01/02: doc: Add a note about SELinux relabeling after upgrades to guix-daemon.

[guix-commits]

mbakke pushed a commit to branch master
in repository guix.

commit 0fd87768e47f9e429d8c0ec9ac4e7928832ff33b
Author: Daniel Brooks <db48x@db48x.net>
AuthorDate: Sat Nov 14 08:04:30 2020 -0800

    doc: Add a note about SELinux relabeling after upgrades to guix-daemon.
    
    * doc/guix.texi (SELinux Support): Add note about upgrades.
    
    Signed-off-by: Marius Bakke <marius@gnu.org>
---
 doc/guix.texi | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 2864c65..2f3a474 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -83,6 +83,7 @@ Copyright @copyright{} 2020 pinoaffe@*
 Copyright @copyright{} 2020 André Batista@*
 Copyright @copyright{} 2020 Alexandru-Sergiu Marton@*
 Copyright @copyright{} 2020 raingloom@*
+Copyright @copyright{} 2020 Daniel Brooks@*
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1398,6 +1399,11 @@ install and run it, which lifts it into the 
@code{guix_daemon_t} domain.
 At that point SELinux could not prevent it from accessing files that are
 allowed for processes in that domain.
 
+You will need to relabel the store directory after all upgrades to
+@file{guix-daemon}, such as after running @code{guix pull}.  Assuming the
+store is in @file{/gnu}, you can do this with @code{restorecon -vR /gnu},
+or by other means provided by your operating system.
+
 We could generate a much more restrictive policy at installation time,
 so that only the @emph{exact} file name of the currently installed
 @code{guix-daemon} executable would be labelled with