>> fails.
>
> OK, thanks for finding it out!
>
>> --- guix-daemon.cil.orig 2020-01-18 07:08:12.905986299 -0800
>> +++ guix-daemon.cil 2020-01-18 07:09:49.765737261 -0800
>> @@ -34,14 +34,19 @@
>> (roletype object_r guix_daemon_t)
>> (type guix_daemon_conf_t)
>> (roletype object_r guix_daemon_conf_t)
>> + (typeattributeset file_type guix_daemon_conf_t)
>> (type guix_daemon_exec_t)
>> (roletype object_r guix_daemon_exec_t)
>> + (typeattributeset file_type guix_daemon_exec_t)
>> (type guix_daemon_socket_t)
>> (roletype object_r guix_daemon_socket_t)
>> + (typeattributeset file_type guix_daemon_socket_t)
>> (type guix_store_content_t)
>> (roletype object_r guix_store_content_t)
>> + (typeattributeset file_type guix_store_content_t)
>> (type guix_profiles_t)
>> (roletype object_r guix_profiles_t)
>> + (typeattributeset file_type guix_profiles_t)
>>
>> ;; These types are domains, thereby allowing process rules
>> (typeattributeset domain (guix_daemon_t guix_daemon_exec_t))
>
> Ricardo, WDYT? I know nothing about this config file so I=E2=80=99d rath=
er have
> your approval before pushing.
Could we also do this in one expression?
(typeattributeset file_type (or guix_profiles_t
guix_daemon_conf_t
guix_daemon_exec_t
guix_daemon_socket_t
guix_store_content_t))
I also think we need to declare our use of =E2=80=9Cfile_type=E2=80=9D firs=
t:
(typeattribute file_type)
What do you think?
--=20
Ricardo
X-Loop: help-debbugs@HIDDEN
Subject: bug#39172: SElinux guix-daemon.cil file
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 27 Jan 2020 21:51:01 +0000
Resent-Message-ID: <handler.39172.B39172.15801618399330 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 39172
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Ricardo Wurmus <rekado@HIDDEN>
Cc: 39172 <at> debbugs.gnu.org, Matt Wette <matt.wette@HIDDEN>
Received: via spool by 39172-submit <at> debbugs.gnu.org id=B39172.15801618399330
(code B ref 39172); Mon, 27 Jan 2020 21:51:01 +0000
Received: (at 39172) by debbugs.gnu.org; 27 Jan 2020 21:50:39 +0000
Received: from localhost ([127.0.0.1]:59134 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1iwCHH-0002QQ-09
for submit <at> debbugs.gnu.org; Mon, 27 Jan 2020 16:50:39 -0500
Received: from eggs.gnu.org ([209.51.188.92]:56713)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1iwCHF-0002QB-Ds
for 39172 <at> debbugs.gnu.org; Mon, 27 Jan 2020 16:50:37 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:42516)
by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
id 1iwCHA-0005t6-6D; Mon, 27 Jan 2020 16:50:32 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=55762 helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
(Exim 4.82) (envelope-from <ludo@HIDDEN>)
id 1iwCH9-0006cE-Bq; Mon, 27 Jan 2020 16:50:31 -0500
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <b637f042-0881-ea44-eb6c-68118cca6b27@HIDDEN>
<87h80qij75.fsf@HIDDEN> <87iml6wh3b.fsf@HIDDEN>
Date: Mon, 27 Jan 2020 22:50:29 +0100
In-Reply-To: <87iml6wh3b.fsf@HIDDEN> (Ricardo Wurmus's message of "Mon,
20 Jan 2020 11:35:36 +0100")
Message-ID: <87d0b4fu1m.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
Hello,
Ricardo Wurmus <rekado@HIDDEN> skribis:
> Could we also do this in one expression?
>
> (typeattributeset file_type (or guix_profiles_t
> guix_daemon_conf_t
> guix_daemon_exec_t
> guix_daemon_socket_t
> guix_store_content_t))
>
> I also think we need to declare our use of =E2=80=9Cfile_type=E2=80=9D fi=
rst:
>
> (typeattribute file_type)
>
> What do you think?
Matt, does what Ricardo proposes work for you?
TIA,
Ludo=E2=80=99.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.