From unknown Fri Jun 13 11:32:56 2025 X-Loop: help-debbugs@gnu.org Subject: bug#39172: SElinux guix-daemon.cil file Resent-From: Matt Wette Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sat, 18 Jan 2020 15:41:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 39172 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 39172@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.157936202816309 (code B ref -1); Sat, 18 Jan 2020 15:41:01 +0000 Received: (at submit) by debbugs.gnu.org; 18 Jan 2020 15:40:28 +0000 Received: from localhost ([127.0.0.1]:42028 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1isqD6-0004Ey-Ag for submit@debbugs.gnu.org; Sat, 18 Jan 2020 10:40:28 -0500 Received: from lists.gnu.org ([209.51.188.17]:40642) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1isqD3-0004Eo-OM for submit@debbugs.gnu.org; Sat, 18 Jan 2020 10:40:27 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:57887) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1isqD2-0001Pu-Fq for bug-guix@gnu.org; Sat, 18 Jan 2020 10:40:25 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1isqD1-0000Te-9k for bug-guix@gnu.org; Sat, 18 Jan 2020 10:40:24 -0500 Received: from mail-pl1-x632.google.com ([2607:f8b0:4864:20::632]:40478) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1isqD1-0000Ss-47 for bug-guix@gnu.org; Sat, 18 Jan 2020 10:40:23 -0500 Received: by mail-pl1-x632.google.com with SMTP id s21so11176211plr.7 for ; Sat, 18 Jan 2020 07:40:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=3ngRI5ZE4EnTpsNRSIEMGBHk0WT/J7gESAPnmduIOtQ=; b=tqWo8PXu6ovdko4qzbADb7n4oSln8PheUZrAqZk9fEv0nZJhuBoJSjTM9/SN7vWEu1 qKT7Ri6ZJeMVp3KjNeoKTKBl4qwp1nulLZR7cGfJaWktPx0esrJOniHFeg3bGd1fCEke esaRhDIbIFtiNe/EeJU+RCToYRAxLjwqLzuIalnfELFipnFZG7xhxjaXvZMRAPNK/Pe9 nPcBQ5tdGEWULhHEHszXJY4F30qOqk4AHbNo+BZA3j+YrlBRI3ezqFluYO5jpz+SJ2uZ SB4hD7/3XPHyqNl3bTzzidZ8HTVfmADkd2+8NcXYue9b8ooAEtNn0uywyu+iAB7ewKHH YaHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=3ngRI5ZE4EnTpsNRSIEMGBHk0WT/J7gESAPnmduIOtQ=; b=HbvCyZOYoroNOFPDFuCqoJXaBVM1LhTOuiHFsA2W3RCmVful1qq58Ne7wtB6VU8coS 5oyQ0btDsO3/FOENCI4QIMt98skydbCS8XDBAgZYvhTZPirvvyNe47QbiiMu4r9mSAg3 NgykgTGtwPHSGitIypgBFtlEduvYvwUnst+I0kYSVyJ2vA3xKl48jNUY9OFY6dWwRtx1 RxRnHkryIOkPsH/oXtpNnSQMyUyxqSPRCt+FImYAtFa3h9F5TSqdhlSQQKxkJpJP1Bf7 qRJMrV1VB959yjZ95TBJwa0xaUXqzKbdKClk7cOb4RtXUrUn9FOCZuS5b/lcyt98Fnlh u+iw== X-Gm-Message-State: APjAAAWVt3CFcnj0AqzWBAcDsGKrnXaydz3Cg6/NO8Bmh2GqlcYgkAzJ Ro7bIKs+gnivIrJl7YAa06lIjsUG X-Google-Smtp-Source: APXvYqzodaJ+Fa1uJxSJbwdAHnFa9kpRsXe/azX8KHGeez8vaJ2hep9ow1sR8JHGScg0kzoyOHX2EA== X-Received: by 2002:a17:902:9a84:: with SMTP id w4mr5595006plp.324.1579362020787; Sat, 18 Jan 2020 07:40:20 -0800 (PST) Received: from [192.168.2.183] (64-52-176-132.championbroadband.com. [64.52.176.132]) by smtp.gmail.com with ESMTPSA id y21sm33297965pfm.136.2020.01.18.07.40.19 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 18 Jan 2020 07:40:20 -0800 (PST) From: Matt Wette Message-ID: Date: Sat, 18 Jan 2020 07:40:18 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::632 X-Spam-Score: 0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Hi All, I appologize for the formatting.  