etc: apparmor.d: Fix "guix-daemon/guix-builder" policy.

Currently Guix daemon would always fail to build packages that require execution of programs and scripts in "/tmp" directory (e.g. in "bootstrap" phase) on foreign distributions that use AppArmor as it denies such requests due to policy restrictions. This patch fixes "guix-daemon" AppArmor policy by allowing execution of programs in "/tmp" for "guix-builder". See <https://codeberg.org/guix/guix/issues/6501> * etc/apparmor.d/guix-daemon: Fix permissions for guix-daemon/guix-builder. Change-Id: Ib6a33fcc035011d7045da03346f3afeb598b7d7a Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
author: Artyom V. Poptsov <poptsov.artyom@gmail.com> 2026-03-06 15:55:19 +0300
committer: Efraim Flashner <efraim@flashner.co.il> 2026-03-08 11:31:02 +0200
commit: 8ead7a983706bc9ac7647a7b017d08b7bc1aadaa (patch)
tree: 3a5b909b1bd6aba807ecc08969e57839db677264 /etc
parent: 90d5f4f76ab09f589ed6ac4afe0ce19de7b141d7 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/apparmor.d/guix-daemon b/etc/apparmor.d/guix-daemon
index cb1ee92685c..9ca9792030a 100644
--- a/etc/apparmor.d/guix-daemon
+++ b/etc/apparmor.d/guix-daemon
@@ -51,7 +51,7 @@ profile guix-daemon @{guix_storedir}/*-{guix-daemon,guix}-*/bin/guix-daemon flag
 
     @{guix_storedir}/** rwlmkux,
 
-    owner /tmp/** rw,
+    owner /tmp/** rwux,
 
     @{PROC}/@{pid}/fd/ r,
author	Artyom V. Poptsov <poptsov.artyom@gmail.com>	2026-03-06 15:55:19 +0300
committer	Efraim Flashner <efraim@flashner.co.il>	2026-03-08 11:31:02 +0200
commit	8ead7a983706bc9ac7647a7b017d08b7bc1aadaa (patch)
tree	3a5b909b1bd6aba807ecc08969e57839db677264 /etc
parent	90d5f4f76ab09f589ed6ac4afe0ce19de7b141d7 (diff)