GNU bug report logs - #71226
‘guix shell -C’ doesn’t work on Ubuntu 24.04

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludovic.courtes <at> inria.fr>

Date: Mon, 27 May 2024 14:56:01 UTC

Severity: important

Full log

View this message in rfc822 format

From: Ricardo Wurmus <rekado <at> elephly.net>
To: Marek Felšöci <marek.felsoci <at> lip6.fr>
Cc: 71226 <at> debbugs.gnu.org, Ludovic Courtès <ludo <at> gnu.org>
Subject: bug#71226: ‘guix shell -C’ doesn’t work on Ubuntu 24.04
Date: Tue, 14 Jan 2025 10:32:11 +0100

Marek Felšöci <marek.felsoci <at> lip6.fr> writes:

> I get an access denied error on the ".guix/channels.scm" file which I
> own and have access to.
>
> I tried to play around with the AppArmor profile, but with no
> success. Are we still missing something?

Do you see any relevant information in the AppArmor logs?

I'm not familiar with AppArmor, but in SELinux there's the concept of
type transitions.  "guix time-machine" builds a directory and then
executes "bin/guix" from that store location.  In SELinux you would need
to explicitly allow for that transition, so that
$HOME/.config/current/bin/guix can preserve its type when executing the
independent /gnu/store/.../bin/guix.

(Looking at our SELinux policy it seems to me that we're missing a type
transition for this case, so I would assume that "guix time-machine"
also doesn't work on a system where SELinux is enforcing policies.)

-- 
Ricardo
This bug report was last modified 22 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.