I use tbird and I can't find a way to do plain-text mode. I'm trying to get guix-1.0.1 running on Fedora-30 with its default SElinux set up. I found (hint from https://lists.gnu.org/archive/html/guix-devel/2019-05/msg00109.html) that the guix-daemon.cil file seems to be missing a few items. Without this patch     # restorecon -R /gnu/store fails. --- guix-daemon.cil.orig    2020-01-18 07:08:12.905986299 -0800 +++ guix-daemon.cil    2020-01-18 07:09:49.765737261 -0800 @@ -34,14 +34,19 @@    (roletype object_r guix_daemon_t)    (type guix_daemon_conf_t)    (roletype object_r guix_daemon_conf_t) +  (typeattributeset file_type guix_daemon_conf_t)    (type guix_daemon_exec_t)    (roletype object_r guix_daemon_exec_t) +  (typeattributeset file_type guix_daemon_exec_t)    (type guix_daemon_socket_t)    (roletype object_r guix_daemon_socket_t) +  (typeattributeset file_type guix_daemon_socket_t)    (type guix_store_content_t)    (roletype object_r guix_store_content_t) +  (typeattributeset file_type guix_store_content_t)    (type guix_profiles_t)    (roletype object_r guix_profiles_t) +  (typeattributeset file_type guix_profiles_t)    ;; These types are domains, thereby allowing process rules    (typeattributeset domain (guix_daemon_t guix_daemon_exec_t)) From unknown Fri Jun 13 11:32:56 2025 X-Loop: help-debbugs@gnu.org Subject: bug#39172: SElinux guix-daemon.cil file Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 20 Jan 2020 09:15:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 39172 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Matt Wette , Ricardo Wurmus Cc: 39172@debbugs.gnu.org Received: via spool by 39172-submit@debbugs.gnu.org id=B39172.157951164827141 (code B ref 39172); Mon, 20 Jan 2020 09:15:01 +0000 Received: (at 39172) by debbugs.gnu.org; 20 Jan 2020 09:14:08 +0000 Received: from localhost ([127.0.0.1]:44350 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1itT8G-00073e-DT for submit@debbugs.gnu.org; Mon, 20 Jan 2020 04:14:08 -0500 Received: from eggs.gnu.org ([209.51.188.92]:45533) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1itT8A-00072x-JH for 39172@debbugs.gnu.org; Mon, 20 Jan 2020 04:14:02 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:48377) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1itT85-0003WO-Di; Mon, 20 Jan 2020 04:13:53 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=54566 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1itT84-0007pb-UK; Mon, 20 Jan 2020 04:13:53 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 1 =?UTF-8?Q?Pluvi=C3=B4se?= an 228 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 20 Jan 2020 10:13:50 +0100 In-Reply-To: (Matt Wette's message of "Sat, 18 Jan 2020 07:40:18 -0800") Message-ID: <87h80qij75.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Matt, Matt Wette skribis: > I'm trying to get guix-1.0.1 running on Fedora-30 with its default > SElinux set up. > I found (hint from > https://lists.gnu.org/archive/html/guix-devel/2019-05/msg00109.html) > that the guix-daemon.cil file seems to be missing a few items. Without > this patch > =C2=A0=C2=A0=C2=A0 # restorecon -R /gnu/store > fails. OK, thanks for finding it out! > --- guix-daemon.cil.orig=C2=A0=C2=A0=C2=A0 2020-01-18 07:08:12.905986299 = -0800 > +++ guix-daemon.cil=C2=A0=C2=A0=C2=A0 2020-01-18 07:09:49.765737261 -0800 > @@ -34,14 +34,19 @@ > =C2=A0=C2=A0 (roletype object_r guix_daemon_t) > =C2=A0=C2=A0 (type guix_daemon_conf_t) > =C2=A0=C2=A0 (roletype object_r guix_daemon_conf_t) > +=C2=A0 (typeattributeset file_type guix_daemon_conf_t) > =C2=A0=C2=A0 (type guix_daemon_exec_t) > =C2=A0=C2=A0 (roletype object_r guix_daemon_exec_t) > +=C2=A0 (typeattributeset file_type guix_daemon_exec_t) > =C2=A0=C2=A0 (type guix_daemon_socket_t) > =C2=A0=C2=A0 (roletype object_r guix_daemon_socket_t) > +=C2=A0 (typeattributeset file_type guix_daemon_socket_t) > =C2=A0=C2=A0 (type guix_store_content_t) > =C2=A0=C2=A0 (roletype object_r guix_store_content_t) > +=C2=A0 (typeattributeset file_type guix_store_content_t) > =C2=A0=C2=A0 (type guix_profiles_t) > =C2=A0=C2=A0 (roletype object_r guix_profiles_t) > +=C2=A0 (typeattributeset file_type guix_profiles_t) > > =C2=A0=C2=A0 ;; These types are domains, thereby allowing process rules > =C2=A0=C2=A0 (typeattributeset domain (guix_daemon_t guix_daemon_exec_t)) Ricardo, WDYT? I know nothing about this config file so I=E2=80=99d rather= have your approval before pushing. Ludo=E2=80=99. From unknown Fri Jun 13 11:32:56 2025 X-Loop: help-debbugs@gnu.org Subject: bug#39172: SElinux guix-daemon.cil file Resent-From: Ricardo Wurmus Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 20 Jan 2020 10:36:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 39172 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 39172@debbugs.gnu.org, Matt Wette Received: via spool by 39172-submit@debbugs.gnu.org id=B39172.157951656017361 (code B ref 39172); Mon, 20 Jan 2020 10:36:02 +0000 Received: (at 39172) by debbugs.gnu.org; 20 Jan 2020 10:36:00 +0000 Received: from localhost ([127.0.0.1]:44409 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1itUPU-0004Vt-KL for submit@debbugs.gnu.org; Mon, 20 Jan 2020 05:36:00 -0500 Received: from sender4-of-o51.zoho.com ([136.143.188.51]:21121) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1itUPP-0004Vi-Uc for 39172@debbugs.gnu.org; Mon, 20 Jan 2020 05:35:55 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1579516545; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=uwDbtTLEO78zB01a1ia1e1Q9mnK18D6qK6hrMws1R+U=; b=axNBnSSWiQ6bxtDHeA+flzAb9ZmfGaHFV+gVmE9uf3wXZv4u3iCHf68nsf6cVxg2 7OsTBwJeF+7evNc60zmR/2EXoMX17iPKacryGk6UmLZZD1QRe3ySYIxiN9pc3d/w39C DoSEqmw2pG5HEaRR6zN010/IMgWFQwmdHUFRNiL8= Received: from localhost (p54AD4D30.dip0.t-ipconnect.de [84.173.77.48]) by mx.zohomail.com with SMTPS id 1579516540995804.3675643051664; Mon, 20 Jan 2020 02:35:40 -0800 (PST) References: <87h80qij75.fsf@gnu.org> User-agent: mu4e 1.2.0; emacs 26.3 From: Ricardo Wurmus In-reply-to: <87h80qij75.fsf@gnu.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Mon, 20 Jan 2020 11:35:36 +0100 Message-ID: <87iml6wh3b.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Ludovic Court=C3=A8s writes: > Hi Matt, > > Matt Wette skribis: > >> I'm trying to get guix-1.0.1 running on Fedora-30 with its default >> SElinux set up. >> I found (hint from >> https://lists.gnu.org/archive/html/guix-devel/2019-05/msg00109.html) >> that the guix-daemon.cil file seems to be missing a few items. Without >> this patch >> # restorecon -R /gnu/store >> fails. > > OK, thanks for finding it out! > >> --- guix-daemon.cil.orig 2020-01-18 07:08:12.905986299 -0800 >> +++ guix-daemon.cil 2020-01-18 07:09:49.765737261 -0800 >> @@ -34,14 +34,19 @@ >> (roletype object_r guix_daemon_t) >> (type guix_daemon_conf_t) >> (roletype object_r guix_daemon_conf_t) >> + (typeattributeset file_type guix_daemon_conf_t) >> (type guix_daemon_exec_t) >> (roletype