[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: how to understand this SELinux stuff?
From: |
pelzflorian (Florian Pelz) |
Subject: |
Re: how to understand this SELinux stuff? |
Date: |
Sat, 4 May 2019 19:04:59 +0200 |
User-agent: |
NeoMutt/20180716 |
On Sat, May 04, 2019 at 04:42:52PM +0000, address@hidden wrote:
> Hello! I am translating SELinux info messages. There are some hard
> formulations, but this is the best:
>
> #. type: enumerate
> #: doc/guix.texi:1291
> msgid "We could generate a much more restrictive policy at installation time,
> so that only the @emph{exact} file name of the currently installed
> @code{guix-daemon} executable would be labelled with
> @code{guix_daemon_exec_t}, instead of using a broad regular expression. The
> downside is that root would have to install or upgrade the policy at
> installation time whenever the Guix package that provides the effectively
> running @code{guix-daemon} executable is upgraded."
>
> I cannot understand the latter sentence. What is the 'guix package that
> provides the effectively running guix-damon'? Can I say just: if
> guix-daemon's executable was upgraded?
The running guix-daemon is not necessarily the currently pulled
version. When using a foreign distro with the systemd service file as
per the manual, the running daemon apparently is root’s pulled Guix
version /var/guix/profiles/per-user/root/current-guix/bin/guix-daemon
but e.g. on Guix System the daemon is the version defined in
gnu/packages/package-management.scm.
address@hidden ~$ ps -Af | grep guix-daemon
root 209 1 0 11:19 ? 00:00:00
/gnu/store/cwlghngrh03igf8cfsp2mf49c2l9fnf5-guix-1.0.0-1.326dcbf/bin/guix-daemon
--build-users-group guixbuild --max-silent-time 0 --timeout 0
--log-compression bzip2 --substitute-urls https://ci.guix.gnu.org
root 14425 209 0 18:45 ? 00:00:02
/gnu/store/cwlghngrh03igf8cfsp2mf49c2l9fnf5-guix-1.0.0-1.326dcbf/bin/guix-daemon
14421 guixbuild --max-silent-time 0 --timeout 0
--log-compression bzip2 --substitute-urls https://ci.guix.gnu.org
florian 14617 14440 0 19:03 pts/1 00:00:00 grep --color=auto guix-daemon
address@hidden ~$ guix build guix
/gnu/store/cwlghngrh03igf8cfsp2mf49c2l9fnf5-guix-1.0.0-1.326dcbf
(Please correct me if I am wrong though.)
Regards,
Florian