Received: (at submit) by debbugs.gnu.org; 30 Mar 2026 18:54:40 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 30 14:54:39 2026
Received: from localhost ([127.0.0.1]:54688 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1w7Hl1-00065X-J6
for submit <at> debbugs.gnu.org; Mon, 30 Mar 2026 14:54:39 -0400
Received: from lists.gnu.org ([2001:470:142::17]:52860)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1w7Hkz-00065A-Cv
for submit <at> debbugs.gnu.org; Mon, 30 Mar 2026 14:54:38 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1w7HkT-0000DV-OC
for guix-patches@HIDDEN; Mon, 30 Mar 2026 14:54:22 -0400
Received: from wolfsden.cz ([37.205.8.62])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1w7HkQ-0003Wd-Fd
for guix-patches@HIDDEN; Mon, 30 Mar 2026 14:54:04 -0400
Received: by wolfsden.cz (Postfix, from userid 104)
id 009703F6381; Mon, 30 Mar 2026 18:53:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
t=1774896838; bh=/WnBeNV+qXqhCeVLDPBFhtxbx/lzhWnBGxzP96kvkCU=;
h=From:To:Cc:Subject:Date;
b=pQmcfng3KhDkkYiBoRUzrROoscPAasWSlsGOiXFQGjpj94UZi4q/h8IFWfl1YC7uO
7o6ylo+hsRSsDK0tfkqSHj+LuB3Rkqwdd99bI4Xd3iYY8tOX0zgQO4IZRHTG2CsZGB
pBZ4IYmSqFVgzfm+/NSJblDz5B+OAw/4oyyT+XvI9AQaaf14NmNtOlKaiM3NXNSq4A
Lo1vCuJ0fti3IMHVzaiLhpZ8POZO0ue9sbFWLoQSdjxtxCmuGsovUquKNDM63ID/fR
Ty33lx/qbkrxJ9LbNIizG9ufWQulwbxorn9fxGhi21Ky5pohMWYbl/dNPGP8ZMDz6g
NdTQLMEp+GNTNhu+2ZJcqFZNLo8a9u2nF3X6aIkE5UPpcWkyhSWVNQJjXsmqCig+L9
Oeh2Xp9o/q/n/PyuNT/Yzko+BYgSeV1xUd55HOIW6qS7Y+dxpvEAfsXLtpozD0E6Qm
IKtncwbfJ7Hq87pzhjNk2Tc4nqgwRjdjxvo/xKDHgTwQVvD/mV7KlEiKCSv6+ZzAGR
4WImKb6FM9tVsQioI1ayczDuI0ETVPCN434i2jdHGhGmtm0xmBCs9byVVXkbWsGOTv
6gw5/MDb4FgvES5ubpA6Ke7mIDnzxuzJ/mFYxJoQm54Q+uFsOqezmpMYn6iRleZBGP
a/RmWTjNjJsdGqMwDHkNqwBE=
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden
X-Spam-Level:
X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF
autolearn=unavailable autolearn_force=no version=3.4.6
Received: from localhost (unknown [128.0.188.242])
by wolfsden.cz (Postfix) with ESMTPSA id 17F773F599D;
Mon, 30 Mar 2026 18:53:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
t=1774896833; bh=/WnBeNV+qXqhCeVLDPBFhtxbx/lzhWnBGxzP96kvkCU=;
h=From:To:Cc:Subject:Date;
b=Y0zcqJ6Nixgr2BDEhpMgZ3c/BdQDll7Cb5LuiBM1mDmPnUmH2MMgFMhtVTUfNbSft
rYNdHZAJfmKxSdi1cSy3JqpJjvbKY29FhuSZwmPeItaOTVnW/UvbqwaEJvzVQwT/jQ
aDSrJCFvRRKgkF7B7p9V3m0TYTDahlWHpX/bJhqVGgNk0ha4M7I897qdn8SUsBjkbk
URCZ3FrZcfr45tq/lkYSkVI55G8Sk2k33Zz9UhCTgVyWqJpsJLA+DaiGR/WHZq4kfT
wosyRc9eHdTjghaDiirYHkAJ1PBoHKiqlnurY0tm0VnIkJaVWM9/X7wFOfqbgub7ij
BBOc5750hsM9LTVvgUX7iQL/QMs5Idukm7DGJHniWKRU5oGiRdjfYCwLvfCEOse55q
aTzjQDIMYlLUb0OiXtVHUH8BiadImehAvcKLM2craKc6FJnVujbt+BJXsahqKb5I1X
Alpf92/3djLLdjuwN8kGJtd+r/ix7Dm6lbCYVzkcxFS6a7wtwdhgDM8rJwMrDWc8xK
TXEbvbd2CBK+QF3noGxuWpPOoMvl51S+mY/08NGpMIgpQECYKbSO28X7GeA8lNJo7h
YziimIAUNMhGjH1H9mTq95Mr8v03WwOuqA2SiWVF35oE9YatJjt/uNjyTA95il/SSg
5QRc1zRBTe78BU+LCL72nToI=
From: Tomas Volf <~@wolfsden.cz>
To: guix-patches@HIDDEN
Subject: [PATCH] etc: apparmor.d: Fix "guix-daemon/guix-builder" policy.
Date: Mon, 30 Mar 2026 20:53:44 +0200
Message-ID: <00a38ec98eca053f274ca70540aefc1f2b695711.1774896824.git.~@wolfsden.cz>
X-Mailer: git-send-email 2.52.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=37.205.8.62; envelope-from=~@wolfsden.cz;
helo=wolfsden.cz
X-Spam_score_int: 0
X-Spam_score: -0.1
X-Spam_bar: /
X-Spam_report: (-0.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=1, RCVD_IN_VALIDITY_RPBL_BLOCKED=1,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: submit
Cc: Tomas Volf <~@wolfsden.cz>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)
When using the copy-build-system, the `install-license-files' phase fails on
foreign system when looking iterating the tree due to a match error cause by
apparmor preventing read of /tmp. So in addition to current /tmp/**, also
allow rw to /tmp/ itself, which allows the package to build.
Fixes: #80680.
* etc/apparmor.d/guix-daemon [guix-builder]: Allow rw to /tmp/.
---
etc/apparmor.d/guix-daemon | 1 +
1 file changed, 1 insertion(+)
diff --git a/etc/apparmor.d/guix-daemon b/etc/apparmor.d/guix-daemon
index 9ca9792030a..fe30ede253a 100644
--- a/etc/apparmor.d/guix-daemon
+++ b/etc/apparmor.d/guix-daemon
@@ -51,6 +51,7 @@ profile guix-daemon @{guix_storedir}/*-{guix-daemon,guix}-*/bin/guix-daemon flag
@{guix_storedir}/** rwlmkux,
+ owner /tmp/ rw,
owner /tmp/** rwux,
@{PROC}/@{pid}/fd/ r,
--
2.52.0
Tomas Volf <~@wolfsden.cz>:guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#80696; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.