Hi all, I installed guix via https://guix.gnu.org/manual/en/html_node/Binary-Installation.html specifically ``` cd /tmp wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh chmod +x guix-install.sh sudo ./guix-install.sh ```
I then tried to follow the docs here: https://guix.gnu.org/manual/en/html_node/SELinux-Support.html related to SELinux I ended up running ``` sudo semodule -i /gnu/store/271mkw93sqb3hc4ngszcjfsc2wsb6yc8-guix-1.4.0/share/selinux/guix-daemon.cil ``` As this was the only file I found that looked right according to the docs such as `semodule -i etc/guix-daemon.cil` I've restarted my system a few times, however, I am still getting SELinux violations resulting in ``` $ guix pull guix pull: error: remounting /gnu/store writable: Permission denied ``` see the detailed SELinux violation report ``` SELinux is preventing guix-daemon from remount access on the filesystem . ***** Plugin catchall (100. confidence) suggests ************************** If you believe that guix-daemon should be allowed remount access on the filesystem by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'guix-daemon' --raw | audit2allow -M my-guixdaemon # semodule -X 300 -i my-guixdaemon.pp Additional Information: Source Context system_u:system_r:guix_daemon.guix_daemon_t:s0 Target Context system_u:object_r:fs_t:s0 Target Objects [ filesystem ] Source guix-daemon Source Path guix-daemon Port <Unknown> Host pasta-macbookpro-asahi Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-40.27-1.fc40.noarch Local Policy RPM Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name pasta-macbookpro-asahi Platform Linux pasta-macbookpro-asahi 6.11.0-400.asahi.fc40.aarch64+16k #1 SMP PREEMPT_DYNAMIC Fri Sep 27 02:59:31 UTC 2024 aarch64 Alert Count 12 First Seen 2024-09-28 22:37:00 CDT Last Seen 2024-09-28 22:51:58 CDT Local ID 00bfc2a9-edf9-49d4-9f98-aaff428092a2 Raw Audit Messages type=AVC msg=audit(1727581918.607:304): avc: denied { remount } for pid=3363 comm="guix-daemon" scontext=system_u:system_r:guix_daemon.guix_daemon_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0 Hash: guix-daemon,guix_daemon.guix_daemon_t,fs_t,filesystem,remount ``` I tried running the recommended steps by SELinux, but that did not work. Please advise!