doc: Add a note about SELinux relabeling after upgrades to guix-daemon.

* doc/guix.texi (SELinux Support): Add note about upgrades. Signed-off-by: Marius Bakke <marius@gnu.org>
2020-11-14 08:04:30 -08:00 · 2020-11-14 08:04:30 -08:00 · 0fd87768e4
parent 67d905ee79
commit 0fd87768e4
1 changed files with 6 additions and 0 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -83,6 +83,7 @@ Copyright @copyright{} 2020 pinoaffe@*
 Copyright @copyright{} 2020 André Batista@*
 Copyright @copyright{} 2020 Alexandru-Sergiu Marton@*
 Copyright @copyright{} 2020 raingloom@*
+Copyright @copyright{} 2020 Daniel Brooks@*

 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@ -1398,6 +1399,11 @@ install and run it, which lifts it into the @code{guix_daemon_t} domain.
 At that point SELinux could not prevent it from accessing files that are
 allowed for processes in that domain.

+You will need to relabel the store directory after all upgrades to
+@file{guix-daemon}, such as after running @code{guix pull}.  Assuming the
+store is in @file{/gnu}, you can do this with @code{restorecon -vR /gnu},
+or by other means provided by your operating system.
+
 We could generate a much more restrictive policy at installation time,
 so that only the @emph{exact} file name of the currently installed
@code{guix-daemon} executable would be labelled with