We want to allow builds in chroots that lack /bin/sh.  Thus, system(3)
and popen(3) need to be tweaked to use the right shell.  For the bootstrap
glibc, we just use whatever `sh' can be found in $PATH.  The final glibc
instead uses the hard-coded absolute file name of `bash'.

--- a/sysdeps/posix/system.c
+++ b/sysdeps/posix/system.c
@@ -106,8 +106,8 @@ do_system (const char *line)
       (void) UNBLOCK;
 
       /* Exec the shell.  */
-      (void) __execve (SHELL_PATH, (char *const *) new_argv, __environ);
+      (void) execvp (SHELL_NAME, (char *const *) new_argv);
       _exit (127);
     }
   else if (pid < (pid_t) 0)
     /* The fork failed.  */
--- a/libio/iopopen.c
+++ b/libio/iopopen.c
@@ -170,7 +170,7 @@ _IO_new_proc_open (fp, command, mode)
       for (p = proc_file_chain; p; p = p->next)
 	_IO_close (_IO_fileno ((_IO_FILE *) p));
 
-      _IO_execl ("/bin/sh", "sh", "-c", command, (char *) 0);
+      execlp ("sh", "sh", "-c", command, (char *) 0);
       _IO__exit (127);
     }
   _IO_close (child_end);


/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=6ea7297ea49f6c704afb727a5afe7ef9ce4a4f73'>refs</a><a class='active' href='/guix/log/etc/guix-daemon.cil.in'>log</a><a href='/guix/tree/etc/guix-daemon.cil.in?id=6ea7297ea49f6c704afb727a5afe7ef9ce4a4f73'>tree</a><a href='/guix/commit/etc/guix-daemon.cil.in?id=6ea7297ea49f6c704afb727a5afe7ef9ce4a4f73'>commit</a><a href='/guix/diff/etc/guix-daemon.cil.in?id=6ea7297ea49f6c704afb727a5afe7ef9ce4a4f73'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/etc/guix-daemon.cil.in'>
<input type='hidden' name='id' value='6ea7297ea49f6c704afb727a5afe7ef9ce4a4f73'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=6ea7297ea49f6c704afb727a5afe7ef9ce4a4f73'>root</a>/<a href='/guix/log/etc?id=6ea7297ea49f6c704afb727a5afe7ef9ce4a4f73'>etc</a>/<a href='/guix/log/etc/guix-daemon.cil.in?id=6ea7297ea49f6c704afb727a5afe7ef9ce4a4f73'>guix-daemon.cil.in</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/etc/guix-daemon.cil.in?id=6ea7297ea49f6c704afb727a5afe7ef9ce4a4f73&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2021-05-22 19:53:17 +0200'>2021-05-22</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=35bd94a49257bbadcb3ca25342e5c1ec33f438f0'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Add more permissions, necessary for
garbage collection.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-12-10 23:48:42 +0100'>2020-12-10</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=d677f3d6231d352fdb65b70f67d85fb5744e912c'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Permit file write, getattr, link and
unlink for the guix_daemon_exec_t type.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-11-27 21:33:59 +0100'>2020-11-27</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=1807632393d0723f3085c457517965c32715717a'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Permit more operations required for
various build jobs.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-11-26 00:31:47 +0100'>2020-11-26</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=402ebffe195890c9826cfa7519034dd12a48ae6a'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Permit file appending, setattr,
read/write UDP sockets, access to tmpfs and hugetlbfs, and connecting to
PostgreSQL.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-11-25 23:24:52 +0100'>2020-11-25</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=d64e0261d0007413a795c4cf01f9d06b170da3f5'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>This is needed for some package test suites.

* etc/guix-daemon.cil.in (guix_daemon): Permit unix_dgram_socket operations.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-11-15 16:08:47 +0100'>2020-11-15</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=62343288ef6dc56027d268ef773ae699a4bbb76d'>etc: Updates for the guix-daemon SELinux policy.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Specify more permissions for
guix-daemon to account for daemon updates and newer SELinux.

I can't promise that this is a complete list of everything that guix-daemon
needs, but it's probably most of them. It can search for, install, upgrade,
and remove packages, create virtual machines and containers, update itself,
and so on.

Signed-off-by: Marius Bakke &lt;marius@gnu.org&gt;
</span></span></td><td>Daniel Brooks</td></tr>