diff options
| author | Daniel Brooks <db48x@db48x.net> | 2020-11-14 08:04:30 -0800 |
|---|---|---|
| committer | Marius Bakke <marius@gnu.org> | 2020-11-15 23:09:46 +0100 |
| commit | 0fd87768e47f9e429d8c0ec9ac4e7928832ff33b (patch) | |
| tree | d589485bf80d80020fb056494d288d80b0f64d5e /doc | |
| parent | 67d905ee79d52158f97beb50faf53153def252e0 (diff) | |
doc: Add a note about SELinux relabeling after upgrades to guix-daemon.
* doc/guix.texi (SELinux Support): Add note about upgrades.
Signed-off-by: Marius Bakke <marius@gnu.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/guix.texi | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 2864c65e00..2f3a474866 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -83,6 +83,7 @@ Copyright @copyright{} 2020 pinoaffe@* Copyright @copyright{} 2020 André Batista@* Copyright @copyright{} 2020 Alexandru-Sergiu Marton@* Copyright @copyright{} 2020 raingloom@* +Copyright @copyright{} 2020 Daniel Brooks@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1398,6 +1399,11 @@ install and run it, which lifts it into the @code{guix_daemon_t} domain. At that point SELinux could not prevent it from accessing files that are allowed for processes in that domain. +You will need to relabel the store directory after all upgrades to +@file{guix-daemon}, such as after running @code{guix pull}. Assuming the +store is in @file{/gnu}, you can do this with @code{restorecon -vR /gnu}, +or by other means provided by your operating system. + We could generate a much more restrictive policy at installation time, so that only the @emph{exact} file name of the currently installed @code{guix-daemon} executable would be labelled with |