Hello!

I believe the attached AppArmor profile should work.  You need to:

  1. Drop it in /etc/apparmor.d/guix (it’s actually not specific to
     ‘guix shell -C’ since it matches any ‘guix’ command!).

  2. Run “apparmor_parser -rv /etc/apparmor.d/guix”.

And then you can check “guix build whatever” and “guix shell -C hello”.

Note that AppArmor is stateful: it memorizes previous rules (“profiles”)
and it’s not entirely clear how to remove them, especially when there’s
no profile name.

So perhaps you’ll want to reboot if in doubt.

Anyway, I tested it in an Ubuntu 24.04 VM and everything seemed to work
well.

If you can confirm, we can add it to the repo and have ‘guix-install.sh’
install it.

Ludo’.