|
From: | Catonano |
Subject: | Re: [PATCH] Add SELinux policy for guix-daemon. |
Date: | Fri, 26 Jan 2018 12:18:09 +0100 |
Hi Guix,
attached is a patch that adds an SELinux policy for the guix-daemon.
The policy defines the guix_daemon_t domain and specifies what labels
may be accessed and how by processes running in that domain.
These file labels are defined:
* guix_daemon_conf_t
for Guix configuration files (in localstatedir and sysconfdir)
* guix_daemon_exec_t
for executables spawned by the daemon (which are allowed to run in the
guix_daemon_t domain)
* guix_daemon_socket_t
for the daemon socket file
* guix_profiles_t
for the contents of the profiles directory
[Prev in Thread] | Current Thread | [Next in Thread] |