object_r guix_daemon_exec_t) >> + (typeattributeset file_type guix_daemon_exec_t) >> (type guix_daemon_socket_t) >> (roletype object_r guix_daemon_socket_t) >> + (typeattributeset file_type guix_daemon_socket_t) >> (type guix_store_content_t) >> (roletype object_r guix_store_content_t) >> + (typeattributeset file_type guix_store_content_t) >> (type guix_profiles_t) >> (roletype object_r guix_profiles_t) >> + (typeattributeset file_type guix_profiles_t) >> >> ;; These types are domains, thereby allowing process rules >> (typeattributeset domain (guix_daemon_t guix_daemon_exec_t)) > > Ricardo, WDYT? I know nothing about this config file so I=E2=80=99d rath= er have > your approval before pushing. Could we also do this in one expression? (typeattributeset file_type (or guix_profiles_t guix_daemon_conf_t guix_daemon_exec_t guix_daemon_socket_t guix_store_content_t)) I also think we need to declare our use of =E2=80=9Cfile_type=E2=80=9D firs= t: (typeattribute file_type) What do you think? --=20 Ricardo From unknown Fri Jun 13 11:32:56 2025 X-Loop: help-debbugs@gnu.org Subject: bug#39172: SElinux guix-daemon.cil file Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 27 Jan 2020 21:51:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 39172 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ricardo Wurmus Cc: 39172@debbugs.gnu.org, Matt Wette Received: via spool by 39172-submit@debbugs.gnu.org id=B39172.15801618399330 (code B ref 39172); Mon, 27 Jan 2020 21:51:01 +0000 Received: (at 39172) by debbugs.gnu.org; 27 Jan 2020 21:50:39 +0000 Received: from localhost ([127.0.0.1]:59134 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iwCHH-0002QQ-09 for submit@debbugs.gnu.org; Mon, 27 Jan 2020 16:50:39 -0500 Received: from eggs.gnu.org ([209.51.188.92]:56713) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iwCHF-0002QB-Ds for 39172@debbugs.gnu.org; Mon, 27 Jan 2020 16:50:37 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:42516) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1iwCHA-0005t6-6D; Mon, 27 Jan 2020 16:50:32 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=55762 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1iwCH9-0006cE-Bq; Mon, 27 Jan 2020 16:50:31 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87h80qij75.fsf@gnu.org> <87iml6wh3b.fsf@elephly.net> Date: Mon, 27 Jan 2020 22:50:29 +0100 In-Reply-To: <87iml6wh3b.fsf@elephly.net> (Ricardo Wurmus's message of "Mon, 20 Jan 2020 11:35:36 +0100") Message-ID: <87d0b4fu1m.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hello, Ricardo Wurmus skribis: > Could we also do this in one expression? > > (typeattributeset file_type (or guix_profiles_t > guix_daemon_conf_t > guix_daemon_exec_t > guix_daemon_socket_t > guix_store_content_t)) > > I also think we need to declare our use of =E2=80=9Cfile_type=E2=80=9D fi= rst: > > (typeattribute file_type) > > What do you think? Matt, does what Ricardo proposes work for you? TIA, Ludo=E2=80=99. From unknown Fri Jun 13 11:32:56 2025 X-Loop: help-debbugs@gnu.org Subject: bug#39172: SElinux guix-daemon.cil file Resent-From: Matt Wette Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 28 Jan 2020 13:46:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 39172 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= , Ricardo Wurmus Cc: 39172@debbugs.gnu.org Received: via spool by 39172-submit@debbugs.gnu.org