etc: Add more SELinux permissions for the daemon.

* etc/guix-daemon.cil.in (guix_daemon): Permit file appending, setattr,
read/write UDP sockets, access to tmpfs and hugetlbfs, and connecting to
PostgreSQL.

etc/guix-daemon.cil.in

@@ -264,6 +264,7 @@
                 link unlink
                 map
                 rename
+                append
                 open read write relabelfrom)))
   (allow guix_daemon_t
          guix_store_content_t
@@ -277,7 +278,7 @@
          (fifo_file (create getattr open read unlink write)))
   (allow guix_daemon_t
          guix_store_content_t
-         (sock_file (create getattr unlink write)))
+         (sock_file (create getattr setattr unlink write)))
 
   ;; Access to configuration files and directories
   (allow guix_daemon_t
@@ -362,7 +363,7 @@
          (tcp_socket (name_bind name_connect accept listen)))
   (allow guix_daemon_t
          self
-         (udp_socket (connect getattr bind getopt setopt)))
+         (udp_socket (connect getattr bind getopt setopt read write)))
   (allow guix_daemon_t
          self
          (fifo_file (write read)))
@@ -376,6 +377,7 @@
          self
          (unix_dgram_socket (create bind connect sendto read write)))
 
+  ;; For some esoteric build jobs (i.e. PostgreSQL).
   (allow guix_daemon_t
          node_t
          (tcp_socket (node_bind)))
@@ -385,6 +387,15 @@
   (allow guix_daemon_t
          port_t
          (tcp_socket (name_connect)))
+  (allow guix_daemon_t
+         tmpfs_t
+         (file (map read write)))
+  (allow guix_daemon_t
+         hugetlbfs_t
+         (file (map read write)))
+  (allow guix_daemon_t
+         postgresql_port_t
+         (tcp_socket (name_connect name_bind)))
   (allow guix_daemon_t
          rtp_media_port_t
          (udp_socket (name_bind)))