Selinux problems

[Dariqq]

Hi all,

Over the last couple of days i have been playing around with rpm 
packaging and managed to put guix and dependencies into packages to 
install on my fedora system.

However i am getting a lot of selinux errors while things work on 
another fedora+selinux machine with guix installed through the install 
script.

The daemon is the 1.4.0 one with the 2 patches for the recent security 
issue and i added all patches to the selinux policy since the release.


 - Denied guix-daemon exec on /usr/bin/guix
 - Denied guix        exec on /usr/libexec/guix/guile

I was able to to work around these by adding a rule labeling these as 
guix_store_content_t which is a bit wrong. Is there a better way for this?

I am now able to install things, etc but still there are some selinux errors

During downloading of things selinux is blocking loading
guile cache files: 
/usr/lib64/guile/3.0/site-ccache/guix/scripts/publish.go, 
*/substitute.go and */discover.go.

- Some things related to systemd-userdb (guix-daemon is denied accessing 
things in /run/systemd/userdb/). I don't why this is an issue in this 
case and not with the install script

Any ideas how i could tweak the policy to allow this?
Thanks
Dariqq