id=B39172.158021914831940 (code B ref 39172); Tue, 28 Jan 2020 13:46:01 +0000 Received: (at 39172) by debbugs.gnu.org; 28 Jan 2020 13:45:48 +0000 Received: from localhost ([127.0.0.1]:59721 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iwRBc-0008J6-LX for submit@debbugs.gnu.org; Tue, 28 Jan 2020 08:45:48 -0500 Received: from mail-pg1-f181.google.com ([209.85.215.181]:44673) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iwRBb-0008Ip-CX for 39172@debbugs.gnu.org; Tue, 28 Jan 2020 08:45:47 -0500 Received: by mail-pg1-f181.google.com with SMTP id x7so6985726pgl.11 for <39172@debbugs.gnu.org>; Tue, 28 Jan 2020 05:45:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=S5q6oVlmi1CKQRUvLgN+cH3j1q5XwkUhupu5Ajy8jAQ=; b=NIXqXipcrjApT5+BQX1XVHTRS6H1UDiqvZW2TqDu+1qy4FdFY/YzqHIsKitGEs+6qz ogNKwlLkRYe7rsnIml0xrgDpRLH6iUJlAG4bwofQK1IuoQx9CmmvHnNkSBTR3m3Q9oNG OdFI59n+3EIbVYiYShMWcyXEcNp+DIYUq6eCV7dbQoHrUyr8vmsVr6qnq7+Sf8MMlAwP UomwtWJYkeLlvYdeI8cLl4D1wy5KyGwCPCUC+1vCd7Aq1avOa4lN0amo07mea5+SP8sl CLqd6B3hYNN+z1uDfzVvH9Z8yWHw5YXwM6dIjwnOWl1t77+jGsN7pmDwolVZRujJ25t2 16+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=S5q6oVlmi1CKQRUvLgN+cH3j1q5XwkUhupu5Ajy8jAQ=; b=pw9Tpz7Iqbll8LJwxJcLEACajpwQ7Q/O+8Vh2KwgRNwY2dVlMt2XyNECb7f09J3ycY 0exwI1hjRmwPGRbZ8XnHv0HjvNou153V5NIqyL3JKDFK1nsbQn8oZLRaF9M/oWbwV71J eNPJbB72fcm2e+xfA8Sn8Tc1OCTvEeCBTKYh0w320oAMxgT3nhNSeDLyoQR3X2WiKHgl ut8bZuM01Qyk3wdQp1Twmg7W/yrntEIO8bnOI5Bktj/Hd2qqs3zCLGyJsN/B5ILv1erx 3dsHLDxCRKhzQci8td0lgvTvEdwVT0EpeC76iL9g7Lbd16SYTgk2DU/sIxjPw+5xkyqf KEUA== X-Gm-Message-State: APjAAAVe8zAubTwhix8Kn8b/269HXwqRkW6dfpAviGOcNTiyQZ7Rr9+d 1FT2m3nKbOzdmqT8/MgesAMs6hmJ X-Google-Smtp-Source: APXvYqzPsffmqc/0RuJzKfaonLq4RIjhBr6ROElNPbDxDVqd9+tX32v0QQTzmlaYgtojr56+gu6N6w== X-Received: by 2002:a63:d802:: with SMTP id b2mr24793503pgh.414.1580219140917; Tue, 28 Jan 2020 05:45:40 -0800 (PST) Received: from [192.168.2.183] (64-52-176-132.championbroadband.com. [64.52.176.132]) by smtp.gmail.com with ESMTPSA id i17sm20024953pfr.67.2020.01.28.05.45.39 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 28 Jan 2020 05:45:40 -0800 (PST) References: <87h80qij75.fsf@gnu.org> <87iml6wh3b.fsf@elephly.net> <87d0b4fu1m.fsf@gnu.org> From: Matt Wette Message-ID: <523bc412-7451-3d32-6ab5-854fab4063ff@gmail.com> Date: Tue, 28 Jan 2020 05:45:38 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: <87d0b4fu1m.fsf@gnu.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On 1/27/20 1:50 PM, Ludovic Courtès wrote: > Hello, > > Ricardo Wurmus skribis: > >> Could we also do this in one expression? >> >> (typeattributeset file_type (or guix_profiles_t >> guix_daemon_conf_t >> guix_daemon_exec_t >> guix_daemon_socket_t >> guix_store_content_t)) >> >> I also think we need to declare our use of “file_type” first: >> >> (typeattribute file_type) >> >> What do you think? > Matt, does what Ricardo proposes work for you? > I can add that and see if it helps.  I am just coming up to speed on this. There are other changes I may be proposing. Note that use of     (block guix_daemon         ... guix_daemon_conf_t     ) results in the type guix_daemon.guix_daemon_conf_t.   According to     https://github.com/SELinuxProject/cil/wiki the convention is something like the following, with added typealias      (block guix        ... daemon_conf      )     (typealias guix.daemon_conf guix_daemon_conf_t)