Sample Header Ad - 728x90

How to allow "guix-daemon" to "remount" in SELinux?

0 votes
2 answers
1420 views
fedora selinux automounting guix
I've installed Guix and installed the bundled SELinux policy manually . But according to Ricardo Wurmus , as of 30 June 2021: >There are really just two ways: either 1) disable SELinux (or set it to permissive mode) or 2) install/debug/reinstall the SELinux daemon policy that is included with Guix. > >The daemon policy is *not* installed with the binary installation method because it is known to be incomplete. You would need to get a copy of the Guix sources and configure it. The file you want is called “etc/guix-daemon.cil”. To debug it you would need to install it, set SELinux to permissive mode, run the daemon, and then check the audit log for errors. There is an open issue for SElinux guix-daemon.cil file , which suggests a patch that seems already incorporated in the file bundled with my installation. I installed setroubleshoot and kept restarting the guix-daemon.service while following the suggestions popping up in notifications. The daemon finally started after: 
$ sudo chcon -R -t guix_daemon.guix_daemon_conf_t /var/guix/
$ sudo chcon -R -t guix_daemon.guix_profiles_t /var/guix/profiles/per-user/root/current-guix
$ sudo chcon -R -t guix_daemon.guix_profiles_t /var/guix/profiles/per-user/root/current-guix-1-link
But I still cannot proceed with installing glibc-locales : 
$ guix install glibc-locales
hint: Consider installing the glibc-utf8-locales' or glibc-locales' package and defining `GUIX_LOCPATH', along these lines:

     guix install glibc-utf8-locales
     export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"

See the "Application Setup" section in the manual, for more info.

guix install: error: remounting /gnu/store writable: Permission denied
The SELinux diagnostics tool informs that "guix-daemon" is not allowed "remount" access to "filesystem" and suggests: 
# ausearch -c 'guix-daemon' --raw | audit2allow -M my-guixdaemon
# semodule -X 300 -i my-guixdaemon.pp
But ausearch fails on this: 
$ sudo ausearch -c '(x-daemon)' --raw | audit2allow -M my-xdaemon
compilation failed:
libsepol.hierarchy_add_type_callback: guix_daemon doesn't exist, guix_daemon.guix_daemon_conf_t is an orphan
libsepol.hierarchy_add_bounds: 1 errors found while adding hierarchies
How can I allow guix-daemon to remount the filesystem in SELinux?
Asked by Roman Riabenko (2436 rep)
Aug 21, 2021, 08:40 AM
Last activity: Dec 26, 2024, 11:01 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "fedora"
More questions tagged "selinux"
More questions tagged "automounting"
Footer Ad - 728x90