Am Freitag, dem 28.03.2025 um 13:25 +0100 schrieb Marek Felšöci: > Hello to all, > > I have got some news on the subject. Recently, I found this gist: > https://gist.github.com/laanwj/cddb2ec7d18e71066d21e5ee993fe971 > > It proposes an AppArmor profile for Guix together with some > explanations. > > After adapting the path to the `guix` executable like so > > ``` > abi <abi/4.0>, > > include <tunables/global> > > profile guix /gnu/store/{*-guix-command,*/bin/guix} > flags=(unconfined) { > userns, > # Site-specific additions and overrides. See local/README for > details. > include if exists <local/guix> > } > ``` > > and loading the profile into AppArmor, I am able to run `guix shell - > C bash -- bash`. Possibly too permissive, the profile works though. > It may at least provide a temporary solution for those, like me, for > who the container functionality is critical on daily basis. For those who want to use the unprivileged guix daemon, one should also include */bin/guix-daemon.
Cheers
