blob: d0db485b9f7f38ce58a4147533d6ecef68ebcbdc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
|
abi <abi/4.0>,
include <tunables/global>
include <tunables/guix>
# There’s no point in confining the guix executable, since it can run
# any user code and so everything is expected. We just need to
# explicitly enable userns for systems with the
# kernel.apparmor_restrict_unprivileged_userns sysctl.
profile guix @{guix_storedir}/{*-guix-command,*-guix-*/bin/guix} flags=(unconfined) {
userns,
}
|
