etc: SELinux: Allow daemon to search run state directories.

* etc/guix-daemon.cil.in: Import types init_var_run_t and
system_dbusd_var_run_t; add rules.

etc/guix-daemon.cil.in

@@ -1,6 +1,6 @@
 ; -*- lisp -*-
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2018, 2022 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2020 Daniel Brooks <db48x@db48x.net>
 ;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
 ;;;
@@ -37,11 +37,13 @@
 
 (block guix_daemon
   ;; Require existing types
-  (typeattributeset cil_gen_require init_t)
-  (typeattributeset cil_gen_require tmp_t)
-  (typeattributeset cil_gen_require nscd_var_run_t)
-  (typeattributeset cil_gen_require var_log_t)
   (typeattributeset cil_gen_require domain)
+  (typeattributeset cil_gen_require init_t)
+  (typeattributeset cil_gen_require init_var_run_t)
+  (typeattributeset cil_gen_require nscd_var_run_t)
+  (typeattributeset cil_gen_require system_dbusd_var_run_t)
+  (typeattributeset cil_gen_require tmp_t)
+  (typeattributeset cil_gen_require var_log_t)
 
   ;; Declare own types
   (type guix_daemon_t)
@@ -284,6 +286,14 @@
          guix_store_content_t
          (sock_file (create getattr setattr unlink write)))
 
+  ;; Access to run state directories
+  (allow guix_daemon_t
+         system_dbusd_var_run_t
+         (dir (search)))
+  (allow guix_daemon_t
+         init_var_run_t
+         (dir (search)))
+
   ;; Access to configuration files and directories
   (allow guix_daemon_t
          guix_daemon_conf_t