Skip to content

Instantly share code, notes, and snippets.

@worstname
Last active February 22, 2022 14:30
Show Gist options
  • Save worstname/e8c33b4a0c5199bcf6cd5e99824feb1a to your computer and use it in GitHub Desktop.
Save worstname/e8c33b4a0c5199bcf6cd5e99824feb1a to your computer and use it in GitHub Desktop.
How to get the Guix daemon working on Fedora

The Problem

Because of SELinux, the Guix daemon service will fail to start on Fedora.

× guix-daemon.service - Build daemon for GNU Guix
     Loaded: loaded (/etc/systemd/system/guix-daemon.service; enabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Mon 2021-12-06 09:44:40 MST; 8s ago
    Process: 1253800 ExecStart=/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild (code=exited, status=203/EXEC)
   Main PID: 1253800 (code=exited, status=203/EXEC)
        CPU: 1ms

Dec 06 09:44:40 f systemd[1]: Started Build daemon for GNU Guix.
Dec 06 09:44:40 f systemd[1253800]: guix-daemon.service: Failed to locate executable /var/guix/profiles/per-user/root/current-guix/bin/guix-daemon: Permission denied
Dec 06 09:44:40 f systemd[1253800]: guix-daemon.service: Failed at step EXEC spawning /var/guix/profiles/per-user/root/current-guix/bin/guix-daemon: Permission denied
Dec 06 09:44:40 f systemd[1]: guix-daemon.service: Main process exited, code=exited, status=203/EXEC
Dec 06 09:44:40 f systemd[1]: guix-daemon.service: Failed with result 'exit-code'.

Why? Who knows. The Guix manual talks about SELinux and apparently the policy file they provide works, but it hasn't for me as of yet on Fedora 33 and 34.

https://guix.gnu.org/en/manual/en/guix.html#SELinux-Support

The Solution

Edit /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted

Now reboot.

We're basically disabling SELinux. Yells at us in the background apparently but ignorance is bliss.
https://docs.fedoraproject.org/en-US/quick-docs/changing-selinux-states-and-modes/#selinux-changing-to-permissive-mode

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment