; -*- lisp -*- ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2018 Ricardo Wurmus ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . ;; This is a specification for SELinux 2.7 written in the SELinux Common ;; Intermediate Language (CIL). It refers to types that must be defined in ;; the system's base policy. (block guix_daemon ;; Require existing types (typeattributeset cil_gen_require init_t) (typeattributeset cil_gen_require tmp_t) (typeattributeset cil_g
aboutsummaryrefslogtreecommitdiff
path: root/gnu/installer/newt/locale.scm
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/installer/newt/locale.scm')
0 files changed, 0 insertions, 0 deletions
generated by cgit
add_name remove_name open write rmdir))) (allow guix_daemon_t guix_store_content_t (file (create lock setattr getattr execute execute_no_trans link unlink map rename open read write))) (allow guix_daemon_t guix_store_content_t (lnk_file (create getattr setattr link unlink read rename))) ;; Access to configuration files and directories (allow guix_daemon_t guix_daemon_conf_t (dir (search setattr getattr add_name remove_name open read write))) (allow guix_daemon_t guix_daemon_conf_t (file (create lock map getattr setattr unlink open read write))) (allow guix_daemon_t guix_daemon_conf_t (lnk_file (create getattr rename unlink))) ;; Access to profiles (allow guix_daemon_t guix_profiles_t (dir (getattr setattr read open))) (allow guix_daemon_t guix_profiles_t (lnk_file (read getattr))) ;; Access to profile links in the home directory ;; TODO: allow access to profile links *anywhere* on the filesystem (allow guix_daemon_t user_home_t (lnk_file (read getattr))) (allow guix_daemon_t user_home_t (dir (search))) ;; Socket operations (allow guix_daemon_t init_t (fd (use))) (allow guix_daemon_t init_t (unix_stream_socket (write))) (allow guix_daemon_t guix_daemon_conf_t (unix_stream_socket (listen))) (allow guix_daemon_t guix_daemon_conf_t (sock_file (create unlink))) (allow guix_daemon_t self (unix_stream_socket (create read write connect bind accept getopt setopt))) (allow guix_daemon_t self (fifo_file (write read))) (allow guix_daemon_t self (udp_socket (ioctl create))) ;; Label file system (filecon "@guix_sysconfdir@/guix(/.*)?" any (system_u object_r guix_daemon_conf_t (low low))) (filecon "@guix_localstatedir@/guix(/.*)?" any (system_u object_r guix_daemon_conf_t (low low))) (filecon "@guix_localstatedir@/guix/profiles(/.*)?" any (system_u object_r guix_profiles_t (low low))) (filecon "/gnu" dir (unconfined_u object_r guix_store_content_t (low low))) (filecon "@storedir@(/.+)?" any (unconfined_u object_r guix_store_content_t (low low))) (filecon "@storedir@/[^/]+/.+" any (unconfined_u object_r guix_store_content_t (low low))) (filecon "@prefix@/bin/guix-daemon" file (system_u object_r guix_daemon_exec_t (low low))) (filecon "@storedir@/.+-(guix-.+|profile)/bin/guix-daemon" file (system_u object_r guix_daemon_exec_t (low low))) (filecon "@storedir@/.+-(guix-.+|profile)/libexec/guix-authenticate" file (system_u object_r guix_daemon_exec_t (low low))) (filecon "@storedir@/.+-(guix-.+|profile)/libexec/guix/(.*)?" any (system_u object_r guix_daemon_exec_t (low low))) (filecon "@guix_localstatedir@/guix/daemon-socket/socket" any (system_u object_r guix_daemon_socket_t (low low))))