unix_chkpwd is designed to have a suid bit, but it's not possible to set it
for files in the store.  This patch tells unix_pam.so to look for
unix_chkpwd in setuid program directory on Guix System.

--- a/modules/pam_unix/Makefile.in
+++ b/modules/pam_unix/Makefile.in
@@ -651,1 +651,1 @@
-	-DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \
+	-DCHKPWD_HELPER=\"/run/setuid-programs/unix_chkpwd\" \
='2'><a href='/'><img src='https://git.koszko.org/cgit-static/cgit.png' alt='cgit logo'/></a></td>
<td class='main'><a href='/'>index</a> : <a href='/guix/'>guix</a></td><td class='form'><form method='get'>
<input type='hidden' name='id' value='7b4623b44b051a520ff4fe1c46bb74f2f4f4a492'/><select name='h' onchange='this.form.submit();'>
<option value='koszko' selected='selected'>koszko</option>
<option value='koszko-scripts'>koszko-scripts</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=7b4623b44b051a520ff4fe1c46bb74f2f4f4a492'>refs</a><a class='active' href='/guix/log/etc/guix-daemon.cil.in'>log</a><a href='/guix/tree/etc/guix-daemon.cil.in?id=7b4623b44b051a520ff4fe1c46bb74f2f4f4a492'>tree</a><a href='/guix/commit/etc/guix-daemon.cil.in?id=7b4623b44b051a520ff4fe1c46bb74f2f4f4a492'>commit</a><a href='/guix/diff/etc/guix-daemon.cil.in?id=7b4623b44b051a520ff4fe1c46bb74f2f4f4a492'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/etc/guix-daemon.cil.in'>
<input type='hidden' name='id' value='7b4623b44b051a520ff4fe1c46bb74f2f4f4a492'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=7b4623b44b051a520ff4fe1c46bb74f2f4f4a492'>root</a>/<a href='/guix/log/etc?id=7b4623b44b051a520ff4fe1c46bb74f2f4f4a492'>etc</a>/<a href='/guix/log/etc/guix-daemon.cil.in?id=7b4623b44b051a520ff4fe1c46bb74f2f4f4a492'>guix-daemon.cil.in</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/etc/guix-daemon.cil.in?id=7b4623b44b051a520ff4fe1c46bb74f2f4f4a492&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2023-05-25 12:51:15 +0200'>2023-05-25</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=3bf612eaa13cc39caab64567660b8a02d206d19a'>etc: SELinux: Update policy file.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-12-23 20:20:06 +0100'>2022-12-23</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=afaeb657b118e6998342110deab8c8110b824417'>etc: SELinux: Allow init process to setattr on profile directories.</a><span class='msg-avail'>...</span></td><td>Ricardo Wurmus</td></tr>
<tr><td><span title='2022-12-23 20:20:06 +0100'>2022-12-23</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=4a134ed32e69ba888d988d2ed924a1531a54551b'>etc: SELinux: Allow daemon to search run state directories.</a><span class='msg-avail'>...</span></td><td>Ricardo Wurmus</td></tr>
<tr><td><span title='2022-12-23 20:20:06 +0100'>2022-12-23</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=f28d792719abb82cc920486e6d6f14eacc44370c'>etc: SELinux: Label guix-daemon executable in profile.</a><span class='msg-avail'>...</span></td><td>Ricardo Wurmus</td></tr>
<tr><td><span title='2022-01-26 09:31:45 +0100'>2022-01-26</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=bbc2fb0d52128c85c92251ed36d8063b3dcf3c3a'>etc: Remove redundant SELinux permissions block.</a><span class='msg-avail'>...</span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2022-01-24 11:28:14 +0100'>2022-01-24</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=98e74d520a30d1ed7d7b47d4f1d9afadefc699e3'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...</span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2021-05-22 19:53:17 +0200'>2021-05-22</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=35bd94a49257bbadcb3ca25342e5c1ec33f438f0'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...</span></td><td>Marius Bakke</td></tr>

Age	Commit message (Expand)	Author
2023-05-25	etc: SELinux: Update policy file....	Ludovic Courtès
2022-12-23	etc: SELinux: Allow init process to setattr on profile directories....	Ricardo Wurmus
2022-12-23	etc: SELinux: Allow daemon to search run state directories....	Ricardo Wurmus
2022-12-23	etc: SELinux: Label guix-daemon executable in profile....	Ricardo Wurmus
2022-01-26	etc: Remove redundant SELinux permissions block....	Marius Bakke
2022-01-24	etc: Add more SELinux permissions for the daemon....	Marius Bakke
2021-05-22	etc: Add more SELinux permissions for the daemon....	Marius Bakke